13 Čec
2024
13 Čec
'24
15:26
Hi,
is there a functionality that identifies orphaned key in the kasp database and optionally
deletes those?
I had had a couple of orphaned pem files. I managed to identify and remove those with the
help of 'keymgr' and Unix little helpers, though.
Thus I am asking just out of curiosity, because I might have missed such a functionality.
Thanks and regards,
Michael
13 Čec
13 Čec
18:36
Hi,
If the orphaned keys are still present in the KASP DB (e.g. they belonged to no longer
existing zones), you can use
`knotc -f zone-purge -- +kaspdb +orphan`. If they are only orphaned PEM files (usually in
/var/lib/knot/keys/keys/),
you can delete those files whose names are not present in any `keymgr list` output for
each configured zone.
Daniel
On 7/13/24 15:26, Michael Grimm via knot-dns-users wrote:
Hi,
is there a functionality that identifies orphaned key in the kasp database and optionally
deletes those?
I had had a couple of orphaned pem files. I managed to identify and remove those with the
help of 'keymgr' and Unix little helpers, though.
Thus I am asking just out of curiosity, because I might have missed such a
functionality.
Thanks and regards,
Michael
--
19:32
Daniel Salzman via knot-dns-users <knot-dns-users(a)lists.nic.cz> wrote:
If they are only orphaned PEM files (usually in
/var/lib/knot/keys/keys/),
Yes, they were.
you can delete those files whose names are not present
in any `keymgr list` output for each configured zone.
That is what I did ;-)
Thanks and regards,
Michael
131
days inactive
131
days old
2 comments
2 participants
participants (2)
-
Daniel Salzman -
Michael Grimm