starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-11 20:00:28 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

Add "delete" to the 'apikey' command #606

New Issue
Closed
opened 2025-12-29 02:21:07 +01:00 by adam · 4 comments
adam commented 2025-12-29 02:21:07 +01:00
Owner
Copy Link

Originally created by @BeyondEvil on GitHub (Dec 28, 2023).

Why

Currently there's no way of deleting API keys (expired or otherwise) using the CLI (or the API).

This will lead to the API key DB table to keep growing indefinitely.

Description

I propose adding a delete subcommand to the apikey command.

Suggested flags:

  • --prefix to delete a specific key (expired or not)
  • --all to delete all keys (expired or not)
  • --expired to delete all expired keys

All flags can be coupled with a "are you sure"-prompt - skippable with --force.

I'm happy to contribute a PR.

Half the work is already done, as the DB function is already implemented.

Originally created by @BeyondEvil on GitHub (Dec 28, 2023). ## Why Currently there's no way of deleting API keys (expired or otherwise) using the CLI (or the API). This will lead to the API key DB table to keep growing indefinitely. ## Description I propose adding a `delete` subcommand to the `apikey` command. Suggested flags: - `--prefix` to delete a specific key (expired or not) - `--all` to delete _all_ keys (expired or not) - `--expired` to delete all _expired_ keys All flags can be coupled with a "are you sure"-prompt - skippable with `--force`. I'm happy to contribute a PR. Half the work is already done, as the DB function is already [implemented](https://github.com/juanfont/headscale/blob/55ca078f2240361e5607134a3ac54068cb599b6f/hscontrol/db/api_key.go#L100).
adam added the enhancementgood first issue labels 2025-12-29 02:21:07 +01:00
adam closed this issue 2025-12-29 02:21:07 +01:00
adam commented 2025-12-29 02:21:08 +01:00
Author
Owner
Copy Link

@comminutus commented on GitHub (Dec 28, 2023):

This would be very useful since I have several active one-time use api keys that were created because I had to redo tags on servers. I imagine this is common so having a way to clean them up easily would be great, or even just the ability to delete one at a time. Something like headscale preauthkeys prune would be awesome to delete the keys that aren't actively being used.

@comminutus commented on GitHub (Dec 28, 2023): This would be very useful since I have several active one-time use api keys that were created because I had to redo tags on servers. I imagine this is common so having a way to clean them up easily would be great, or even just the ability to delete one at a time. Something like `headscale preauthkeys prune` would be awesome to delete the keys that aren't actively being used.
adam commented 2025-12-29 02:21:08 +01:00
Author
Owner
Copy Link

@williamcanon1 commented on GitHub (Dec 29, 2023):

Indeed, this is absolutely necessary."

@williamcanon1 commented on GitHub (Dec 29, 2023): Indeed, this is absolutely necessary."
adam commented 2025-12-29 02:21:08 +01:00
Author
Owner
Copy Link

@PowershellScripter commented on GitHub (Feb 19, 2024):

Until then, you can stop download a copy of your database, open it using 'db browser for sqlite' (if using built in db) and run the following sql command, verify verify verify that whats needed to be gone is gone, then write and close the database, stop headscale server and replace the original with your new one (making sure to copy the original somewhere else), then up the headscale server.

DELETE FROM api_keys
WHERE expiration < datetime('now');

This works as I have tested with a few keys.

@PowershellScripter commented on GitHub (Feb 19, 2024): Until then, you can stop download a copy of your database, open it using 'db browser for sqlite' (if using built in db) and run the following sql command, verify verify verify that whats needed to be gone is gone, then write and close the database, stop headscale server and replace the original with your new one (making sure to copy the original somewhere else), then up the headscale server. ``` DELETE FROM api_keys WHERE expiration < datetime('now'); ``` This works as I have tested with a few keys.
adam commented 2025-12-29 02:21:08 +01:00
Author
Owner
Copy Link

@kradalby commented on GitHub (Feb 19, 2024):

This has been added in #1702 by @pallabpain

@kradalby commented on GitHub (Feb 19, 2024): This has been added in #1702 by @pallabpain
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label enhancement good first issue
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#606
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?