Feature request: Enable key search in all secrets across engines in instance

[gsilvapt]

Is your feature request related to a problem? Please describe.
If we have multiple engines with different sets of permissions, it would be great to search for secret's keys. That way, by typing the name of a key, everything related should come up and I can get into that secret instead of trial and error that in all engines. But, it is crucial it still respect's the user's view permissions.

Describe the solution you'd like
Enable key search in all secrets across engines in an instance.

Describe alternatives you've considered
I have to open all engines and all secrets to check whether or not is that the one I want. Or ask where it is located.

Explain any additional use-cases

• If the same search is allowed but by value, one can check whether or not a given token is in use (say you find a secret in your code and you want to check whether or not it is in vault because, if it is, then you need to rotate it)

Additional context
--

[tyrannosaurus-becks]

Thanks for opening this request! It's very similar to #1973, but since it discusses typing behavior, I view it as more the UI side of that request, not a dupe.

Please do see the linked issue for additional discussion of this feature. Thanks again!

[gsilvapt]

From my understanding, I believe we need both to accomplish my proposal. Definitely UI related 👍 Thanks for triaging this so quickly.

[Monkeychip]

@gsilvapt For 1.14 we have implemented something along these lines in the UI. You can now filter the Secret Engines list by engine type or by name. See PR here that has a demo. However, we do not individually check the items in the list for permissions. We use the internal ui endpoint sys/internal/ui/mounts to return this list of secret engines—API docs here. The api documentation talks a little about policy and permissions.

[maxb]

You can now filter the Secret Engines list by engine type or by name.

The original poster was asking about a search functionality that would search the data stored inside KV secrets engines - not just the names of secret engines themselves, though.

[Monkeychip]

@maxb Thank you for calling that out. Re-reading, I can see the difference. For now—at least, we're limited to what information is returned to us on the sys/internal/ui/mounts endpoint.

[terowz]

this would be a great feature to implement if possible, once in a while want to grab something quick or on the go and having a search in the UI would be ideal.

[draggeta]

At this point I'd settle for being able to search just paths in KV. That would be helpful enough. And as for resource usage, I wonder if the search couldn't be run on the replicas. I'd say that everyone running Vault in production has multiple running (doing nothing but redirecting and replicating if I'm correct) and when they don't, it's probably small enough to be able to run on the master.