Skip to content

Commit 545b393

Browse files
caiobegotticaiobegotti
authored
fixes basic setup instructions for KV v2
fixes basic setup instructions for KV v2: - VAULT_CAPATH is the actual certificate variable used by vault and the the migrator - KV v2 was not exporting anything with the documented syntax - README implied KV v2 was not supported, which is not the case
1 parent f2d47eb commit 545b393

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

README.md

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
`vault-backend-migrator` is a tool to export and import (migrate) data across vault clusters.
44

5-
Right now this tool really only supports the `secret`/`kv` (version 1) backend. Other mount points might work, but many create dynamic secrets behind the scenes or don't support all operations (i.e. LIST).
5+
Right now this tool really only supports the `secret`/`kv` backend (version 1 in particular, although version 2 works too). Other mount points might work, but many create dynamic secrets behind the scenes or don't support all operations (i.e. LIST).
66

77
### Usage
88

@@ -18,7 +18,7 @@ After pulling the code it's helpful to set a few environment variables. (These m
1818

1919
```
2020
export VAULT_ADDR=http://127.0.0.1:8200/
21-
export VAULT_CACERT=<full filepath to .crt bundle>
21+
export VAULT_CAPATH=<full filepath to .crt bundle>
2222
export VAULT_TOKEN=<vault token>
2323
```
2424

@@ -30,11 +30,17 @@ Then you should be able to run an export command:
3030
$ ./vault-backend-migrator -export secret/ -file secrets.json
3131
```
3232

33+
If you are using the version 2 of the backend and want all the data in there:
34+
35+
```
36+
$ ./vault-backend-migrator -export secret/data/ -metadata secret/metadata/ -file secrets.json -ver 2
37+
```
38+
3339
This will create a file called `secrets.json` that has all the keys and paths. (Note: This is literally all the secrets from the generic backend. Don't share this file with anyone! The secret data is **encoded** in base64, but there's no protection over this file.)
3440

3541
##### Importing
3642

37-
Once you've created an export you are able to reconfigure the vault environment variables (`VAULT_ADDR` and `VAULT_TOKEN` usually) to run an import command.
43+
Once you've created an export you are able to reconfigure the vault environment variables (`VAULT_ADDR` and `VAULT_TOKEN` usually) to run an import command (remember to specify `-ver 2` in the command line when importing to a version 2 backend).
3844

3945
```
4046
$ ./vault-backend-migrator -import secret/ -file secrets.json

0 commit comments

Comments
 (0)