gpt4 book ai didi

Delete all records under KV v2 in Hashicorp using API HTTP request(使用接口HTTP请求删除Hashicorp中KV v2下的所有记录)

转载 作者:bug小助手 更新时间:2023-10-24 22:05:03 32 4
gpt4 key购买 nike



I wish to delete all records under kv (versioned) using API [HTTP request]. Using CLI is a secondary preference.

我希望使用[HTTP请求]接口删除KV(版本)下的所有记录。使用CLI是次要选择。


Upon my research, I found that there is no way to delete all entries under kv in one go.

在我的研究中,我发现没有办法一下子删除KV下的所有条目。


Instead we should first LIST and then delete all records in a loop.

相反,我们应该首先列出,然后删除循环中的所有记录。


Below is my attempt on Listing all entries under the kv.

以下是我尝试列出KV下的所有条目。


Display path for kv:

KV的显示路径:


C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/"  https://dal-vault.mybank.com/v1/sys/mounts

{"request_id":"93fdc050-d5d1-fbe2-df58-2a2bba04f19c","lease_id":"","renewable":false,"lease_duration":0,"data":{"cubbyhole/":{"accessor":"ns_cubbyhole_12e4f0fa","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"per-token private secret storage","external_entropy_access":false,"local":true,"options":null,"seal_wrap":false,"type":"ns_cubbyhole","uuid":"b9276a30-73c0-5d2f-34c0-238b5830c572"},"identity/":{"accessor":"ns_identity_50d4ced6","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"identity store","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_identity","uuid":"8b5b546f-33d6-1234-6f38-9ddcde05c55d"},"kv/":{"accessor":"kv_b93d663b","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"","external_entropy_access":false,"local":false,"options":{"version":"2"},"seal_wrap":false,"type":"kv","uuid":"42834004-f858-a734-e52d-6405d0e5ab73"},"sys/":{"accessor":"ns_system_573b63e0","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"system endpoints used for control, policy and debugging","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_system","uuid":"bfce2504-fff5-b74f-70a0-0b2fe3fb500d"}},"wrap_info":null,"warnings":null,"auth":null}

enter image description here


Attempt 1 to List entries:

尝试%1列出条目:


C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv

{"request_id":"884ad3f2-80c3-fb99-d5c9-83f059f41319","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}

Attempt 2:

尝试2:


C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/

{"request_id":"c898ffc6-7ac8-faa6-87aa-e8f57045c6d3","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}

Attempt 3:

尝试3:


C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/data/

{"errors":["1 error occurred:\n\t* unsupported operation\n\n"]}

更多回答

You could also re-create the secret engine mount to delete all records. Would that be an ok solution?

您还可以重新创建秘密引擎挂载以删除所有记录。这是一个可行的解决方案吗?

@MatthewSchuchard I would like to know that solution but I'm not sure how to. However, API to list and delete all key-value is my preference?

@MatthewSchuchard我想知道这个解决方案,但我不确定如何解决。但是,API列出和删除所有键-值是我的首选吗?

优秀答案推荐

From the docs, to perform a LIST operation you need to use the /metadata/ paths. So the appropriate command for you would be

在文档中,要执行列表操作,您需要使用/METADATA/路径。因此,适合您的命令应该是


curl -H "X-Vault-Token: <token>" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/metadata/


If you want to delete every secret, disable the mount and enable it again. It will mount a fresh new and empty copy.

如果要删除每个密码,请禁用装载并再次启用它。它将装载一个新的空拷贝。


Let's enable it and and put some secrets in it:

让我们启用它,并在其中加入一些秘密:


$ vault secrets enable --path kv --version 2 kv
$ vault kv put kv/hello a=42
$ vault kv put kv/world b=42

You'll have two secrets, hello and world:

你会有两个秘密,Hello和World:


$ vault kv list kv
Keys
----
hello
world

Now disable the mount :

现在禁用装载:


$ vault secrets disable kv
Success! Disabled the secrets engine (if it existed) at: kv/

Enable it again, see that it is empty:

再次启用它,看到它是空的:


$ vault secrets enable --path kv --version 2 kv
Success! Enabled the kv secrets engine at: kv/
~
$ vault kv list kv
No value found at kv/metadata

更多回答

32 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com