使用API HTTP请求删除Hashicorp中KV v2下的所有记录

Question

我希望使用 API [HTTP 请求] 删除 kv（版本控制）下的所有记录。使用 CLI 是次要的。

经过研究，我发现没有办法一次性删除

kv

下的所有条目。

相反，我们应该先

LIST

，然后循环删除所有记录。

下面是我尝试列出 kv 下的所有条目。

kv

的显示路径：

C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/"  https://dal-vault.mybank.com/v1/sys/mounts

{"request_id":"93fdc050-d5d1-fbe2-df58-2a2bba04f19c","lease_id":"","renewable":false,"lease_duration":0,"data":{"cubbyhole/":{"accessor":"ns_cubbyhole_12e4f0fa","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"per-token private secret storage","external_entropy_access":false,"local":true,"options":null,"seal_wrap":false,"type":"ns_cubbyhole","uuid":"b9276a30-73c0-5d2f-34c0-238b5830c572"},"identity/":{"accessor":"ns_identity_50d4ced6","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"identity store","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_identity","uuid":"8b5b546f-33d6-1234-6f38-9ddcde05c55d"},"kv/":{"accessor":"kv_b93d663b","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"","external_entropy_access":false,"local":false,"options":{"version":"2"},"seal_wrap":false,"type":"kv","uuid":"42834004-f858-a734-e52d-6405d0e5ab73"},"sys/":{"accessor":"ns_system_573b63e0","config":{"default_lease_ttl":0,"force_no_cache":false,"max_lease_ttl":0},"description":"system endpoints used for control, policy and debugging","external_entropy_access":false,"local":false,"options":null,"seal_wrap":false,"type":"ns_system","uuid":"bfce2504-fff5-b74f-70a0-0b2fe3fb500d"}},"wrap_info":null,"warnings":null,"auth":null}

尝试 1 列出条目：

C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv

{"request_id":"884ad3f2-80c3-fb99-d5c9-83f059f41319","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}

尝试2：

C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/

{"request_id":"c898ffc6-7ac8-faa6-87aa-e8f57045c6d3","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv list' for this operation."],"auth":null}

尝试3：

C:\Users\meuser>curl -H "X-Vault-Token: s.XTEZVwE5WOill0as1HXV6w2Z" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/data/

{"errors":["1 error occurred:\n\t* unsupported operation\n\n"]}

Answer 1

从文档来看，要执行 LIST 操作，您需要使用

/metadata/

路径。所以适合你的命令是

curl -H "X-Vault-Token: <token>" -H "X-Vault-Namespace: devops-vault-poc/" -X LIST https://dal-vault.mybank.com/v1/kv/metadata/

使用API HTTP请求删除Hashicorp中KV v2下的所有记录

问题描述投票：0回答：1

1个回答

最新问题

使用API HTTP请求删除Hashicorp中KV v2下的所有记录

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1