Cleaning Orphaned Entries
The clean command removes orphaned entries detected by the access command.
An orphan is an encrypted symmetric key file (.kanuka) that has no corresponding
public key.
When to use clean
Section titled “When to use clean”Run kanuka secrets clean when:
- The
accesscommand shows entries with “orphan” status - You want to clean up after a failed or interrupted operation
- You’re tidying up the project after manual file changes
Finding orphaned entries
Section titled “Finding orphaned entries”First, check if there are any orphaned entries:
kanuka secrets accessIf orphans exist, you’ll see output like:
Users with access:
UUID EMAIL STATUS a1b2c3d4-e5f6-7890-abcd-ef1234567890 [email protected] active c3d4e5f6-a7b8-9012-cdef-123456789012 unknown orphan
Tip: Run 'kanuka secrets clean' to remove orphaned entries.Cleaning orphaned entries
Section titled “Cleaning orphaned entries”To remove orphaned entries:
kanuka secrets cleanThis shows the orphaned files and asks for confirmation:
Found 1 orphaned entry:
UUID FILE c3d4e5f6-a7b8-9012-cdef-123456789012 .kanuka/secrets/c3d4e5f6-...kanuka
This will permanently delete the orphaned files listed above.These files cannot be recovered.
Do you want to continue? [y/N]:Type y to confirm and remove the files.
Previewing cleanup
Section titled “Previewing cleanup”Use the --dry-run flag to see what would be removed without making changes:
kanuka secrets clean --dry-runThis shows:
- Which files would be deleted
- No files are actually removed
Skipping confirmation
Section titled “Skipping confirmation”In automated environments, use --force to skip the confirmation prompt:
kanuka secrets clean --forceClean examples
Section titled “Clean examples”# Preview what would be cleanedkanuka secrets clean --dry-run
# Clean with confirmation promptkanuka secrets clean
# Clean without confirmation (for automation)kanuka secrets clean --forceWhat causes orphaned entries
Section titled “What causes orphaned entries”Orphaned entries can occur when:
| Cause | Description |
|---|---|
| Manual deletion | Someone deleted a public key file directly |
| Interrupted revoke | A revoke operation failed after deleting the public key |
| Partial restore | A backup was restored that didn’t include public keys |
| File corruption | Files were lost or corrupted |
After cleaning
Section titled “After cleaning”After cleaning:
- Commit the changes - The orphaned files have been removed
- Push to remote - So the cleanup is reflected for the team
git add .kanuka/git commit -m "Clean up orphaned entries"git pushNext steps
Section titled “Next steps”- Access command - View who has access
- Doctor command - Run health checks on the project
- Revoke guide - Properly remove a user’s access