Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error on create duplicate key #51

Conversation

trishankatdatadog
Copy link
Contributor

Prevent overwrite when creating key with same name as an existing key.

Signed-off-by: Trishank Karthik Kuppusamy [email protected]

Signed-off-by: Trishank Karthik Kuppusamy <[email protected]>
@LeSuisse LeSuisse self-assigned this Sep 3, 2020
Copy link
Owner

@LeSuisse LeSuisse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

Thanks for the contribution (and again sorry for the delay in my responses 🙁 )!

When I designed this endpoint I voluntarily missed this check because I wanted to be consistent with built-in engines of Vault.
Engines that use a named key do not protect against the overwriting of a specific key at least not in a explicit manner. For example the TOTP engine behave like this one and just overwrite existing key. The transit engine has a more subtle behavior and does not overwrite the key but does throw an error.
I'm however fine with the proposed change since overwriting a key can have disastrous consequences and I prefer to have an explicit error than something silently doing nothing.

@LeSuisse LeSuisse merged commit 29be405 into LeSuisse:master Sep 27, 2020
@LeSuisse
Copy link
Owner

This will be released as a major version due to the behavior change of the creation endpoint.

@trishankatdatadog
Copy link
Contributor Author

When I designed this endpoint I voluntarily missed this check because I wanted to be consistent with built-in engines of Vault.
Engines that use a named key do not protect against the overwriting of a specific key at least not in a explicit manner. For example the TOTP engine behave like this one and just overwrite existing key. The transit engine has a more subtle behavior and does not overwrite the key but does throw an error.
I'm however fine with the proposed change since overwriting a key can have disastrous consequences and I prefer to have an explicit error than something silently doing nothing.

Thanks for merging this!

From my tests, Transit SE does not overwrite an existing key or throw an error, but it does return a warning. I agree that it's better to thrown an explicit error than a "silent" warning that can be ignored.

@trishankatdatadog trishankatdatadog deleted the trishankatdatadog/create-duplicate-key branch September 28, 2020 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants