You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using for example the aws secrets engine, deleting configuration entries for that secrets engine when enabling purgeUnmanagedConfig does not seem to be deleting them from vault.
From what I've seen in this code it seems to me that either the whole secrets engine is removed if it is not present in the config, or it is left/tuned and existing and new configuration entries are upserted, but the diffing to remove the ones not present in the config anymore does not seem to be implemented.
As an example, having configured the following (trimmed down for brevity)
Hey @aabdala, thanks for using bank-vaults, also sorry for the delay. This sounds more like a feature request for me! 🙂 If you find time to implement it, we would be happy to review and include this feature, i.e. purging unmanaged roles, but even it not, I think this has a place on the roadmap!
When using for example the aws secrets engine, deleting configuration entries for that secrets engine when enabling
purgeUnmanagedConfig
does not seem to be deleting them from vault.From what I've seen in this code it seems to me that either the whole secrets engine is removed if it is not present in the config, or it is left/tuned and existing and new configuration entries are upserted, but the diffing to remove the ones not present in the config anymore does not seem to be implemented.
As an example, having configured the following (trimmed down for brevity)
After deleting the item for
role-2
from the Vault CR configuration, avault read aws/roles/role-2
would still return successfully.This was tested with bank-vaults version 1.15.8 and vault version 1.10.4
/kind bug
The text was updated successfully, but these errors were encountered: