I've encountered an issue when using Teller with LDAP and database secret engines in Vault. Teller seems to automatically append "/data" to the path after the mount point, which is incorrect for these engines.
For example, with this .teller.yaml configuration:
providers:
hashicorp_vault:
kind: hashicorp
maps:
- id: test_creds
path: kvv2/path/to/secret
keys:
Secret1: secret_1
- id: test_creds2
path: ldap/path/to/secret
keys:
Secret2: secret_2
- id: test_creds3
path: db_server/path/to/secret
keys:
Secret3: secret_3
Teller generates an incorrect path, resulting in an error like:
Error response:
Base_url base = “<vault_url>”, path=“ldap/data/path/to/secret” ….
error=The Vault server returned an error (status code 403)
The correct path should be ldap/path/to/secret without the additional "/data" segment.
Is there a flag or workaround to prevent Teller from adding "/data" to the path for LDAP and database secret engines? This would allow proper functionality with these Vault secret engines.
I've encountered an issue when using Teller with LDAP and database secret engines in Vault. Teller seems to automatically append "/data" to the path after the mount point, which is incorrect for these engines.
For example, with this .teller.yaml configuration:
providers:
hashicorp_vault:
kind: hashicorp
maps:
- id: test_creds
path: kvv2/path/to/secret
keys:
Secret1: secret_1
- id: test_creds2
path: ldap/path/to/secret
keys:
Secret2: secret_2
- id: test_creds3
path: db_server/path/to/secret
keys:
Secret3: secret_3
Teller generates an incorrect path, resulting in an error like:
Error response:
Base_url base = “<vault_url>”, path=“ldap/data/path/to/secret” ….
error=The Vault server returned an error (status code 403)
The correct path should be ldap/path/to/secret without the additional "/data" segment.
Is there a flag or workaround to prevent Teller from adding "/data" to the path for LDAP and database secret engines? This would allow proper functionality with these Vault secret engines.