Learn to disable secrets engine at a specified path.
This command disables a secrets engine at a specified PATH. The argument corresponds to the enabled PATH of the engine, not the TYPE.
PATH
Disabling a secrets engine results in:
Immediate revocation of all secrets created by the engine.
Removal of vHSM data associated with the engine.
Note: If the secrets engine has a large number of secrets, the revocation process can cause high system load.
vhsm secrets disable <path>
Disable the secrets engine enabled at aws/
aws/
vhsm secrets disable aws/
If revocation errors occur, the secrets engine may not be disabled. Possible solutions:
Identify the issue and attempt to disable the engine after fixing it.
Increase the timeout if the failure is due to timeout errors.
Force disable in extreme cases:
Perform a prefix force revoke on the mount prefix.
Run vhsm secrets disable <path> after the revoke completes.
This may lead to dangling credentials if secrets are not manually removed from the backing service.
Last updated 11 months ago
Was this helpful?
