Huge number of files in storage


we are upgrading from Vault 0.10.3 to 1.5.5 here and while performing the migration I noticed that in the storage under the path /auth/<uuid>/accessor/… there is a huge number of files (hundreds of thousands). BTW, we are using an Azure Storage account as the backend.

The Vault instance has been running for several years and many of the files under that path are already several years old. I wonder if it is okay to have that many files under that location and what they are used for? Is it possible to clean them up?

I listed the token accessors using the /auth/token/accessors but this only showed a few dozen, so it doesn’t seem to be related.

Thanks for any hints!

After investigating for a while I found out that we have a huge number of secret id accessors for a particular approle, and these accessors never expire. I am a bit surprised by that, isn’t there a system-wide maximum of 32 days for the expiration?

I think your version pre-dates the automatic running of tidy. Are you running that manually?

I tried to use tidy, but it didn’t help.
Actually the reason was that secret_id_num_uses and secret_id_ttl were both set to 0 (it seems that this is the default). So the secret ids never exipre.