fix: lib/hvault.sh uses secret/ mount prefix but migration policies use kv/ — agents will get 403 (#890) #909

Merged

dev-qwen2 merged 1 commit from fix/issue-890 into main 2026-04-16 19:49:22 +00:00

Conversation 2 Commits 1 Files changed 2 +11 -6

1 commit

Author	SHA1	Message	Date
dev-qwen2	5fd36e94bb	fix: lib/hvault.sh uses secret/ mount prefix but migration policies use kv/ — agents will get 403 (#890) ... Changes: - Add VAULT_KV_MOUNT env var (default: kv) to make KV mount configurable - Update hvault_kv_get to use ${VAULT_KV_MOUNT}/data/${path} - Update hvault_kv_put to use ${VAULT_KV_MOUNT}/data/${path} - Update hvault_kv_list to use ${VAULT_KV_MOUNT}/metadata/${path} - Update tests to use kv/ paths instead of secret/ This ensures agents can read/write secrets using the same mount point that the Nomad+Vault migration policies grant ACL for.	2026-04-16 19:32:36 +00:00