Vault SSH: Revoking key after SSH session from CLI

2025-11-02 19:47:54 +00:00 · 2015-07-06 11:05:02 -04:00
parent 280efd28f6
commit 0a59e84cef
2 changed files with 16 additions and 1 deletions
--- a/api/ssh.go
+++ b/api/ssh.go
@@ -15,6 +15,16 @@ func (c *Client) SSH() *SSH {
 	return &SSH{c: c}
 }

+// Invokes the SSH backend API to revoke a key identified by its lease ID.
+func (c *SSH) KeyRevoke(id string) error {
+	r := c.c.NewRequest("PUT", "/v1/sys/revoke/"+id)
+	resp, err := c.c.RawRequest(r)
+	if err == nil {
+		defer resp.Body.Close()
+	}
+	return err
+}
+
 // Invokes the SSH backend API to create a dynamic key
 func (c *SSH) KeyCreate(role string, data map[string]interface{}) (*Secret, error) {
 	r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/ssh/creds/%s", role))
--- a/command/ssh.go
+++ b/command/ssh.go
@@ -80,7 +80,12 @@ func (c *SSHCommand) Run(args []string) int {

 	err = os.Remove(sshDynamicKeyFileName)
 	if err != nil {
-		c.Ui.Error(fmt.Sprintf("Error deleting temporary file:%s", sshDynamicKeyFileName))
+		c.Ui.Error("Error cleaning up") // Intentionally not mentioning the exact error
+	}
+
+	err = client.SSH().KeyRevoke(keySecret.LeaseID)
+	if err != nil {
+		c.Ui.Error("Error cleaning up") // Intentionally not mentioning the exact error
 	}

 	return 0