hashicorp-vaultvault

fetch a specific KV pair from a set of KVs defined at a path


In Hashicorp vault, how do I fetch a specific KV pair from a set of KVs I have defined at a certain path?

For eg, if I define multiple key-value pairs under /mysecrets, I have to do this:

http://localhost:8200/v1/kv/data/mysecrets

...and it fetches all pairs.

If I try:

http://localhost:8200/v1/kv/data/mysecrets/key1

I get

{
    "errors": []
}

Solution

  • As confirmed by the API documentation, the endpoints and parameters only support retrieving a KV2 secret at a specific version and engine mount path. If you want to return only a single key-value pair within the secret, then you must parse the HTTP response. For example, one could use jq for this task if e.g. a curl command is also being executed as the response will be a string in JSON format and output to stdout. For example, a secret my_secret with key foo could be output to stdout like:

    curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/secret/data/my_secret | jq -r ".data.data.foo"
    

    There are other ways to parse the response for only a single key value pair in the secret using the various Vault SDKs as well if you prefer that route.