vhsm secrets disable
Learn to disable secrets engine at a specified path.
This command disables a secrets engine at a specified PATH. The argument corresponds to the enabled PATH of the engine, not the TYPE.
Disabling a secrets engine results in:
Immediate revocation of all secrets created by the engine.
Removal of vHSM data associated with the engine.
Note: If the secrets engine has a large number of secrets, the revocation process can cause high system load.
Usage
Example
Disable the secrets engine enabled at aws/
Force Disable
If revocation errors occur, the secrets engine may not be disabled. Possible solutions:
Identify the issue and attempt to disable the engine after fixing it.
Increase the timeout if the failure is due to timeout errors.
Force disable in extreme cases:
Perform a prefix force revoke on the mount prefix.
Run
vhsm secrets disable <path>after the revoke completes.This may lead to dangling credentials if secrets are not manually removed from the backing service.
Last updated
Was this helpful?