Set max data versions in key/value v2
Limit the number of active versions for a kv v2 secret path so Vault
permanently deletes (destroys) older data versions automatically.
Assumptions
- You have set up a
kvv2 plugin. - Your authentication token has
createandupdatepermissions for thekvv2 plugin.
Use vault kv metadata put to change the max
number of versions allowed for a kv mount path:
$ vault kv metadata put \ -max-versions <max_versions> \ -mount <mount_path> \ <secret_path>For example:
$ vault kv metadata put \ -max-versions 5 \ -mount shared \ dev/square-apiSuccess! Data written to: shared/metadata/dev/square-apiVault now auto-deletes data when the number of versions exceeds 5:
$ vault kv metadata get -mount shared dev/square-api======== Metadata Path ========shared/metadata/dev/square-api========== Metadata ==========Key Value--- -----cas_required falsecreated_time 2024-11-13T21:51:50.898782695Zcurrent_version 4custom_metadata <nil>delete_version_after 0smax_versions 5oldest_version 0updated_time 2024-11-14T22:32:42.29534643Z====== Version 1 ======Key Value--- -----created_time 2024-11-13T21:51:50.898782695Zdeletion_time n/adestroyed false