Delete Variable from DAP via REST API

Secrets Management - Conjur, Secrets Hub & CP Conjur Enterprise
1

Hi! We recently had a requirement to rename an object in DAP that had already synced from CyberArk.

Due to this I now have a few stale variables that I’d like to delete.

I’ve created a delete yml file, yet whenever I try to load it I get ‘object not found’. It appears that my endpoint is off. I’ve tried various possibilities. I’m loading this under the Delete Method.

example 1:

!delete
record: !variable test-vault/LOB_Test/SafeName/accountName/password

https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/

example 2:

!delete
record: !variable /SafeName/accountName/password

https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/test-vault/LOB_Test

Any advice would be appreciated!

2

Hi Sara,

I think you’re very close with the syntax. I can suggest a couple of tweaks to try, and if that doesn’t work, I can show you how I tried this out with a curl command.

  • In example 1, it looks like your endpoint is missing an actual policy. The endpoint should be:

    https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/$POLICY

    For example, if you originally loaded the policy that had variable definitions at the root
    policy branch, then $POLICY would be root. Otherwise, it’s your policy path (without
    root, that’s implicit in the path).

  • In example 2, I think the variable name in your record shouldn’t have a leading /,
    but everything else looks good.

Example Variable Delete Using curl:

Here’s an example using curl. I’m using Conjur OSS, but the API should be the same for DAP.

Before Variable is Deleted:

Before the delete operation, I have 2 variables:

# conjur list variables | grep test-summon-init-app   
  "myConjurAccount:policy:test-summon-init-app-db",
  "myConjurAccount:variable:test-summon-init-app-db/url",
  "myConjurAccount:variable:test-summon-init-app-db/username",
#

The Delete YAML File:

- !delete
  record: !variable test-summon-init-app-db/url

The Curl Command:

curl -H "$(conjur authn authenticate -H)" \
     -X PATCH -d "$(< ./delete-sec-2.yml)" \
     -k \
     https://conjur-oss.conjur-oss.svc.cluster.local/policies/myConjurAccount/policy/root \
     | jq .

After the Delete:

After the delete operation, the URL variable is now gone:

# conjur list variables | grep test-summon-init-app
  "myConjurAccount:policy:test-summon-init-app-db",
  "myConjurAccount:variable:test-summon-init-app-db/username",
#

Let us know if the above doesn’t help you with getting the variable cleanup to work.

  • Dane
1 Like
3

Hi Dane

Thanks for the thoughtful reply - I was able to get this working right away.

The Delete YAML File

- !delete
   record: !variable test-summon-init-app-db/url

The API Call Using Powershell

Invoke-WebRequest -Uri “https://$CONJUR_APPLIANCE_URL/policies/$CONJUR_ACCOUNT/policy/root” -Headers $Header -Body $content -Method Patch

The method and appending root to the end of the URI were key in getting this working.
($content is the YAML file, $Header contains the token)

Thanks so much!!

1 Like
4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.