Introduction:
The vault administrators sometimes need to fetch the list of unique entities from their namespaces. However, we do not have an API call to get the list of entities from namespaces and sub-namespaces.
Prerequisites:
- Enterprise vault
- Bash
- Jq tool
Expected Outcome:
This document aims to provide details on how to fetch the entities ID from Vault namespaces and sub-namespaces.
Procedure:
The following script will fetch all the entities ID for all namespaces which are immediate children of root and sub-namespaces inside them.
The script can be iterated in a loop to fetch details of various other namespaces by providing the header for X-Vault-Namespace:
#!/bin/bash
# Export Vault communication variables
export VAULT_TOKEN=s.Hzwh3oDmDIIx3nM7j6PfDoOw
export VAULT_ADDR=http://127.0.0.1:8200
# Fetching all of the child namespace and applying policy at root level regarding them
for ns in $(vault namespace list -format=json | jq -r '.[]'); do
echo "X-Vault-Namespace: $ns"
{
curl \
--header "X-Vault-Namespace: $ns" \
--header "X-Vault-Token: $VAULT_TOKEN" \
--request LIST \
http://127.0.0.1:8200/v1/identity/entity/id |jq
}
for ns1 in $(vault namespace list -namespace=$ns -format=json | jq -r '.[]'); do
echo "X-Vault-Namespace: $ns$ns1"
{
curl \
--header "X-Vault-Namespace: $ns$ns1" \
--header "X-Vault-Token: $VAULT_TOKEN" \
--request LIST \
http://127.0.0.1:8200/v1/identity/entity/id |jq
}
done
done
Reference articles: