Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot copy data using UI #26492

Open
esesyn01 opened this issue Apr 18, 2024 · 5 comments
Open

Cannot copy data using UI #26492

esesyn01 opened this issue Apr 18, 2024 · 5 comments
Labels
ui

Comments

@esesyn01
Copy link

Describe the bug
After update to 1.16.1 from 1.15.2, any secret (from kv, user token etc.) cannot be copied using the Copy to clipboard button, Although, the user has permissions to this secrets and they can be copied using Ctrl-c on unmasked value.

image

To Reproduce
Steps to reproduce the behavior:

  1. Login to vault
  2. Navigate to any secret
  3. Click "Copy to clipboard" button

Expected behavior
Data present in clipboard

Environment:

  • Vault Community Edition Docker 1.16.1
  • Google Chrome version 124.0.6367.61 (latest by this time)

Vault server configuration file(s):

ui = true
disable_mlock = true

storage "raft" {
  path    = "./some/path"
  node_id = "node3"
}

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = "true"
}

api_addr = "http://127.0.0.1:8200"
cluster_addr = "https://127.0.0.1:8201"

Policy:

path "secrets/path/*" {
  capabilities = ["create", "read", "update", "patch", "delete", "list"]
}
@divyaac divyaac added the ui label Apr 19, 2024
@zijiwork
Copy link

Have you tried accessing the vault using https?

@marcboudreau
Copy link
Contributor

@esesyn01 I'm trying to reproduce this issue. Can you help me by clarifying the following point? Is the KV secrets engine in question using version 1 or version 2 of the API? The version appears next to the mount path in the UI as shown here:
image
or
image

@esesyn01
Copy link
Author

Have you tried accessing the vault using https?

I'm connecting through http, I will try the https instead

@esesyn01
Copy link
Author

@esesyn01 I'm trying to reproduce this issue. Can you help me by clarifying the following point? Is the KV secrets engine in question using version 1 or version 2 of the API? The version appears next to the mount path in the UI as shown here: image or image

It's version 2 @marcboudreau

@marcboudreau
Copy link
Contributor

Something that struck me is that the you included in the issue description is not valid as is. If your KV secrets engine is mounted at secrets/, this minimalistic policy will allow copying from secrets > folder1 > secret:

path "secrets/data/folder1/secret" {
  capabilities = ["read"]
}

This policy won't allow you to navigate to the secret by typing, but if prompted for a secret path, you can enter secrets/folder1/secret and the obfuscated secret details will be shown. You can click the copy to clipboard icon next to a key and its value will be copied.

The above policy can be augmented to allow navigation to any key within the KV secrets engine mounted at secrets/ as follows:

path "secrets/data/folder1/secret" {
  capabilities = ["read"]
}

path "secrets/metadata/*" {
  capabilities = ["list"]
}

@GJSBRT GJSBRT mentioned this issue May 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ui
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@marcboudreau @divyaac @zijiwork @esesyn01