In working with Hashicorp vault I used an AWS role to automagically enable an instance to communicate with vault.
That worked really well. But in developing and testing sometimes I needed that AWS instance to be reverted in vault – to no longer be registered. That required tracing down where and how that auth happens and where to reset it.
To reset vault
- go to the UI of the Hashicorp consul server
- authenticate with the UI using the master token
- get the root token from the shards tab
- OR use the root token you secured somewhere to authenticate to vault
- delete the whitelist entry with auth/aws-ec2/identity-whitelist/\
vault delete auth/aws-ec2/identity-whitelist/\
— doug