Vault administrators sometimes need to fetch the list of unique entities ID from their namespaces. Although there are no API calls to recursively retrieve a list of entities from namespaces and sub-namespaces there are procedures to perform this such using a script.

Prerequisites:

1. Enterprise vault 
2. Bash
3. Jq tool

Procedure:

The following script will fetch all the entities ID for all namespaces which are immediate children of root and sub-namespaces inside them.

The script can be iterated in a loop to fetch details of various other namespaces by providing the header for X-Vault-Namespace:

#!/bin/bash
export VAULT_TOKEN=...
export VAULT_ADDR=http://127.0.0.1:8200

# Fetching all of the child namespace and applying policy at root level regarding them
for ns in $(vault namespace list -format=json | jq -r '.[]'); do
echo "X-Vault-Namespace: $ns"
{
  curl -XLIST -H "X-Vault-Namespace: ${ns}" -H "X-Vault-Token: ${VAULT_TOKEN}" \
  ${VAULT_ADDR}/v1/identity/entity/id | jq
}

for ns1 in $(vault namespace list -ns=$ns -format=json | jq -r '.[]'); do
echo "X-Vault-Namespace: $ns$ns1"
{
  curl -XLIST -H "X-Vault-Namespace: $ns$ns1" -H "X-Vault-Token: $VAULT_TOKEN" \
  ${VAULT_ADDR}/v1/identity/entity/id | jq
}
done

done

Reference articles:

1. How to create vault policies in Child namespaces
2. Vault auditor tool
3. Vault entities