Item Deletion

Delete Item

When trying to delete an item there are a couple of options:

  • The item is an AES or RSA key - By default, there will be a waiting period of 7 days before deleting the item with all its versions
  • The item is of any other type - Will be deleted immediately

If a key is encrypting different item in the system (Static Secret, Dynamic Secret, Certificate Issuer, etc.) it cannot be deleted until items that are encrypted with it are deleted as well.
To cancel a key in Pending Deletion from being deleted, please check the Set Item State command.

  • CLI
  • When users try to delete an item they will have 3 new parameters to choose from:
  • --version - Delete a specific version of the item (i.e - after a rotate-key operation, cannot be the last item version)
  • --delete-in-days - The number of days to wait before actually deleting the item, default 7 (only relevant for keys). To delete the key immediately: --delete-in-days=-1
  • --delete-immediately - When trying to delete a key immediately with --delete-in-days=-1, this flag must be supplied as well

Examples

Prerequisite - key1 is created:

$ akeyless create-key -n key1 --alg AES256GCM
=====================
Encryption Key Fragement #1 created succsessfully in 13 milliseconds
Encryption Key Fragement #2 created succsessfully in 14 milliseconds
Encryption Key Fragement #3 created succsessfully in 14 milliseconds
=====================
A new AES256GCM key named key1 was successfully created

Example 1 - Deleting key1:

$ date
Wed Jan 1 10:00:00 IDT 2020

$ akeyless delete-item -n key1
Item key1 set to be deleted on 2020-01-07 08:00:00 +0000 UTC

Example 2 - Deleting key1 with non-default values:

$ date
Wed Jan 1 10:05:00 IDT 2020

$ akeyless delete-item -n key1 --delete-in-days=30
Item key1 set to be deleted on 2020-01-30 08:05:00 +0000 UTC

Example 3 - Deleting key1 immediately without waiting:

$ date
Wed Jan 1 10:10:00 IDT 2020

$ akeyless delete-item -n key1 --delete-in-days=-1 --delete-immediately
Item key1 was successfully deleted

Example 4 - Deleting key1 first version after a rotate-key operation:

$ date
Wed Jan 1 10:10:00 IDT 2020

$ akeyless delete-item -n key1 --version=1 --delete-in-days=30
Item key1 version 1 set to be deleted on 2020-01-30 08:10:00 +0000 UTC
  • UI

Example 1 - create key1:

Example 2 - Deleting key1 (default 7 days):

Example 3 - Deleting key1 immediately without waiting:


Did this page help you?