Kyle enabled the database secrets engine for dynamic credentials. Amy, the senior DBA, accidentally deleted the database users created by Vault, disrupting client applications. How can Kyle manually remove the leases in Vault?
A.
No action is required since the leases will eventually expire and be revoked
B.
Obtain the individual lease IDs from the application logs and remove them using the vault lease revoke command
C.
Use the command vault lease revoke -force flag to delete the leases
D.
Revoke all of the leases associated with the entire database secrets engine to be sure they are all removed
C. vault lease revoke -force: "Using the vault lease revoke -force flag is the correct way to manually remove leases in Vault." With -prefix, it targets specific leases (e.g., vault lease revoke -force -prefix database/creds/). "This is meant for recovery situations where the secret was manually removed."
Incorrect Options:
A: Waiting risks ongoing issues. "May take time and could cause disruptions."
B: Inaccurate; -force is needed. "Not a valid approach without -force."
D: Too broad, affects other leases. "May impact other valid credentials."
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit