Delete empty "folder" (generic secret backend)
1,119 views
Skip to first unread message
E. Chen-Ran
Jul 13, 2016, 6:58:48 PM7/13/16
to Vault
I want to know how to delete an empty "folder," since there is no reason for me to keep a path that leads to no secret.
$ vault list secret/hello
$ vault list secret/hello
Keys
somesecret
$ vault delete secret/hello/somesecret
$ vault delete secret/hello/somesecret
Success! Deleted 'secret/hello/somesecret' if it existed.
$ vault list secret/hello
$ vault delete secret/hello
$ vault list secret/hello
No value found at secret/hello/
$ vault delete secret/hello
Success! Deleted 'secret/hello' if it existed.
$ vault list secret
Keys
hello/
The delete command doesn't work on "folders," and there doesn't seem to be any other way to delete them. If folders absolutely cannot be deleted, is there a way to rename them so I can at least use them for something else?
Thanks,
ECR
$ vault list secret
Keys
hello/
The delete command doesn't work on "folders," and there doesn't seem to be any other way to delete them. If folders absolutely cannot be deleted, is there a way to rename them so I can at least use them for something else?
Thanks,
ECR
Jeff Mitchell
Jul 14, 2016, 2:23:55 AM7/14/16
to vault...@googlegroups.com
Are you using the file backend? I think this is behavior specific to it.
Best,
Jeff
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/ea5b0ecb-42dc-4657-b0db-fbc630ca7207%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
E. Chen-Ran
Jul 14, 2016, 9:14:45 AM7/14/16
to Vault
Yes, I am. So there's absolutely no way around it, right? Barring perhaps a "dirty patch" that involves changing the name of the stored folder to "_thatfoldername" to trick Vault into thinking it's deleting a secret...or what would you suggest?
Jeff Mitchell
Jul 18, 2016, 10:44:42 AM7/18/16
to vault...@googlegroups.com
On Thu, Jul 14, 2016 at 9:14 AM, E. Chen-Ran <emch...@gmail.com> wrote:
> Yes, I am. So there's absolutely no way around it, right? Barring perhaps a
> "dirty patch" that involves changing the name of the stored folder to
> "_thatfoldername" to trick Vault into thinking it's deleting a secret...or
> what would you suggest?
There is currently no way around it. I don't think you need a "dirty
> Yes, I am. So there's absolutely no way around it, right? Barring perhaps a
> "dirty patch" that involves changing the name of the stored folder to
> "_thatfoldername" to trick Vault into thinking it's deleting a secret...or
> what would you suggest?
patch" to work around it though. Just a "normal" patch to the file
backend that does some atomic deletion semantics if the folder is
empty ought to do the trick. Feel free to file a GitHub issue around
this -- I can't promise that the Vault team can tackle it any time
soon, but would be happy to review a PR.
Best,
Jeff
Reply all
Reply to author
Forward
0 new messages