HashiCorp Vault KV v1 secrets engine implementation.

This module provides a complete implementation of the KV v1 secrets engine, offering simple, direct key-value storage without versioning complexity. KV v1 is ideal for straightforward secret storage where versioning and metadata are not required.

Key Characteristics

• Simplicity: Direct key-value storage without versioning overhead
• Performance: Minimal API calls and storage requirements
• Legacy Support: Compatible with older Vault installations
• Immediate Operations: All changes are immediate and permanent
• Direct Access: Simple path-based secret access

API Compliance

Fully implements HashiCorp Vault KV v1 API:

• KV v1 API Documentation

HTTP Endpoints

KV v1 uses direct mount paths without data prefixes:

• GET /{mount}/{path} - Read secret data
• POST /{mount}/{path} - Write secret data
• DELETE /{mount}/{path} - Delete secret permanently
• LIST /{mount}/{path} - List secret keys

Usage Examples

# Read a secret
{:ok, secret} = Vaultx.Secrets.KV.V1.read("myapp/config", mount_path: "secret")

# Write a secret
:ok = Vaultx.Secrets.KV.V1.write("myapp/config", %{"key" => "value"}, mount_path: "secret")

# Delete a secret
:ok = Vaultx.Secrets.KV.V1.delete("myapp/config", mount_path: "secret")

# List secrets
{:ok, keys} = Vaultx.Secrets.KV.V1.list("myapp/", mount_path: "secret")

Configuration

# Enable KV v1 engine
vault secrets enable -version=1 -path=kv-v1 kv

Limitations

• No versioning support
• No metadata support
• No soft delete (deletion is permanent)
• No check-and-set operations
• No undelete or destroy operations

Migration

When migrating from KV v1 to KV v2, consider:

• KV v2 stores data under /data/ path
• KV v2 provides versioning and metadata
• Migration tools are available in Vault CLI