in our organisation we’d like all admins to be able to edit all chef vaults.
Right now, every single time we create a vault item, we have to add all admins, and if a new admin joins the team, we have to update all vault items.
I frankly think that the vast majority of organisations using Chef and Chef Vault are in the same situation, and this should be the default behaviour.
While I can (with some effort) imagine a situation in which some secrets should not be known by all team members, I must note that admins can override cookbooks, which means that you cannot really prevent an admin from knowing such secrets if they want to.
Was there a discussion about the current default behaviour, in which only the creator of an item can read it? Am I missing some counter arguments?