List users and policy associations

[zle...@womply.com]

Good day,

I'm trying to investigate what is in place on a vault that I'm working with.  How do I see what users there are and which policies they hold?

On a possibly related note, when is the next release?  I see the 'list' support went in, and that may solve my issue above.

-- 

Zach

[Jeff Mitchell]

Hi there,

Can you describe what you mean by "list users"? If you mean "list
tokens" this is not something we plan to support, for security
reasons. However, over time support for listing users or apps
configured into various backends (e.g. username/password or app-id)
should appear, and you can then query those to find out which policies
they are giving out for successfully authenticated clients.

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/20a4acd0-4100-4fab-ae89-1d6db10fe44f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[zle...@womply.com]

I'm primarily after the ability to determine what app_ids/users exist in the system, and which policies they are attached to.  The affect of which should be something like "who has access to what".

[Armon Dadgar]

Hey,

We are getting the list operation support into Vault 0.5 which extends

the core (client, API, ACLs, etc) to all support it and only the generic and

cubbyhole backends initially. With future releases we will be adding list

support to all the backends, and then you should just be able to use list

to see the existing users and app IDs. Hope that helps!

Best Regards,

Armon Dadgar

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/9246b908-ee8e-4f85-b07d-bf881bd6cd7e%40googlegroups.com.

[Zach Leslie]

On Tue, Jan 26, 2016 at 09:55:28AM -0800, Armon Dadgar wrote:
>Hey,
>
>We are getting the list operation support into Vault 0.5 which extends
>the core (client, API, ACLs, etc) to all support it and only the generic and
>cubbyhole backends initially. With future releases we will be adding list
>support to all the backends, and then you should just be able to use list
>to see the existing users and app IDs. Hope that helps!

Thanks for the information. I think thats what I'm after. Any timeline
on when that will be released/stable?

--
Zach

[Armon Dadgar]

Zach,

Vault 0.5 will be released in the next few weeks, and then future versions of Vault

will expand support to the all backends over time. Hope that helps!

Best Regards,

Armon Dadgar

[Jeff Mitchell]

Hi Zach,

Not at this point. The initial listing support will be in 0.5, and
listing of various other items will come over time as we get the
chance to code it in. PRs from interested parties will certainly help!

--Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> --- You received this message because you are subscribed to the Google
> Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/vault-tool/20160126224952.GA97229%40ip-172-16-1-4.us-west-2.compute.internal.