提问人:Ashar 提问时间:9/8/2023 最后编辑:Brian Tompsett - 汤莱恩Ashar 更新时间:9/11/2023 访问量:98
使用 API HTTP 请求删除 Hashicorp 中 KV v2 下的所有记录
Delete all records under KV v2 in Hashicorp using API HTTP request
问:
我希望使用 API [HTTP 请求] 删除 kv(版本化)下的所有记录。使用 CLI 是次要首选项。
经过我的研究,我发现没有办法一次性删除所有条目。kv
相反,我们应该先删除循环中的所有记录,然后删除所有记录。LIST
以下是我列出 kv 下所有条目的尝试。
的显示路径:kv
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" https://dal-vault.mybank.com/v1/sys/mounts
{"request_id":"93fdc050-d5d1-fbe2-df58-2a2bba04f19c","lease_id":"","renewable":false,"lease_duration":0,"data":{"cubbyhole/":{"accessor":"ns_cubbyhole_12e4f0fa","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"per-token private secret storage","external_entropy_access":false,"local":true,"options":null,"seal_wrap":false,"type":"ns_cubbyhole","uuid":"b9276a30-73c0-5d2f-34c0-238b5830c572"},"identity/":{"accessor":"ns_identity_50d4ced6","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"identity store","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_identity","uuid":"8b5b546f-33d6-1234-6f38-9ddcde05c55d"},"kv/":{"accessor":"kv_b93d663b","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"","external_entropy_access":false,"local":false,"options":{"version":"2"},"seal_wrap":false,"type":"kv","uuid":"42834004-f858-a734-e52d-6405d0e5ab73"},"sys/":{"accessor":"ns_system_573b63e0","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"system endpoints used for control, policy and debugging","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_system","uuid":"bfce2504-fff5-b74f-70a0-0b2fe3fb500d"}},"wrap_info":null,"warnings":null,"auth":null}
尝试 1 列出条目:
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv
{"request_id":"884ad3f2-80c3-fb99-d5c9-83f059f41319","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}
尝试 2:
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/
{"request_id":"c898ffc6-7ac8-faa6-87aa-e8f57045c6d3","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}
尝试 3:
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/data/
{"errors":["1 error occurred:\n\t* unsupported operation\n\n"]}
答:
1赞
lxop
9/11/2023
#1
在文档中,要执行 LIST 操作,您需要使用路径。因此,适合您的命令是/metadata/
curl -H "X-Vault-Token: <token>" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/metadata/
1赞
ixe013
9/11/2023
#2
如果要删除每个密钥,请禁用挂载并重新启用。它将挂载一个全新的空副本。
让我们启用它,并在其中放置一些秘密:
$ vault secrets enable --path kv --version 2 kv
$ vault kv put kv/hello a=42
$ vault kv put kv/world b=42
您将拥有两个秘密,并且:helloworld
$ vault kv list kv
Keys
----
hello
world
现在禁用挂载:
$ vault secrets disable kv
Success! Disabled the secrets engine (if it existed) at: kv/
再次启用它,看到它是空的:
$ vault secrets enable --path kv --version 2 kv
Success! Enabled the kv secrets engine at: kv/
~
$ vault kv list kv
No value found at kv/metadata
评论