Hi,
I recently tried to use MFA on Vault v1.10.3 OSS. I created a method:
vault write -field=method_id identity/mfa/method/totp issuer=vault period=30 key_size=30 qr_size=200 algorithm=SHA256 digits=6 name=archifleks
Then I created a secret for my entity:
vault write identity/mfa/method/totp/admin-generate method_id=8a0e6dca-eb99-675f-cdee-eba62162f59a entity_id=7a86d562-f3ef-a921-4bc5-804833fce9e5
Then a login enforcement, everything worked as intended. I then proceeed to cleanup and redo everything properly. I delete the method first (which I shouldn’t have):
vault delete identity/mfa/method/totp/8a0e6dca-eb99-675f-cdee-eba62162f59a
Now I can’t seem to recover because there is already a method associated to my entitity but the method does not exist anymore, and I can’t add another TOTP secret to my entity:
vault write identity/mfa/method/totp/admin-destroy entity_id=ae6b9cb7-ded3-2a7b-a45b-e2db6905ecfc method_id=8a0e6dca-eb99-675f-cd
ee-eba62162f59a
Error writing data to identity/mfa/method/totp/admin-destroy: Error making API request.
URL: PUT https://vault.devnet.kiln.fi/v1/identity/mfa/method/totp/admin-destroy
Code: 400. Errors:
* configuration for method ID "8a0e6dca-eb99-675f-cdee-eba62162f59a" does not exist
Error when trying to add new secret on my entity:
vault write identity/mfa/method/totp/admin-generate method_id=07cf08d4-1bd7-12e5-e972-345c69e4de37 entity_id=ae6b9cb7-ded3-2a7b-a4
5b-e2db6905ecfc
{
"request_id": "2a70e100-b683-af73-b85b-0e64e33ea7ef",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": null,
"warnings": [
"Entity already has a secret for MFA method \"\""
]
}
Any idea how to recover from this ?