Hi Team,
We are storing our secrets in Vault using this nested JSON format:
{
"tls.crt": [
{
"data": {
"test.com": "<certificate-string>"
}
}
],
"tls.key": "<private-key-string>"
}
Our goal is to extract the certificate nested at tls.crt.data.test.com using:
tls.crt: <tls.crt | jsonPath {['tls.crt'][0].data.test.com}>
tls.key: <tls.key>
However, we receive this error from ArgoCD Vault Plugin:
jsonPath: tls is not found for placeholder tls.crt in string tls.crt: <tls.crt | jsonPath {['tls.crt'][0].data.test.com}>
We assume this happens because AVP is unable to locate the top-level key tls.crt and instead treats the dot as a delimiter, mistakenly searching for a key named tls.
To work around this, we renamed the key to tls_crt in Vault and updated the manifest accordingly:
tls_crt: <tls_crt | jsonPath {['tls_crt'][0].data.test.com}>
But we still get a similar error:
jsonPath: tls_crt is not found for placeholder tls_crt in string tls_crt: <tls_crt | jsonPath {['tls_crt'][0].data.test.com}>
It appears the plugin cannot correctly resolve nested JSON array keys through jsonPath expressions when the top-level value is a complex object or array.
Could you please advise if this is a known limitation of AVP or if there is a recommended way to handle nested JSON secrets in Vault?
Hi Team,
We are storing our secrets in Vault using this nested JSON format:
Our goal is to extract the certificate nested at tls.crt.data.test.com using:
However, we receive this error from ArgoCD Vault Plugin:
jsonPath: tls is not found for placeholder tls.crt in string tls.crt: <tls.crt | jsonPath {['tls.crt'][0].data.test.com}>
We assume this happens because AVP is unable to locate the top-level key tls.crt and instead treats the dot as a delimiter, mistakenly searching for a key named tls.
To work around this, we renamed the key to tls_crt in Vault and updated the manifest accordingly:
tls_crt: <tls_crt | jsonPath {['tls_crt'][0].data.test.com}>But we still get a similar error:
jsonPath: tls_crt is not found for placeholder tls_crt in string tls_crt: <tls_crt | jsonPath {['tls_crt'][0].data.test.com}>
It appears the plugin cannot correctly resolve nested JSON array keys through jsonPath expressions when the top-level value is a complex object or array.
Could you please advise if this is a known limitation of AVP or if there is a recommended way to handle nested JSON secrets in Vault?