With the release of HashiCorp Vault 1.9.0, managing secrets has become even more streamlined and efficient. One of the standout features? The ability to update only specified secrets, giving users precise control over their credentials within Vault.
Imagine this: You want to update particular field(secret) in Vault location without touching others. Here, I shared a boilerplate code to how to achieve this.
#!/bin/bash
VAULT_ADDR="http://vault:8200"
VAULT_LOCATION="secret/data/global/artifactory" # kv2 secret engine
VAULT_TOKEN="<token>"
vaultExtraArgs=()
VAULT_REQUEST_TEST=$(curl -Ss --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/$VAULT_LOCATION | jq -r '.data?.data? // empty')
[[ "${VAULT_REQUEST_TEST}" ]] && vaultExtraArgs=(-X PATCH --header 'Content-Type: application/merge-patch+json') || vaultExtraArgs=(-X POST)
echo "${VAULT_REQUEST_TEST}"
jq -n --arg pass 'sos3cr3t' '{data:{password:$pass}}' | curl -Ss "${vaultExtraArgs[@]}" --header "X-Vault-Token: $VAULT_TOKEN" -d @- $VAULT_ADDR/v1/$VAULT_LOCATION
Note: The calling token must have an ACL policy granting the patch
capability.
Leave a Reply