This script searches for a specific secret within a given Vault namespace, dynamically displaying the results and tracking the time elapsed. It is designed to work efficiently with recursive paths and outputs clear, formatted results in real-time.
- Recursive Search: Searches all secrets in a given namespace, including sub-paths.
- Real-time Updates: Displays progress dynamically, updating the results in real-time.
- Elapsed Time: Shows the total time taken for the search once completed.
- Formatted Output: Highlights found secrets in green and displays total results at the end.
-
Vault CLI: Ensure the Vault CLI is installed and configured on your system.
-
Authentication: Your Vault token should be available in
~/.vault-token. -
Dependencies: The script relies on
vaultandjqfor JSON parsing. Install it with:brew install vault jq # macOSsudo apt-get install vault jq # Debian/Ubuntu
Run the script with the following syntax:
./vault.sh <search_secret> <vault_namespace><search_secret>: The term to search for within the secret data.<vault_namespace>: The Vault namespace path where the search should begin.
./vault.sh <insert_your_secret> adeo/<insert_your_namespace>/secret/- The script dynamically shows the current secret being inspected.
- Displays found secrets in real-time.
- Outputs the total number of secrets found and the time taken at the end.
- Ensure your Vault token has the necessary permissions to read secrets in the specified namespace.
- The script clears the terminal during execution to provide a clean, updated display.
-
"Command not found" errors: Ensure
vaultandjqare installed and accessible in yourPATH. -
Authentication issues: Make sure to authenticate with vault cli; I recommand you using this alias
alias vault-me="vault login -method=oidc -namespace=<your-name-space> -address=https://vault.factory.adeo.cloud; cat ~/.vault-token | pbcopy;"
-
Permission denied: Ensure your token has the correct policies for the namespace you're searching.