»secrets disable

The secrets disable command disables an secrets engine at a given PATH. The argument corresponds to the enabled PATH of the engine, not the TYPE! All secrets created by this engine are revoked and its Vault data is removed.

When a secrets engine is disabled, all secrets generated via the secrets engine are immediately revoked. Care should be taken when disabling a secret mount with a large number of secrets, as it can cause a high load on the system during revocation time.


Disable the secrets engine enabled at aws/:

$ vault secrets disable aws/
$ vault secrets disable aws/


There are no flags beyond the standard set of flags included on all commands.