Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
There doesnt seem to be a way to remove authorized client from vault_keys #103
Hi, I was unable to find a way to remove clients from vault_keys. Maybe I'm just missing something simple, but here is the full writeup in case it's a bug/regression.
Knife vault update command updates existing clients, but does not remove clients excluded from the search:
I've tested various methods, and the only way that worked for me, was to delete the vault_keys item with (knife data bag delete alexv alexvault_keys) and recreate it with the knife vault create query above. A very heavy handed approach.
The one thing to note about knife vault remove is that the client still needs to be searchable/indexed for chef-vault to find it to remove it. So the decommission workflow is:
If you have removed the node from chef first, then you will have to hand edit the vault_item_keys.json file directly to remove the orphaned nodes.