vhsm secrets disable

Learn to disable secrets engine at a specified path.

This command disables a secrets engine at a specified PATH. The argument corresponds to the enabled PATH of the engine, not the TYPE.

Disabling a secrets engine results in:

Note: If the secrets engine has a large number of secrets, the revocation process can cause high system load.

vhsm secrets disable <path>

Disable the secrets engine enabled at aws/

vhsm secrets disable aws/

If revocation errors occur, the secrets engine may not be disabled. Possible solutions:

Identify the issue and attempt to disable the engine after fixing it.
Increase the timeout if the failure is due to timeout errors.
Force disable in extreme cases:
- Perform a prefix force revoke on the mount prefix.
- Run vhsm secrets disable <path> after the revoke completes.
- This may lead to dangling credentials if secrets are not manually removed from the backing service.

Last updated 2 months ago

Was this helpful?