Then a login enforcement, everything worked as intended. I then proceeed to cleanup and redo everything properly. I delete the method first (which I shouldn’t have):
Now I can’t seem to recover because there is already a method associated to my entitity but the method does not exist anymore, and I can’t add another TOTP secret to my entity:
vault write identity/mfa/method/totp/admin-destroy entity_id=ae6b9cb7-ded3-2a7b-a45b-e2db6905ecfc method_id=8a0e6dca-eb99-675f-cd
ee-eba62162f59a
Error writing data to identity/mfa/method/totp/admin-destroy: Error making API request.
URL: PUT https://vault.devnet.kiln.fi/v1/identity/mfa/method/totp/admin-destroy
Code: 400. Errors:
* configuration for method ID "8a0e6dca-eb99-675f-cdee-eba62162f59a" does not exist
Error when trying to add new secret on my entity:
vault write identity/mfa/method/totp/admin-generate method_id=07cf08d4-1bd7-12e5-e972-345c69e4de37 entity_id=ae6b9cb7-ded3-2a7b-a4
5b-e2db6905ecfc
{
"request_id": "2a70e100-b683-af73-b85b-0e64e33ea7ef",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": null,
"warnings": [
"Entity already has a secret for MFA method \"\""
]
}
Any idea how to recover from this ? Is there any way to get the secret associated to the entity from the CLI ? And to force remove it
Expected behavior
I should be able to remove the secret from identity even if the method has been remove, or prevent the method removal if it is in use
Environment:
Vault Server Version (retrieve with vault status): v1.11.3
Vault CLI Version (retrieve with vault version): v1.11.3
Server Operating System/Architecture: Amazon Linux
Describe the bug Hi,
I recently tried to use MFA on Vault v1.10.3 OSS. I created a method:
Then I created a secret for my entity:
Then a login enforcement, everything worked as intended. I then proceeed to cleanup and redo everything properly. I delete the method first (which I shouldn’t have):
Now I can’t seem to recover because there is already a method associated to my entitity but the method does not exist anymore, and I can’t add another TOTP secret to my entity:
Error when trying to add new secret on my entity:
Any idea how to recover from this ? Is there any way to get the secret associated to the entity from the CLI ? And to force remove it
Expected behavior
I should be able to remove the secret from identity even if the method has been remove, or prevent the method removal if it is in use
Environment:
vault status
): v1.11.3vault version
): v1.11.3