[1.15.0] kv secrets not showing in the UI

[hillen]

Describe the bug
After upgrading to vault version 1.15.0, kv secrets are no longer shown in the UI

To Reproduce
Upgrade to vault 1.15.0. After the upgrade, secrets using a kv engine are no longer shown

I believe that this is related to PR 22559

There are several secrets in the secret mount point and as seen in the screen shot the UI is not showing these secrets. There is a mismatch in the kv version between what the UI is showing and the configuration of the engine. This is a version 1 secret, not version 2.

Expected behavior
Secrets to continue to be shown in the UI after upgrading to 1.15.0

Environment:

• Vault Server Version "1.15.0"
• Vault CLI Version Vault v1.15.0 (b4d0727), built 2023-09-22T16:53:10Z
• Server Operating System/Architecture: Running the vault container in kubernetes using the vault:1.15.0 tag from the hashicorp/vault docker location

Vault server configuration file(s):

seal "azurekeyvault" {
  tenant_id      = ""
  vault_name     = ""
  key_name       = ""
}
storage "mysql" {
  address                 = ""
  database                = "vault"
  table                   = "vault"
  tls_ca_file             = "/vault/userconfig/mysql-cert/mysql.crt"
  max_parallel            = "128"
  max_idle_connections    = "0"
  max_connection_lifetime = "0"
  username                = ""
  password                = ""
  ha_enabled              = "true"
  lock_table              = "vault_lock"
}
telemetry {
  prometheus_retention_time = "30s"
  disable_hostname = true
}
disable_mlock = true
ui = true
listener "tcp" {
  address = "[::]:8200"
  cluster_address = "[::]:8201"
  telemetry {
    unauthenticated_metrics_access = "true"
  }
  tls_cert_file = "/vault/userconfig/vault-tools-cert/tls.crt"
  tls_key_file  = "/vault/userconfig/vault-tools-cert/tls.key"
}

**Additional context**
None

[ed-ud]

Also seeing this problem - all of our secrets are KV v1 so the UI is now useless for us.

[ed-ud]

I think the problem may stem from the fact that after the 1.15.0 update, all of my KV v1 mounts show as "Version 2" in the UI.

I notice that when you create a KV v2 mount with the 1.15.0 UI, the mount gets an extra internal setting according to:

% vault read sys/mounts/<mount-name>

... which shows up as:

options map[version:2]

When I create a KV v1 mount with the 1.15.0 UI I see:

options map[version:1]

On my existing KV v1 mounts, options was nil.

Potential workaround:

% vault secrets tune -options="version=1" <mount-name>

After adding this setting, the secrets show up in the UI once I reload the "Secrets Engines" page and click into the mount.

[tdviet]

Potential workaround:

% vault secrets tune -options="version=1" <mount-name>

Thank you very much for the workaround., it works correctly for me. I had the same issue after upgrading and was going to rollback to the older version, and the workaround saved a lot of times

[jayunit100]

I also noticed this earlier , thanks for the report