Vault
Restore soft deleted key/value data
You can restore data from soft deletes in the kv v2 plugin as long as the
destroyed metadata field for the targeted version is false.
Assumptions
- You have set up a
kvv2 plugin. - Your authentication token has
undeletepermissions for thekvv2 plugin.
Use vault kv undelete with the -versions
flag to restore soft deleted version of key/value data:
$ vault kv undelete \
-mount <mount_path> \
-versions <target_versions> \
<secret_path>
For example:
$ vault kv undelete -mount shared -versions 1,4 dev/square-api
Success! Data deleted (if it existed) at: shared/data/dev/square-api
The deletion_time metadata field for versions 1 and 4 is now n/a:
$ vault kv metadata get -mount shared dev/square-api
======== Metadata Path ========
shared/metadata/dev/square-api
========== Metadata ==========
Key Value
--- -----
cas_required false
created_time 2024-11-13T21:51:50.898782695Z
current_version 4
custom_metadata <nil>
delete_version_after 0s
max_versions 5
oldest_version 0
updated_time 2024-11-14T22:32:42.29534643Z
====== Version 1 ======
Key Value
--- -----
created_time 2024-11-13T21:51:50.898782695Z
deletion_time n/a
destroyed false
...
====== Version 4 ======
Key Value
--- -----
created_time 2024-11-14T22:32:42.29534643Z
deletion_time n/a
destroyed false
