You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using for example the aws secrets engine, deleting configuration entries for that secrets engine when enabling purgeUnmanagedConfig does not seem to be deleting them from vault.
From what I've seen in this code it seems to me that either the whole secrets engine is removed if it is not present in the config, or it is left/tuned and existing and new configuration entries are upserted, but the diffing to remove the ones not present in the config anymore does not seem to be implemented.
As an example, having configured the following (trimmed down for brevity)
Hey @aabdala, thanks for using bank-vaults, also sorry for the delay. This sounds more like a feature request for me! 🙂 If you find time to implement it, we would be happy to review and include this feature, i.e. purging unmanaged roles, but even it not, I think this has a place on the roadmap!
Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.
When using for example the aws secrets engine, deleting configuration entries for that secrets engine when enabling
purgeUnmanagedConfig
does not seem to be deleting them from vault.From what I've seen in this code it seems to me that either the whole secrets engine is removed if it is not present in the config, or it is left/tuned and existing and new configuration entries are upserted, but the diffing to remove the ones not present in the config anymore does not seem to be implemented.
As an example, having configured the following (trimmed down for brevity)
After deleting the item for
role-2
from the Vault CR configuration, avault read aws/roles/role-2
would still return successfully.This was tested with bank-vaults version 1.15.8 and vault version 1.10.4
/kind bug
The text was updated successfully, but these errors were encountered: