scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

add tip for how to force a secrets engine disable (#14363)

Browse Source 
* add tip for how to force a secrets engine disable

* add warning to force disable secrets instructions

* clean up wording

* add force secrets engine disable info to api doc

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* feedback updates

* impl taoism feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
This commit is contained in:
swayne275
2022-03-11 11:43:59 -07:00
committed by GitHub
parent 7e9fb2cb7a
commit 5275034d4d
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
website/content/docs/commands/secrets/disable.mdx
View File

@@ -30,3 +30,20 @@ $ vault secrets disable aws/
There are no flags beyond the [standard set of flags](/docs/commands)
included on all commands.
## Force Disable
Because `secrets disable` revokes secrets associated with this mount, possible
errors can prevent the secrets engine from being disabled if the revocation
fails.
The best way to resolve this is to figure out the underlying issue and then
disable the secrets engine once the underlying issue is resolved. Often, this
can be as simple as increasing the timeout (in the event of timeout errors).
For recovery situations where the secret was manually removed from the
secrets backing service, one can force a secrets engine disable in Vault by
performing a [prefix force revoke](/docs/commands/lease/revoke) on the mount
prefix, followed by a `secrets disable` when that completes.
If the underlying secrets were not manually cleaned up, this method might result
in dangling credentials. This is meant for extreme circumstances.