3

I have several entities (users) in vault implementation. These entities have alphanumeric ids. I also have a group called ops. This group also has an alphanumeric id.

I have looked at the Hashicorp's documentation here:

https://learn.hashicorp.com/tutorials/vault/identity

However, it doesn't cover this particular use case.

Any help is greatly appreciated.

Mamun
  • 2,322
  • 4
  • 27
  • 41

1 Answers1

2

You have to update the target group’s entities (the ops group in your case)

In a few steps

  • 1: Read the group data: read the current state of the group
  • 2: update the identity entity IDs list to add the entities you want to add to this group
  • 3: post the group update with this member_entity_ids list

https://www.vaultproject.io/api-docs/secret/identity/group#update-group-by-id

Sébastien Portebois
  • 719
  • 6
  • 2
  • Thank you very much for the answer! – Mamun Dec 13 '20 at 23:13
  • Very disappointing that there is no cli command for this... – pkaramol Feb 02 '23 at 12:46
  • @pkaramol you can use the CLI too (using `foobar` as the group name in this example), get the current list of users for a group: `vault read identity/group/name/foobar -format=json | jq .data.member_entity_ids` list of all isers and their entity ids: `vault read /identity/entity/id list=true -format=json | jq -r '.data.key_info | keys[] as $k | "\($k):\(.[$k].aliases[] | (.mount_type + ":" + .name))"'` update the members of the group with `vault write identity/group/name/foobar member_entity_ids=...` I used JSON output and `jq` to fetch specific fields (optional, nice to have), – RSchulze Apr 17 '23 at 16:51