You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Setting the entire Vault client to "v1" or "v2" to handle the differences in the KVv1 and KVv2 Vault APIs works well enough for use cases where users only use a KV mount and the version of the KV mounts used in the target Vault cluster are homogeneous.
I think its worth deprecating that as a "driver" level feature and replacing it with:
a LogicalKVv2 type returned from Vault
the ability to configure Logical to optionally use Vault's (not fully documented) /sys/internal/ui/mounts/* preflight check endpoints to auto-detect the logical version to use, for use cases where the user is expected to have permission to access those and the extra round trip call to vault is acceptable in exchange for transparently negotiating KV v1 vs v2 mounts
This should give a better user experience and avoid frequent confusion with non KV mounts being used alongside KVv2 mounts in the same Vault instance such as:
Should the mount map constructor also be deprecated and phased in in a later major version? I think so -- we don't pass a map of database backends or PKI secret backends, they are just interacted with directly using the API types returned by the Vault type -- KVv1 vs KVv2 mounts can be handled via API types too, rather than a special case map
The text was updated successfully, but these errors were encountered:
Setting the entire Vault client to "v1" or "v2" to handle the differences in the KVv1 and KVv2 Vault APIs works well enough for use cases where users only use a KV mount and the version of the KV mounts used in the target Vault cluster are homogeneous.
I think its worth deprecating that as a "driver" level feature and replacing it with:
VaultLogicalto optionally use Vault's (not fully documented)/sys/internal/ui/mounts/*preflight check endpoints to auto-detect the logical version to use, for use cases where the user is expected to have permission to access those and the extra round trip call to vault is acceptable in exchange for transparently negotiating KV v1 vs v2 mountsThis should give a better user experience and avoid frequent confusion with non KV mounts being used alongside KVv2 mounts in the same
Vaultinstance such as:Related To:
TBD:
Vaulttype -- KVv1 vs KVv2 mounts can be handled via API types too, rather than a special case mapThe text was updated successfully, but these errors were encountered: