json format support request

[marcus-sds]

If vault response data is josn, the safe get result should be json But the value is changed to string. Is it possible to support json format?

Here is response data field example
{"data":{"date":"2018-12-23T09:51:10.839Z","json":{"desc":"test"}}}
but result is below.
{"data":{"date":"2018-12-23T09:51:10.839Z","json":"{"desc":"test"}"}}

Thanks.

[jhunt]

For the not-so-keen observers like myself, the path key "json" is being set to an unescaped stringified version of its actual JSON payload: "{"desc":"test"}"; the inner quotes should have been escaped but are not, although the deeper problem is that the Vault API allows arbitrary nested structures and the safe CLI operates as if all values are opaque strings. Our compromise was to stringify the JSON.

I.e., you should be able to do this:

safe get secret/what/ever:json | jq -r .desc

and get "test".

Can you provide some steps (starting with a clean vault, or at least an unused path) to get into the state you are seeing, so that we can follow along and replicate / reproduce the exact issue, locally?

[artem-collectai]

I had to use a workaround to migrate data, maybe someone else will find this helpful:

import json
import subprocess

FILENAME='exported-secrets.json'
MOUNT='secret'

with open(FILENAME) as f:
  j = json.load(f)
  for key in j[0]['data']:
    print(key)
    obj = j[0]['data'][key]
    last_version = obj['versions'][-1]
    if 'value' in last_version:
      if 'data' in last_version['value']:
        last_version['value']['data'] = json.loads(last_version['value']['data'])
      with open('tmp.json', 'w+') as f:
        json.dump(last_version['value'], f)
      subprocess.run(["vault", "kv", "put", "-mount="+MOUNT, key.lstrip(MOUNT+"/"), "@tmp.json"], check=True)