Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secrets Transit update_key_configuration doesn't update deletion_allowed from True to False #794

Open
mengesb opened this issue Feb 8, 2022 · 0 comments
Open

Secrets Transit update_key_configuration doesn't update deletion_allowed from True to False #794

mengesb opened this issue Feb 8, 2022 · 0 comments

Comments

@mengesb
Copy link

mengesb commented Feb 8, 2022

I've been writing a demo FLASK app and while using hvac i've noticed that when I make the call curl -X POST http:https://localhost:8080/keys/demo-key/config?deletion_allowed=false, it doesn't update the deletion_allowed field from 'true' to 'false', however it will update it from 'false' to 'true'. Once set to 'true', it never changes. I've had to use vault write transit/demo-key/config deletion_allowed=false in order to reset this flag.

Snippet of API call

@app.route('/keys/<name>/config', methods=['POST'])
def update_key(name):
  if not session.get('hvac_client'):
    hvac_client = connect()
    session['hvac_client'] = hvac_client
  else:
    hvac_client = session['hvac_client']

  mount_point = 'transit'

  if not hvac_client.is_authenticated():
    error_msg = 'Unable to authenticate to the Vault service'
    return error_msg, 401

  min_decryption_version = request.args.get('min_decryption_version', default=None, type=int)
  min_encryption_version = request.args.get('min_encryption_version', default=None, type=int)
  deletion_allowed       = request.args.get('deletion_allowed',       default=None, type=bool)
  exportable             = request.args.get('exportable',             default=None, type=bool)
  allow_plaintext_backup = request.args.get('allow_plaintext_backup', default=None, type=bool)

  resp = hvac_client.secrets.transit.update_key_configuration(name=name, min_decryption_version=min_decryption_version,
    min_encryption_version=min_encryption_version, deletion_allowed=deletion_allowed, exportable=exportable,
    allow_plaintext_backup=allow_plaintext_backup, mount_point=mount_point)

  if resp.status_code >= 200 and resp.status_code < 300:
    return 'ok', resp.status_code
  else:
    return 'fail', resp.status_code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mengesb