vault 命令

常用示例

说明

Vault by HashiCorp is a secrets management tool that securely stores and controls access to tokens, passwords, certificates, API keys, and other secrets. It provides encryption as a service, dynamic secrets generation, and detailed audit logging. The CLI is a wrapper around the HTTP API and supports interactive and scripted use. Configuration can be set via environment variables: VAULT_ADDR for the server address, VAULT_TOKEN for authentication, VAULT_NAMESPACE for enterprise namespaces, and VAULT_FORMAT for output format (table, json, yaml, jsonx). Vault uses a seal/unseal mechanism for security. After initialization, Vault is sealed and requires unseal keys to become operational. In dev mode (vault server -dev), Vault starts unsealed for testing.

参数

login

Authenticate to Vault and obtain a token.

kv put

Write secrets to the key-value secrets engine.

kv get

Read secrets from the key-value secrets engine.

kv delete

Delete secrets from the key-value secrets engine.

kv list

List secret keys at a path.

secrets enable

Enable a secrets engine at a path.

secrets disable

Disable a secrets engine.

auth enable

Enable an authentication method.

operator init

Initialize a new Vault cluster.

operator unseal

Unseal the Vault.

operator seal

Seal the Vault.

status

Print the current status of Vault.

server

Start a Vault server.

token _subcommand_

Manage tokens (capabilities, create, lookup, renew, revoke).

policy _subcommand_

Manage policies (delete, fmt, list, read, write).

audit _subcommand_

Manage audit devices (disable, enable, list).

lease _subcommand_

Manage leases (lookup, renew, revoke).

read _path_

Read data from Vault.

write _path_ _data_

Write data to Vault.

delete _path_

Delete data from Vault.

list _path_

List data from Vault.

path-help _path_

Show help for a specific API path.

-address _url_

Address of the Vault server.

-token _token_

Vault token for authentication.