You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In a database plugin if root credential can't be specified in password field, it will not be masked in the output of vault read database/config/:name
More context:
My organization has internally developed a database plugin to create Artifactory token as a dynamic secret in Vault. Due to organizational constraints an API Key is used instead of admin username and password to create tokens dynamically.
The text was updated successfully, but these errors were encountered:
sebinjohn
changed the title
Ability to specify fields to be masked in database/config output.
[Feature Request] Ability to specify fields to be masked in database/config output.
Jan 10, 2020
Hello - as a workaround, is it possible to rename the api_key to password in the custom plugin? I believe that will get the desired effect, at the cost of a slight misnomer.
Long term, this seems like something that can be accomplished as you describe, though I would probably remove the sensitive keys instead of masking them. Adding a filter_keys type configuration variable that accepts a comma separated string, could then be used to filter out those keys from the ConnectionDetails map where the custom keys and data reside:
Is your feature request related to a problem? Please describe.
In a database plugin if root credential can't be specified in password field, it will not be masked in the output of
vault read database/config/:name
More context:
My organization has internally developed a database plugin to create Artifactory token as a dynamic secret in Vault. Due to organizational constraints an API Key is used instead of admin username and password to create tokens dynamically.
The plugin is configured as below.
The config would look like
Describe the solution you'd like
have a field in the
database/config/:name
to specify which field should be masked in the config output.eg:
and
database/config/:name
output will beThe text was updated successfully, but these errors were encountered: