How SSH Protect uses the recycle bin
The recycle bin is a feature in Venafi Configuration Console that allows system administrators to restore some object types if they are deleted either by accident, or in the case of TLS certificates, if they are pruned during the automated cleanup process called Deletion Tasks.
If you are not a system administrator, and you want to recover a supported item that you deleted, please contact your Venafi administrator.
It is important to understand how the recycle bin works with SSH Protect assets, as some objects are recoverable and some are not.
SSH Protect items that can be recovered
The following items can generally be recovered by a system administrator from the recycle bin if their parent container was not deleted after the item:
-
SSH certificate issuance templates
-
SSH certificate issuance flows
-
Adaptable actions for SSH certificate issuance flows
-
SSH CA keypairs
-
Device objects (but not their associated keys)
SSH Protect items that cannot be recovered
The following items are not recoverable:
-
SSH keys.
The deletion of SSH keys is permanent.
When you delete a keyset in SSH Protect, the system deprovisions the keys from any associated devices. This means they public key is removed from the
authorized_keys
file on the devices. This keyset will no longer allow any client to connect to that device with that keyset. -
SSH Keys linked to devices.
When you delete a device from SSH Protect, the system does not deprovision the keys associated with the device, but those keys are removed from the SSH Protect inventory.
If you need to restore a deleted key or device that can't be restored by the recycle bin, you will need to add new SSH keys and or devices to the same location on the device, or perform another discovery of the device.
What's Next?
To learn more about the recycle bin, see Venafi Recycle Bin.
To learn about TLS certificate deletion tasks, see Recycle Bin's actions panel