Bootstrap FreeKB - Hashicorp Vault - Delete secret using REST API
Hashicorp Vault - Delete secret using REST API
Updated:   |  Hashicorp Vault articles

This assumes the following has already been done.

Let's say the secrets engine has been enabled with -path=secret/

~]# vault secrets enable -path=secret/ kv
Success! Enabled the kv secrets engine at: secret/

 

And let's say approle has been enabled and there is a role named "my-role" and contains a policy named "my-policy".

~]$ vault read auth/approle/role/my-role
Key                        Value
---                        -----
policies                   [my-policy]

 

In this example, since the secrets engine has been enabled with -path=secret/ the policy path will need to begin with secret/

Let's say "my-policy" permits the following capabilities to "secret/my_path/*".

~]$ vault policy read my-policy
path "secret/my_path/*" {
  capabilities = ["create", "delete", "list", "patch", "read", "update"]
}

 

You will need to include the X-Vault-Token header with a client token to connect to the Hashicorp Vault which is typically done by submitting a POST request to the /v1/auth/approle/login endpoint.

Before deleting a secret, you will probably want to list secrets using curl.

curl 
--request LIST
--header "X-Vault-Token: s.gYGVHcHMiGsCZdKAJzWq1Yj1"
--url http://<hostname or IP address>:<port>/v1/secret

 

Something like this should be returned. In this example, there are two secrets, one named "foo" and another named "bar".

{
  "request_id": "3dfe6f78-88ef-7b56-7727-12fb14fee302",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 2764800,
  "data": {
    "keys": [
      "foo"
      "bar"
    ]
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

 

Here is how you would delete the secret named "bar".

curl 
--request DELETE
--header "X-Vault-Token: s.gYGVHcHMiGsCZdKAJzWq1Yj1"
--write-out "%{http_code}"
--url http://<hostname or IP address>:<port>/v1/secret/bar

 

By default, no output will be returned. The --write-out option is used to return the HTTP response code. An HTTP response code of 204 indicates the secret was successfully deleted.

204

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter b90d53 in the box below so that we can be sure you are a human.