37 lines
1.1 KiB
Markdown
37 lines
1.1 KiB
Markdown
---
|
|
layout: "http"
|
|
page_title: "HTTP API: /sys/revoke-force"
|
|
sidebar_current: "docs-http-lease-revoke-force"
|
|
description: |-
|
|
The `/sys/revoke-force` endpoint is used to revoke secrets or tokens based on prefix while ignoring backend errors.
|
|
---
|
|
|
|
# /sys/revoke-force
|
|
|
|
<dl>
|
|
<dt>Description</dt>
|
|
<dd>
|
|
Revoke all secrets or tokens generated under a given prefix immediately.
|
|
Unlike `/sys/revoke-prefix`, this path ignores backend errors encountered
|
|
during revocation. This is <i>potentially very dangerous</i> and should
|
|
only be used in specific emergency situations where errors in the backend
|
|
or the connected backend service prevent normal revocation. <i>By ignoring
|
|
these errors, Vault abdicates responsibility for ensuring that the issued
|
|
credentials or secrets are properly revoked and/or cleaned up. Access to
|
|
this endpoint should be tightly controlled.</i>
|
|
</dd>
|
|
|
|
<dt>Method</dt>
|
|
<dd>PUT</dd>
|
|
|
|
<dt>URL</dt>
|
|
<dd>`/sys/revoke-force/<path prefix>`</dd>
|
|
|
|
<dt>Parameters</dt>
|
|
<dd>None</dd>
|
|
|
|
<dt>Returns</dt>
|
|
<dd>A `204` response code.
|
|
</dd>
|
|
</dl>
|