search

ansible-collections / community.hashi_vault

Ansible collection for managing and working with HashiCorp Vault.
https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/index.html
GNU General Public License v3.0
80 stars 58 forks source link

Add ability to delete an entire secret kv2 secret (delete metadata, not a secret version) #399

Open AndrewSav opened 9 months ago

AndrewSav commented 9 months ago
SUMMARY

Add ability to delete a secret. Note that this is different from deleting all versions of a secret. Even if you delete all versions of a secret the secret will remain. This is is also different from destroying all versions of a secret. Even if you destroy all versions of a secret the secret will remain.

ISSUE TYPE
COMPONENT NAME

community.hashi_vault - will probably be a new component.

ADDITIONAL INFORMATION

See also here: https://github.com/ansible-collections/community.hashi_vault/discussions/392

briantist commented 9 months ago

Hi @AndrewSav !

I think the call you're referring to is deleting secret metadata, which as you mentioned is different from deleting or destroying individual kv2 secret versions.

https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-metadata-and-all-versions

I think I'd call this module vault_kv2_metadata_delete.

The collection also still needs a generic vault_delete that can be used with arbitrary paths, and the metadata delete could be achieved with such a module as well.

Are either of those something you would be interested in submitting a PR for?

AndrewSav commented 9 months ago

@briantist thank you for this, this sounds right. I'm not proficient with python, so it's not likely I'm able to help.