Skip to content

New role to read keys of secrets but not the values #31978

Description

@georgeamason

Is your feature request related to a problem? Please describe.
In our org we have two paths under a particular secrets engine; those being prod and staging. We have full access to the staging path i.e. we can read and view all secret information - keys and values. With the prod path we can't view either the secret key or value. We have to ask our internal infra team to let us know what the keys of the secrets are. We don't ever want to be able to see the secret values, just the keys.

Describe the solution you'd like
Add an extra role that can be assigned to users for viewing the keys of secrets.

Describe alternatives you've considered
With the advent of v2 engines, we have used metadata to display the keys that are available under a certain secret path but v1 engine has no metadata.

Explain any additional use-cases
N/a

Additional context
{
"AdminUsr" : "joe.blogs",
"AdminPwd": "super-secret"
}
Add a role to only allow viewing AdminUser and AdminPwd

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions