Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Hashicorp vault how to list all roles

Tags:

hashicorp-vault

Is it possible to list all roles stored in a vault backend? I can't seem to find any reference on how to do so.

From the documentation, it seems possible to list a role given the role name, through auth/approle/role/my-role, for example, but I don't see any references on how to list all roles stored in a vault server.

like image 235
Bilbo Baggins Avatar asked Mar 26 '20 14:03

Bilbo Baggins

People also ask

How do I list roles in HashiCorp vault?

Roles are listed under Authentication Methods in Vault. You can view which authentication methods you have enabled (or enable new ones) by visiting the UI and clicking on the "Access" tab at the top. Where {auth_method} is one of the enabled authentication methods listed in the "Access" tab.

What are HashiCorp vault roles?

hashiCupsRoleEntry defines a role entry for a specific user based on username and user ID. It also stores the dynamically generated token for the target API. Vault needs the role entry to include a time to live (TTL) and maximum TTL. Note: Your role entry should always have attributes for TTL and MaxTTL .

How do I find role ID in HashiCorp vault?

To retrieve the RoleID, invoke the auth/approle/role/<ROLE_NAME>/role-id endpoint. To generate a new SecretID, invoke the auth/approle/role/<ROLE_NAME>/secret-id endpoint. Now, you need to fetch the RoleID and SecretID of a role.

2 Answers

EDIT

I would recommend viewing roles through the CLI. Viewing roles through the UI seems show all roles instead of those assigned to a given auth method.

Viewing roles using the UI

  1. Click the "Access" tab

access-tab

  1. Click "View Configuration" under the three dot dropdown for the auth method you're interested in

view-config

  1. Click the "Roles" tab at the top

roles

Viewing roles using the CLI

Roles are listed under Authentication Methods in Vault. You can view which authentication methods you have enabled (or enable new ones) by visiting the UI and clicking on the "Access" tab at the top.

From there you can list roles using the following command:

vault list auth/{auth_method}/role

Where {auth_method} is one of the enabled authentication methods listed in the "Access" tab.

For example, if you enabled the kubernetes auth method, you would list roles associated with this method by running the following:

vault list auth/kubernetes/role
like image 135
Bilbo Baggins Avatar answered Sep 22 '22 15:09

Bilbo Baggins

It depends on what auth method you created, based on auth method you can list roles.

Example:

# vault list auth/aws/roles
# vault read auth/aws/role/role-name
like image 40
talant Avatar answered Sep 26 '22 15:09

talant
Sign in to Comment

Related questions

failed to create client: parse "http://127.0.0.1:8200": first path segment in URL cannot contain colon in Hashi-corp Vault
fetching vault secret value using terraform
Hashicorp Vault for file storage?
HASHICORP VAULT: How to read multiple items from a file and write them to Vault
How to fix "Vault location [kv/my-client-service] not resolvable: Not found" when I am trying to connect HashiCorp Vault using AWS IAM role?
Is it possible to start Vault dev server on 0.0.0.0 instead of 127.0.0.1?
HashiCorp Vault sealing questions
Configuring Spring Cloud Vault Config to pull from a location other than /secret
Can Terraform mask variables in the console output?
Why does Vault by HashiCorp require the ipc_lock capability to be enabled?
Can I set terraform output to env variables?
HashiCorp Vault project - write additional key/value pair without overwritting existing ones
store and retrieve files from hashicorp vault
Storing secrets and credentials securely in GitLab
Terraform and cleartext password in (remote) state file
"Operation not Permitted" when running Vault in a container
Vault error while writing
What is difference between vault write and vault kv put?
Where should I store Vault's Unseal Key and Root Token?
Vault Error, Server gave HTTP response to HTTPS client

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!