mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-24 08:01:07 +02:00
bb5ce48eac
- Add a namespace example for secrets move - Add a namespace example for auth method move - Add post-move considerations for both
50 lines
1.5 KiB
Plaintext
50 lines
1.5 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: secrets move - Command
|
|
description: |-
|
|
The "secrets move" command moves an existing secrets engine to a new path. All
|
|
leases from the old secrets engine are revoked, but all configurations
|
|
associated with the engine are preserved.
|
|
---
|
|
|
|
# secrets move
|
|
|
|
The `secrets move` command moves an existing secrets engine to a new path. Any
|
|
leases from the old secrets engine are revoked, but all configuration associated
|
|
with the engine is preserved. The command can be issued for a move within or across
|
|
namespaces, using namespace prefixes in the arguments.
|
|
|
|
The command will trigger a remount operation and uses the returned migration ID to poll the
|
|
status of the operation until a terminal state of `success` or `failure` is reached.
|
|
|
|
**Moving an existing secrets engine will revoke any leases from the old
|
|
engine.**
|
|
|
|
## Examples
|
|
|
|
Move the existing secrets engine at ns1/secret/ to ns2/kv/:
|
|
|
|
```shell-session
|
|
$ vault secrets move ns1/secret/ ns2/kv/
|
|
```
|
|
|
|
Move the existing secrets in `team-vault` to the `vault-edu/` namespace.
|
|
|
|
```shell-session
|
|
$ vault secrets move team-vault \
|
|
vault-edu/team-vault
|
|
```
|
|
|
|
## Usage
|
|
|
|
There are no flags beyond the [standard set of flags](/vault/docs/commands)
|
|
included on all commands.
|
|
|
|
## Post-move considerations
|
|
|
|
Each namespace has its own policies, auth methods, secrets engines, tokens,
|
|
identity entities and groups. You must consider the following after moving a mount across namespaces:
|
|
|
|
- Necessary policies exist in the target namespace
|
|
- Entities and groups might need updating after an auth mount migration
|