mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-24 04:01:37 +01:00
bc09d9acec
* clarify subkey read in GUI * add screenshots * add to index * update kv nav steps * update alt text for screenshot * update steps * edits * fix build error and simplify path structure * fix paths * missed one * missed another one >_< * Update website/content/docs/secrets/kv/kv-v2/cookbook/write-data.mdx --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
140 lines
3.3 KiB
Plaintext
140 lines
3.3 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Permanently delete data
|
|
description: >-
|
|
Permanently delete versioned key/value data in the kv v2 plugin.
|
|
---
|
|
|
|
# Destroy key/value data
|
|
|
|
The standard `vault kv delete` command performs soft deletes. Use the CLI or GUI
|
|
to permanently delete (destroy) data so Vault purges the underlying data and
|
|
sets the `destroyed` metadata field to `true`.
|
|
|
|
|
|
<Tip title="Assumptions">
|
|
|
|
- You have [set up a `kv` v2 plugin](/vault/docs/secrets/kv/kv-v2/setup).
|
|
- Your authentication token has `create` and `update` permissions for the `kv`
|
|
v2 plugin.
|
|
|
|
</Tip>
|
|
|
|
|
|
<Tabs>
|
|
|
|
<Tab heading="CLI" group="cli">
|
|
|
|
Use [`vault kv destroy`](/vault/docs/command/kv/destroy) with the `-versions` flag to
|
|
permanently delete one or more version of key/value data:
|
|
|
|
```shell-session
|
|
$ vault kv destroy \
|
|
-mount <mount_path> \
|
|
-versions <target_versions> \
|
|
<secret_path>
|
|
```
|
|
|
|
For example:
|
|
|
|
<CodeBlockConfig hideClipboard="true">
|
|
|
|
```shell-session
|
|
$ vault kv destroy -mount shared -versions 2,3 dev/square-api
|
|
|
|
Success! Data written to: shared/destroy/dev/square-api
|
|
```
|
|
|
|
</CodeBlockConfig>
|
|
|
|
The `destroyed` metadata field for versions 2 and 3 is now `true`
|
|
|
|
<CodeBlockConfig hideClipboard="true" highlight="25,32">
|
|
|
|
```shell-session
|
|
$ vault kv metadata get -mount shared dev/square-api
|
|
|
|
======== Metadata Path ========
|
|
shared/metadata/dev/square-api
|
|
|
|
========== Metadata ==========
|
|
Key Value
|
|
--- -----
|
|
cas_required false
|
|
created_time 2024-11-13T21:51:50.898782695Z
|
|
current_version 4
|
|
custom_metadata <nil>
|
|
delete_version_after 0s
|
|
max_versions 5
|
|
oldest_version 0
|
|
updated_time 2024-11-14T22:32:42.29534643Z
|
|
|
|
...
|
|
|
|
====== Version 2 ======
|
|
Key Value
|
|
--- -----
|
|
created_time 2024-11-13T21:52:10.326204209Z
|
|
deletion_time n/a
|
|
destroyed true
|
|
|
|
====== Version 3 ======
|
|
Key Value
|
|
--- -----
|
|
created_time 2024-11-13T21:58:32.128442898Z
|
|
deletion_time n/a
|
|
destroyed true
|
|
```
|
|
|
|
</CodeBlockConfig>
|
|
|
|
</Tab>
|
|
|
|
<Tab heading="GUI" group="gui">
|
|
|
|
@include 'gui-instructions/plugins/kv/open-overview.mdx'
|
|
|
|
- Select the **Secret** tab.
|
|
- Select the appropriate data version from the **Version** dropdown.
|
|
- Click **Destroy**.
|
|
- Click **Confirm**.
|
|
|
|
|
|
|
|
</Tab>
|
|
|
|
<Tab heading="API" group="api">
|
|
|
|
Make a `POST` call to
|
|
[`/{plugin_mount_path}/destroy/{secret_path}`](/vault/api-docs/secret/kv/kv-v2#destroy-secret-versions)
|
|
with the data versions you want to destroy:
|
|
|
|
```shell-session
|
|
$ curl \
|
|
--request POST \
|
|
--header "X-Vault-Token: ${VAULT_TOKEN}" \
|
|
--data '{"versions":[<target_versions>]} \
|
|
${VAULT_ADDR}/v1/<plugin_mount_path>/destroy/<secret_path>
|
|
```
|
|
|
|
For example:
|
|
|
|
<CodeBlockConfig hideClipboard="true">
|
|
|
|
```shell-session
|
|
$ curl \
|
|
--request POST \
|
|
--header "X-Vault-Token: ${VAULT_TOKEN}" \
|
|
--data '{"versions":[4,7]}' \
|
|
${VAULT_ADDR}/v1/shared/destroy/dev/square-api | jq
|
|
|
|
```
|
|
|
|
`/{plugin_mount_path}/destroy/{secret_path}` does not return data on success.
|
|
|
|
</CodeBlockConfig>
|
|
|
|
</Tab>
|
|
|
|
</Tabs>
|