Can't read secret with key other than 'value' #42
Comments
|
I think that you're right that this crate doesn't support writing to more complex keys that {"key": "value"}, but that could be worth working on. In terms of some early thinking about what that API may look like would be something generic over secret data, along these lines: /// Saves a secret
///
/// ```
/// # extern crate hashicorp_vault as vault;
/// # use vault::Client;
///
/// #[derive(Deserialize, Serialize)]
/// struct MyThing {
/// awesome: String,
/// thing: String,
/// }
/// let host = "http://127.0.0.1:8200";
/// let token = "test12345";
/// let client = Client::new(host, token).unwrap();
/// let secret = MyThing {
/// awesome: "I really am cool".into(),
/// thing: "this is also in the secret".into(),
/// };
/// let res = client.set_custom_secret("hello_set", &secret);
/// assert!(res.is_ok());
/// ```
pub fn set_custom_secret<S1, T>(&self, secret_name: S1, secret: &T) -> Result<()>
where S1: Into<String>,
T: Serialize {
let _ = self.post::<_, String>(
&format!("/v1/secret/data/{}", secret_name.into())[..],
Some(
&secret.to_string()?,
),
None,
)?;
Ok(())
}
///
/// Fetches a saved secret
///
/// ```
/// # extern crate hashicorp_vault as vault;
/// # use vault::Client;
///
/// #[derive(Deserialize, Serialize)]
/// struct MyThing {
/// awesome: String,
/// thing: String,
/// }
/// let host = "http://127.0.0.1:8200";
/// let token = "test12345";
/// let client = Client::new(host, token).unwrap();
/// let secret = MyThing {
/// awesome: "I really am cool".into(),
/// thing: "this is also in the secret".into(),
/// };
/// let res = client.set_custom_secret("hello_set", &secret);
/// assert!(res.is_ok());
/// let res: MyThing = client.get_custom_secret("hello_get");
/// assert!(res.is_ok());
/// assert_eq!(res.unwrap().awesome, "I really am cool");
/// assert_eq!(res.unwrap().thing, "this is also in the secret");
/// ```
pub fn get_custom_secret<S: AsRef<str>, T: Deserialize>(&self, secret_name: S) -> Result<T> {
let res = self.get::<_, String>(&format!("/v1/secret/data/{}", key.as_ref())[..], None)?;
let decoded: VaultResponse<SecretDataWrapper<T>> = parse_vault_response(res)?;
match decoded.data {
Some(data) => Ok(data.data),
_ => Err(Error::Vault(format!(
"No secret found in response: `{:#?}`",
decoded
))),
}
}As noted in the doc strings above, this could allow passing in a custom struct that allows serializing and deserializing a custom type, rather than requiring a strict |
|
That looks like a good addition. Do you have an ETA for when it will be ready? Thank you! |
ChrisMacNaughton
added a commit
that referenced
this issue
Feb 10, 2021
This change additionally refactors the default secret methods, `get_secret` and `set_secret` to use the new custom get and set methods with a new internal type. Closes #42
ChrisMacNaughton
added a commit
that referenced
this issue
Feb 10, 2021
This change additionally refactors the default secret methods, `get_secret` and `set_secret` to use the new custom get and set methods with a new internal type. Closes #42
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @ChrisMacNaughton,
thanks for creating this library. This is my first time playing around with rust so excuse if this is a user error.
I'm trying to read an existing secret from vault, e.g
Creating a secret using your crate always writes them as:
As it stands I'm not able to retrieve a secret with a custom key as serde fails to deserialize:
Err(SerdeJson(Error("missing fieldvalue", line: 1, column: 128)))I believe this is caused by the
SecretDatadeclaration https://github.com/ChrisMacNaughton/vault-rs/blob/master/src/client/mod.rs#L292 called here.I couldn't find an API that allows me to set the key explicitly when calling
get_secret.Am I missing something or is this indeed not supported right now?
Thanks!
The text was updated successfully, but these errors were encountered: