Search for data in vault key
296 views
Skip to first unread message
ME2Digital
Aug 28, 2018, 4:25:48 PM8/28/18
to Vault
Hi.
I try to search for a user in the vault identity path.
The `vault path-help identity/lookup/entity` says something about that there are some "query parameters".
I have tried several ways to search/lookup via the cli but it was never successful.
I have tried this formats.
- ./vault read 'identity/lookup/entity?name=alek...@none.at'
- ./vault read 'identity/lookup/entity/name/alek...@none.at'
- ./vault list 'identity/lookup/entity?name=alek...@none.at'
- ./vault read identity/lookup/entity 'name=alek...@none.at'
- ./vault kv get 'identity/lookup/entity?name=alek...@none.at'
I haven't seen any examples in the doc how I can search in the vault key store for some entries, is this possible?
I run vault in -dev mode
####
./vault status
Key Value
--- -----
Seal Type shamir
Sealed false
Total Shares 1
Threshold 1
Version 0.11.0
Cluster Name vault-cluster-4b31d8ca
Cluster ID f215c747-b893-765e-8305-f7fe17f55a5c
HA Enabled false
####
Best regards
aleks
Jeff Mitchell
Aug 28, 2018, 6:20:52 PM8/28/18
to Vault
Hi there,
The endpoint is a POST so you need to be doing `vault write`; additionally the vault client doesn't use query-style parameters.
Try `vault write identity/lookup/entity name=<name>`
Best,
Jeff
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/dc2ffca5-0eb8-4acd-a7db-4240b2243684%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
ME2Digital
Aug 29, 2018, 1:01:01 AM8/29/18
to vault...@googlegroups.com
Hi Jeff.
Thank you.
How efficient is a lookup over let's say millions of data with metadata.email compared to ldap indexed query?
I plan to use consul HA as storage.
Is identity the "right" path?
Is username/password a "better" path as the login will be with username password?
Best regards
Best regards
Aleks
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GEw7LAJ8Mm9zrMjkBKqgfFwSn%2Bz-6UrKD_b9LwPOTFU5Q%40mail.gmail.com.
Jeff Mitchell
Aug 30, 2018, 1:46:16 PM8/30/18
to Vault
Hi there,
I can't speak for LDAP, but I can tell you that the identity lookup is against an in-memory indexed store, so is _very_fast.
Best,
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAJaCwiSo6h2mYUQjzzTRbhnEMFS%2BaNdMkodBTsfQZZfiEDt8EQ%40mail.gmail.com.
ME2Digital
Sep 1, 2018, 8:25:31 AM9/1/18
to vault...@googlegroups.com
Hi Jeff.
Can i also search / lookup for metadata values?
For example 'metadata.birthday = 2018.09.01'
Regards
Regards
Aleks.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GECwmev%3DUfXEPfNDx31vxtV0-2qgMKczoxWezsmTWvDAQ%40mail.gmail.com.
Jeff Mitchell
Sep 1, 2018, 10:48:35 AM9/1/18
to Vault
Not currently, sorry.
Best,
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAJaCwiQf0zKctB6%3DbwHf687JDnvB2oRz0Kqa59vfc30aMO_ZkQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages