Hi there,
Please help me, I’m going out of my mind with this!
I have an older version of Vault (1.0.3) on Consul (0.8.1) and we are doing some sanity checks/cleaning up before we upgrade.
I’m trying to remove a PKI engine, which no longer has anything (ie certs) under the path. However, it keeps coming back! The steps I took to remove are detailed below:
$ vault list -format=yaml my/ldap/pki/certs
{}
$ vault secrets disable my/ldap/pki/
Success! Disabled the secrets engine (if it existed) at: my/ldap/pki/
$ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_295119ab per-token private secret storage
identity/ identity identity_275d4e5e identity store
pki/ pki pki_e71d366f n/a
secret/ generic generic_2c3dc747 generic secret storage
my/ldap/pki/ pki pki_97dff7b7 n/a
sys/ system system_71e16012 system endpoints used for control, policy and debugging
As you can see, even after a successful disable, it refuses to go away and comes back when you do a vault secrets list
I also tried:
curl --header "X-Vault-Token: $TOKEN" --request DELETE https://myconsul.localhost/v1/sys/mounts/my/lda/pki --verbose
This also completes successfully but still the PKI engine persists.
Another thing I tried is :
$ vault lease revoke -force -prefix my/ldap/pki
Warning! Force-removing leases can cause Vault to become out of sync with
secret engines!
Success! Force revoked any leases with prefix: my/ldap/pki
But still, no go.
What else can I do to clean thus phantom path/engine?
Thanks
J