Tôi muốn xóa tất cả các bản ghi trong kv (phiên bản) bằng API [yêu cầu HTTP]. Sử dụng CLI là tùy chọn thứ cấp.
Tôi muốn sử dụng giao diện [yêu cầu HTTP] để xóa tất cả các bản ghi trong KV (phiên bản). Sử dụng CLI là một lựa chọn phụ.
Sau khi nghiên cứu, tôi thấy rằng không có cách nào để xóa tất cả các mục trong kv in one go.
在我的研究中,我发现没有办法一下子删除KV下的所有条目。
Instead we should first DANH SÁCH and then delete all records in a loop.
相反,我们应该首先列出,然后删除循环中的所有记录。
Below is my attempt on Listing all entries under the kv.
以下是我尝试列出KV下的所有条目。
Display path for kv:
KV的显示路径:
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" https://dal-vault.mybank.com/v1/sys/mounts
{"request_id":"93fdc050-d5d1-fbe2-df58-2a2bba04f19c","lease_id":"","renewable":false,"lease_duration":0,"data":{"cubbyhole/":{"accessor":"ns_cubbyhole_12e4f0fa","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"per-token private secret storage","external_entropy_access":false,"local":true,"options":null,"seal_wrap":false,"type":"ns_cubbyhole","uuid":"b9276a30-73c0-5d2f-34c0-238b5830c572"},"identity/":{"accessor":"ns_identity_50d4ced6","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"identity store","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_identity","uuid":"8b5b546f-33d6-1234-6f38-9ddcde05c55d"},"kv/":{"accessor":"kv_b93d663b","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"","external_entropy_access":false,"local":false,"options":{"version":"2"},"seal_wrap":false,"type":"kv","uuid":"42834004-f858-a734-e52d-6405d0e5ab73"},"sys/":{"accessor":"ns_system_573b63e0","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"system endpoints used for control, policy and debugging","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_system","uuid":"bfce2504-fff5-b74f-70a0-0b2fe3fb500d"}},"wrap_info":null,"warnings":null,"auth":null}
Attempt 1 to List entries:
尝试%1列出条目:
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv
{"request_id":"884ad3f2-80c3-fb99-d5c9-83f059f41319","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}
Attempt 2:
尝试2:
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/
{"request_id":"c898ffc6-7ac8-faa6-87aa-e8f57045c6d3","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}
Attempt 3:
尝试3:
C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/data/
{"errors":["1 error occurred:\n\t* unsupported operation\n\n"]}
Thêm câu trả lời
You could also re-create the secret engine mount to delete all records. Would that be an ok solution?
您还可以重新创建秘密引擎挂载以删除所有记录。这是一个可行的解决方案吗?
@MatthewSchuchard I would like to know that solution but I'm not sure how to. However, API to list and delete all key-value is my preference?
@MatthewSchuchard我想知道这个解决方案,但我不确定如何解决。但是,API列出和删除所有键-值是我的首选吗?
Từ the docs, to perform a LIST operation you need to use the /metadata/ paths. So the appropriate command for you would be
在文档中,要执行列表操作,您需要使用/METADATA/路径。因此,适合您的命令应该是
curl -H "X-Vault-Token: " -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/metadata/
If you want to delete every secret, disable the mount and enable it again. It will mount a fresh new and empty copy.
如果要删除每个密码,请禁用装载并再次启用它。它将装载一个新的空拷贝。
Let's enable it and and put some secrets in it:
让我们启用它,并在其中加入一些秘密:
$ vault secrets enable --path kv --version 2 kv
$ vault kv put kv/hello a=42
$ vault kv put kv/world b=42
You'll have two secrets, Xin chào Và thế giới:
你会有两个秘密,Hello和World:
$ vault kv list kv
Keys
----
Xin chào
thế giới
Now disable the mount :
现在禁用装载:
$ vault secrets disable kv
Success! Disabled the secrets engine (if it existed) at: kv/
Enable it again, see that it is empty:
再次启用它,看到它是空的:
$ vault secrets enable --path kv --version 2 kv
Success! Enabled the kv secrets engine at: kv/
~
$ vault kv list kv
No value found at kv/metadata
Thêm câu trả lời
Trung tâm cá nhân
Điều phát hành
từ bỏ
4
Tôi là một lập trình viên xuất sắc, rất giỏi!