Issue disabling gcp secrets #37
Comments
|
I managed to get around this by forcing the revocation of any keys associated with the gcp backend by doing: vault lease revoke -force -prefix gcp/ |
|
Ah,, apparently in some specific cases key.get returns a 403 instead of 404. Fun! I'll put out a fix. |
|
Thanks @emilymye |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm having issues disabling the gcp secrets engine, its trying to delete a key it issued that no longer exists. Is there some way to force the delete from vault secrets disable gcp?
Full error when trying to disable:
There was an error disabling the gcp secrets engine at gcp/: failed to revoke "some-key" (1 / 2): failed to revoke entry: resp: &logical.Response{Secret:, Auth:, Data:map[string]interface {}{"error":"unable to delete service account key: googleapi: Error 403: Permission iam.serviceAccountKeys.delete is required to perform this operation on service account key projects/some-project/serviceAccounts/service-account-email/keys/key_id., forbidden"}, Redirect:"", Warnings:[]string(nil), WrapInfo:(*wrapping.ResponseWrapInfo)(nil)} err: .
The text was updated successfully, but these errors were encountered: