Deletion Tasks

As part of the Deletion Process, Deletion Tasks use rules to determine whether to move older items into the Recycle Bin. Currently, there are three tasks. These settings appear in VCC. All of these settings appear in the POST RecycleBin/GetConfigurationresponse.

If you would like to have certificate objects cleaned up then please configure and enable the Certificate Objects deletion task. The Certificate Age and Certificate History deletion tasks are configured to operate exclusively on archived certificates. This ensures that only those certificates specifically designated for deletion are processed.

Each type of deletion task has its own tab on the Deletion Process Configuration screen.

Deletion Tasks
Task Name	Values and example
CertificateObject \|Days \|Delete_Applications \|Delete_Devices \|Only_Disabled_Certificates	Deletes certificate objects where the active certificate has been expired more than the configured amount of time. Code Signing or Timestamp certificate objects will not be deleted. Days: Number of days, NOT years, since the certificate expired . Default is 730. VCC setting: Delete certificates more than [n] years ago. Delete_Applications: Delete associated applications if there are not referenced by anything else. (Default 0 (disabled)) Delete_Devices: Delete associated devices if there are not referenced by anything else. (Default 0 (disabled)) Only_Disabled_Certificates: Only remove certificate objects if they are marked as disabled. (Default 1 (enabled)) Example: CertificateObject\|730\|1\|1\|1
CertificateAge\|Days	Moves certificates based on age: Days: Number of days, NOT years, since the certificate expired . Default is 3650. VCC setting: Delete certificates more than [n] years ago. Example: CertificateAge\|5
CertificateHistory\|MaxItemsRemaining	Moves Secret Store vault information into the Recycle Bin: MaxItemsRemaining: Required. Retain only the newest certificates and private keys in the history for each Certificate object. Default is 10. VCC setting: Retain only the [n] newest X.509 certificates. Example: CertificateHistory\|1

NOTE There is a configuration that exists on all WebAdmin policy objects called Exclude from automatic deletion. When this setting is enabled, these objects will be ignored by the automatic deletion features of the Recycle Bin.

Task Name	Values and example
CertificateObject \|Days \|Delete_Applications \|Delete_Devices \|Only_Disabled_Certificates	Deletes certificate objects where the active certificate has been expired more than the configured amount of time. Code Signing or Timestamp certificate objects will not be deleted. Days: Number of days, NOT years, since the certificate expired . Default is 730. VCC setting: Delete certificates more than [n] years ago. Delete_Applications: Delete associated applications if there are not referenced by anything else. (Default 0 (disabled)) Delete_Devices: Delete associated devices if there are not referenced by anything else. (Default 0 (disabled)) Only_Disabled_Certificates: Only remove certificate objects if they are marked as disabled. (Default 1 (enabled)) Example: CertificateObject\|730\|1\|1\|1
CertificateAge\|Days	Moves certificates based on age: Days: Number of days, NOT years, since the certificate expired . Default is 3650. VCC setting: Delete certificates more than [n] years ago. Example: CertificateAge\|5
CertificateHistory\|MaxItemsRemaining	Moves Secret Store vault information into the Recycle Bin: MaxItemsRemaining: Required. Retain only the newest certificates and private keys in the history for each Certificate object. Default is 10. VCC setting: Retain only the [n] newest X.509 certificates. Example: CertificateHistory\|1