We are using Vault as a KMS solution with Ceph S3 and it works really smooth, great Software!
We looked at the possibilities to organize keys and to delete/destroy them. Since we have a bunch of customers data stored by our software in the same Ceph S3, we need to separate the data and also the keys by customer. Therefore we used subpathes in vault, that the keys of a customer are all within the same subpath. This way, we thought, we could easily delete the whole subpath and all the keys are destroyed and we are GDPR compliant.
However it seems there is really not API endpoint allowing such an operation, right? Is it planned for some future release? Or do I have to list all keys in a subpath and execute a delete metadata for each key?
We are using consul as a backend, is there may a possibility to send a call directly to consul or will this be to ugly?