Skip to content

eyespies/vault-recursive-delete

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Description

vault-recursive-delete is a ruby script that will discover all of the subpaths of a given path in vault, then delete them for you. It's like rm -rf /path/to/folder, but for Vault entries.

Requirements

  • ruby with bundler
  • vault binaries (you should be able to vault list secret/ from your command line)

Usage

Clone this repository to your machine:

git clone https://github.com/BuyerQuest/vault-recursive-delete.git

Enter the directory and run bundler install:

cd vault-recursive-delete/
bundler install

Authenticate to your vault server (use what's appropriate for your setup):

export VAULT_ADDR=https://my.vault.server
vault auth -method=ldap username=my.username

Invoke the script (the trailing slash is important):

./vault-recursive-delete.rb -p secret/foo/

Example

$ git clone https://github.com/BuyerQuest/vault-recursive-delete.git
Cloning into 'vault-recursive-delete'...
remote: Counting objects: 13, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 13 (delta 2), reused 10 (delta 2), pack-reused 0
Unpacking objects: 100% (13/13), done.

$ cd vault-recursive-delete/

$ bundler install
Fetching gem metadata from https://rubygems.org/................
Resolving dependencies...
Using OptionParser 0.5.1
Using bundler 1.16.0
Using vault 0.10.1
Bundle complete! 2 Gemfile dependencies, 3 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.

$ export VAULT_ADDR=https://redacted.vault.url

$ vault auth -method=ldap username=fake.username
Successfully authenticated! You are now logged in.
#<snip>

$ ./vault-recursive-delete.rb -p secret/foo/ --force
Removing key secret/foo/path/key1: succeeded
Removing key secret/foo/path/key2: succeeded
Removing key secret/foo/key1: succeeded
Removing key secret/foo/key2: succeeded
Removing path secret/foo/path/: succeeded
Removing path secret/foo/: succeeded

Arguments

Use the --help switch:

17:09 $ ./vault-recursive-delete.rb --help
Recursive delete for paths in vault.

Usage: ./vault-recursive-delete.rb [options]
    -a, --vault-address=[VAULT_ADDR] URL used to access the Vault server. Defaults to the VAULT_ADDR environment variable if not set
    -p, --path=PATH                  Path in vault to delete from, with a trailing slash. E.g. secret/foo/
        --force                      Suppress confirmation and delete automatically. Use carefully.

    -h, --help                       Display this help
    -v, --version                    Display the current script version

About

Delete items from vault recursively

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%