Introduction
The vault namespace command has many subcommands. These commands will only be applied to child namespaces and does not work on deeper child namespaces. As an administrator, there could be the need to run these commands on a deeper child namespace than the current set of child namespaces. This article will help explain how to run these commands on levels further than the child namespaces.
Procedure
Possible vault namespacecommands:
- vault namespace create ns1/
- vault namespace delete ns1/
- vault namespace lookup ns1/
When attempting to run these commands, but interacting with a second level of child namespaces will generate an error. An example of this command is run from root and trying to interact with ns1/ns1-child/.
$ vault namespace create ns1/ns1-child/
Error creating namespace: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/sys/namespaces/ns1/ns1-child
Code: 400. Errors:
* "/" is not allowed in namespace names
For this command to work on the ns1/ns1-child/ namespace, we will need to specify the parent namespace and alter the command to interact directly with the ns1-child/ namespace.
This can be done by using the -namespace flag, using the VAULT_NAMESPACE variable or similarly using an environment variable.
$ vault namespace create -namespace ns1 ns1-child/
Key Value
--- -----
custom_metadata map[]
id 7FTPk
path ns1/ns1-child/
$ VAULT_NAMESPACE=ns1 vault namespace create ns1-child/
Key Value
--- -----
custom_metadata map[]
id yoaaD
path ns1/ns1-child/
This same cadence will work for other namespace subcommands as well.
Additional Information
Namespace Command Docs: https://developer.hashicorp.com/vault/docs/commands/namespace