I was looking at your secrets manager and it seems really interesting but I have 3 things I’d really need to be able to use it.
-
Access secrets via REST API. Technically there must be an API that your CLI itself is using to pull down the data from the vault, but please document it so we can use the API directly. I have need to access a secret right from my own code so I need API access to get my secrets.
-
Access secrets by key. The docs show access secrets by some arbitrary ID you assign, super confusing and unnatural. Let me access a secret value by key name. Too much effort to have to find a secret’s ID and make sure to reference that instead of a friendly key name.
-
Ability to request webhook notification on change. On a service account basis I want to be able to provide an endpoint to receive a HTTP request when ever there is any change (new, updated, removed secret, as well as adding or removing the service account from accessing an existing secret). Obviously I don;t expect any details about what changed. But I would need to know something changed to wipe the servers local cache of secrets and refetch them all.
If you add these 3 things then this would be something that is usable.
As a bonus it could be useful to get write access via a service account, for example if I have to collect API keys for third parties from the users of my app (as I do with 1 app) I could use this to store those values rather than having to self encrypt and store in a database.