Reputation: 1070
When I enable a HashiCorp Vault secrets engine e.g. kv and add a secret is this accessible across vault users?
When I enable a HashiCorp Vault secrets engine e.g. kv and add a secret, is this accessible across vault users? If I add the secrets engine as the root user, is this accessible to any users that I add to HashiCorp Vault?
My thought seems to defeat the purpose of vault but I am trying to get an idea if a user creates a secret and it's embedded within an application and that employee leaves the company.
Upvotes: 0
Views: 1251
Answers (1)
Reputation: 3225
When I enable a HashiCorp Vault secrets engine e.g. kv and add a secret, is this accessible across vault users?
Each user has permissions attached to her, they are called policies. If those permissions allow access, then, the user has access.
You might want to check the official documentation out https://www.vaultproject.io/docs/concepts/policies
If I add the secrets engine as the root user, is this accessible to any users that I add to HashiCorp Vault?
It doesnt matter who creates the secrets (hint: its not recommended using root for anything than the initial setup).
To give you an example, you can have users that can create secrets
path "kv/foo" {
capabilities = ["create"]
}
and users that can only consume them, for example
path "kv/foo" {
capabilities = ["read"]
}
Upvotes: 1
Related Questions
- HashiCorp Vault to populate kubernetes secrets
- Hashicorp Vault cli return 403 when trying to use kv
- How to enable a kv secret engine in vault using HTTP APIs
- How to access hashi corp vault secret in kubernetes
- Access HashiCorp Vault KV secret using node-vault
- How to inject vault and consume hashicorp vault secrets?
- Vault: Get key value secrets
- Single use secret in Hashicorp vault
- Vault: how to get list of kv secrets
- HashiCorp Vault: Secret backends