Hello everyone. I have enabled second OIDC option/path to test it, and now I need to disable it, however vault auth disable command does not support -path flag. How to remove second OIDC option?
Seems that I have been able to find an answer myself. I had to delete auth method under sys/auth/<auth_path>
Thanks!
Hi, can’t you just do vault auth disable ? The docs suggestion you disable the path, not the type.
Hi @voiprodrigo, thanks for your reply.
I had two OID providers connected, one is actually used by clients, and the second was for testing purposes. If I disable OIDC auth at all, first OID provider would stop working too, which is unallowable. The only way I had found is to disable a path for the second OIDC.
If you look at the docs for vault auth disable (auth disable - Command | Vault | HashiCorp Developer) you will see that expects you to give it the path you wish to disable. For example vault auth disable importantoidc/. It does not disable all auth engines of a particular type.
1 Like
Hi @stuart-c , you are right! It seems that I was under impression that syntax of ‘auth disable’ should be the same as for ‘enable’. That’s my fault.
However according to documentation it seems that the way I did it also works: /sys/auth - HTTP API | Vault | HashiCorp Developer