Salt: Can't delete key if another has the same name in accepted/rejected/denied
If you have 2 keys one that's accepted one that's denied with the same name there is no way to just delete one.
Is there a way to target just the denied key? It seems to only let you target based on the name.
root@salt:~# salt-key -d app-1
The following keys are going to be deleted:
Accepted Keys:
app-1
Denied Keys:
app-1
Proceed? [N/y]
epelc
All 13 comments
@epelc, this could be very useful, thanks for the report.
jfindlay
on 21 Sep 2015
@jfindlay no problem.
I ended up just deleting the keys. Only required me to restart my minions and do a salt-key -A
epelc
on 21 Sep 2015
Allright, did some digging into some issues related to this. My proposal here is that -d works with the list specifier --list. That is, given the list specifiers in #5330, deleting the denied key in the example of this issue would be done by issueing:
salt-key --list=denied -d app-1
What do you think of this?
JensRantil
on 23 Aug 2016
Sounds like a good solution!
epelc
on 23 Aug 2016
@JensRantil, I think that is a good solution as well. You are welcome to submit a pull request.
jfindlay
on 23 Aug 2016
Hi, was there ever a resolution to this?
danbudris
on 26 Apr 2017
You can always just manually remove keys from /etc/salt/pki/master/minions_denied.
bobrik
on 29 Apr 2017
Thanks!
On Apr 28, 2017 7:29 PM, "Ivan Babrou" notifications@github.com wrote:
You can always just manually remove keys from
/etc/salt/pki/master/minions_denied.—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/saltstack/salt/issues/27263#issuecomment-298129068,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALMgaaBGogthFplv4tn9hzBAqKut4iPzks5r0nZdgaJpZM4GAipp
.
danbudris
on 29 Apr 2017
I also think this is pretty useful!
+1
rsaffi
on 10 Nov 2017
Here's a workaround until the salt-key cli support this:
sudo salt-key --list rejected | grep -v 'Rejected Keys' | xargs -L 1 sudo salt-key -y -d
joe-niland
on 26 Nov 2017
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 21 Mar 2019
This comment is to keep this issue/feature request open. It would be good if Salt CLI supported this.
TheVakman
on 28 Mar 2019
Until this is supported, after deleting the keys sharing the same name, restart the salt-minion service on the minion whose key you want to re-accept and it will re-announce its key.
service salt-minion restart
philraj
on 24 Dec 2019
Related issues
golmaal
·
3Comments
qiushics
·
3Comments
lhost
·
3Comments
erwindon
·
3Comments
seanacais
·
3Comments
Most helpful comment
You can always just manually remove keys from
/etc/salt/pki/master/minions_denied.