1.4 KiB
1.4 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| api | /sys/revoke-force - HTTP API | docs-http-system-revoke-force | The `/sys/revoke-force` endpoint is used to revoke secrets or tokens based on prefix while ignoring backend errors. |
/sys/revoke-force
The /sys/revoke-force endpoint is used to revoke secrets or tokens based on
prefix while ignoring backend errors.
Revoke Force
This endpoint revokes all secrets or tokens generated under a given prefix
immediately. Unlike /sys/revoke-prefix, this path ignores backend errors
encountered during revocation. This is potentially very dangerous and should
only be used in specific emergency situations where errors in the backend or the
connected backend service prevent normal revocation.
By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled.
| Method | Path | Produces |
|---|---|---|
PUT |
/sys/revoke-force/:prefix |
204 (empty body) |
Parameters
prefix(string: <required>)– Specifies the prefix to revoke. This is specified as part of the URL.
Sample Request
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
https://vault.rocks/v1/sys/revoke-force/aws/creds