Using Vault UI to get secrets

Question

I have the following policies:

path "/kv/dev/*" {
  capabilities = ["read","list", "update"]
}

path "/kv/data/dev/*" {
  capabilities = ["read","list", "update"]
}

Using the CLI I and able to use the following command to get the secrets: vault kv get -mount=kv dev/db

And it outputs the secrets correctly. The issue occurs when using the the UI

-With the input of dev/db I get Ember Data Request POST /v1/sys/capabilities-self returned a 400 Payload (application/json) [object Object]

-With the input of /data/dev/db I get undefined is not an object (evaluating 'n.data')

Any advice on how to access the secrets using the UI ?

Answer 1

I think I get the state you are looking for. Let me share with you what i did:

First I specified in my terminal what I need in terms of my Vault:

export VAULT_TOKEN='the token I use to authenticate myself in the UI'
export VAULT_ADDR='my vault address'

Login myself in the same way i will do in the UI:

vault login -method=token token=$VAULT_TOKEN

Creating policy

vault policy write my-policy - << EOF  
path "/kv/dev/*" {
  capabilities = ["read","list", "update"]
}

path "/kv/data/dev/*" {
  capabilities = ["read","list", "update"]
}
EOF

Enabling secrets engine for specific path. As you can see in this StackOverflow question

vault secrets enable -path=kv kv

Inserting and reading secret:

vault kv put kv/dev/db value=yes
vault kv get -mount=kv dev/db

After all of this steps I can see the secret in:

• VAULT_ADDR/ui/vault/secrets/kv/show/dev/db

So, if VAULT_ADDR was http://127.0.0.1:8200 the full path in the browser will be:

• http://127.0.0.1:8200/ui/vault/secrets/kv/show/dev/db

Answer 2

Instead of ...

path "/kv/data/dev/*" {
  capabilities = ["read","list", "update"]
}

If you use...

path "/kv/dev/*" {
  capabilities = ["read","list", "update"]
}

...you see the keys on UI as listed.