I'm using the Python library 'hvac' to access Hashicorp Vault, and to create/update an existing key.
In Hashicorp Vault, I have 2 key/value pairs listed for the latest version. For example,
k1=111
k2=222
After I run the Python code below, a new 'version' is created in the Vault UI with the new 'k1' key value, but I loose the 'k2' key and value.
import hvac
client = hvac.Client(url='http://localhost:8200', token='hvs.xxxxxxxxxx')
client.secrets.kv.v2.create_or_update_secret(path='foo',secret=dict(k1='test123'))
Does anyone know what I'm doing wrong? I'm trying to perform the equivalent of 'create new version' from the Vault UI, but within Python.
For a Create or Update operation against the Vault API KV version 2 secrets engine you must specify all key-value pairs in the parameters as any unspecified pairs will not be considered part of the payload:
client.secrets.kv.v2.create_or_update_secret(path='foo',secret=dict(k1='test123', k2='222')
Alternatively one can use a Patch operation instead to retain any already present key-value pairs that are omitted from the payload parameters:
client.secrets.kv.v2.patch(path='foo',secret=dict(k1='test123'))