Hi, If the orphaned keys are still present in the KASP DB (e.g. they belonged to no longer existing zones), you can use `knotc -f zone-purge -- +kaspdb +orphan`. If they are only orphaned PEM files (usually in /var/lib/knot/keys/keys/), you can delete those files whose names are not present in any `keymgr list` output for each configured zone.
Daniel On 7/13/24 15:26, Michael Grimm via knot-dns-users wrote:
Hi, is there a functionality that identifies orphaned key in the kasp database and optionally deletes those? I had had a couple of orphaned pem files. I managed to identify and remove those with the help of 'keymgr' and Unix little helpers, though. Thus I am asking just out of curiosity, because I might have missed such a functionality. Thanks and regards, Michael --
--
