Vault: Add flag to print curl equivalent to cli command

Created on 10 Dec 2016 · 6Comments · Source: hashicorp/vault

Making some scripts to automate provisioning of vault dynamic configuration for our dev environments, I find myself missing the neat feature from etcdctl (or openstack cli) that print the acual http(s) requests being made under the hood when using the vault cli.
e.g :

fcantournet@<nope> ~ %  etcdctl --debug ls
start to sync cluster using endpoints(http://127.0.0.1:2379,http://127.0.0.1:4001)
cURL Command: curl -X GET http://127.0.0.1:2379/v2/members
got endpoints(https://10.33.2.12:2379,https://10.33.2.11:2379,https://10.33.2.10:2379) after sync
Cluster-Endpoints: https://10.33.2.12:2379, https://10.33.2.11:2379, https://10.33.2.10:2379
cURL Command: curl -X GET https://10.33.2.12:2379/v2/keys/?quorum=false&recursive=false&sorted=false

I'm aware that there might be security concerns at play here.
This issue is to discuss the extent to which this might be useful to anybody, and the feasibility from a security standpoint.
vault already prints similar information on failures. Would be nice if you could force this on success too.

felix@<still nope>:~$  vault policies
Error: Error making API request.

URL: GET https://127.0.0.1:8200/v1/sys/policy
Code: 503. Errors:

* Vault is sealed

Thoughts ?

Source

fcantournet

👍16

Most helpful comment

Added with: https://github.com/hashicorp/vault/pull/6113

kalafut on 1 Feb 2019

❤4 🎉2

All 6 comments

+1 this would be awesome. As a second example, openstack CLI supports it as well.

tookko on 2 Aug 2017

+1 - eventually i'm going to want to do most of these commands via an application layer and it would make it much easier if you could just tell me what was performed.