In Hashicorp vault, how do I fetch a specific KV pair from a set of KVs I have defined at a certain path?
For eg, if I define multiple key-value pairs under /mysecrets, I have to do this:
http://localhost:8200/v1/kv/data/mysecrets
...and it fetches all pairs.
If I try:
http://localhost:8200/v1/kv/data/mysecrets/key1
I get
{
"errors": []
}
As confirmed by the API documentation, the endpoints and parameters only support retrieving a KV2 secret at a specific version and engine mount path. If you want to return only a single key-value pair within the secret, then you must parse the HTTP response. For example, one could use jq
for this task if e.g. a curl
command is also being executed as the response will be a string in JSON format and output to stdout. For example, a secret my_secret
with key foo
could be output to stdout like:
curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/secret/data/my_secret | jq -r ".data.data.foo"
There are other ways to parse the response for only a single key value pair in the secret using the various Vault SDKs as well if you prefer that route.