| Command | Description |
|---|---|
vault kv put |
Creates or updates a key-value pair in a secret backend. |
vault kv get |
Retrieves the value of a specific key in a secret backend. |
vault kv delete |
Deletes a key-value pair from a secret backend. |
vault kv list |
Lists all keys in a secret backend. |
vault kv metadata get |
Retrieves the metadata of a specific key in a secret backend. |
vault kv metadata delete |
Deletes the metadata of a specific key in a secret backend. |
vault kv metadata list |
Lists the metadata for all keys in a secret backend. |
vault kv enable-versioning |
Enables versioning for a secret backend. |
vault kv disable-versioning |
Disables versioning for a secret backend. |
vault kv undelete |
Restores a deleted key-value pair in a secret backend. |
vault kv destroy |
Permanently removes a key-value pair in a secret backend. |
vault kv undelete-metadata |
Restores a deleted key's metadata in a secret backend. |
vault kv destroy-metadata |
Permanently removes a key's metadata in a secret backend. |
| Command | Description |
|---|---|
vault login |
Authenticates a user to Vault. |
vault logout |
Logs out the currently authenticated user. |
vault token create |
Creates a new token for authentication. |
vault token revoke |
Revokes a token, rendering it invalid. |
vault token lookup |
Retrieves information about a token. |
vault token renew |
Renews the lease of a token, extending its validity period. |
vault token revoke-prefix |
Revokes all tokens with a given prefix. |
vault auth enable |
Enables an authentication method in Vault. |
vault auth disable |
Disables an authentication method in Vault. |
vault auth list |
Lists all enabled authentication methods in Vault. |
| Command | Description |
|---|---|
vault policy write |
Creates or updates a policy with the specified name. |
vault policy read |
Retrieves the contents of a policy. |
vault policy delete |
Deletes a policy. |
vault policy list |
Lists all policies in Vault. |
vault policy capabilities |
Displays the capabilities of a policy. |
vault write auth/token/roles/my-role |
Creates or updates a token role. |
| Command | Description |
|---|---|
vault secrets enable |
Enables a secrets engine in Vault. |
vault secrets disable |
Disables a secrets engine in Vault. |
vault secrets list |
Lists all enabled secrets engines in Vault. |
vault secrets tune |
Adjusts the configuration of a secrets engine. |
vault secrets move |
Moves a secrets engine from one path to another. |
vault secrets migrate |
Migrates secrets from one secrets engine to another. |
vault secrets upgrade |
Upgrades the version of a secrets engine. |
vault secrets path-help |
Displays help information for a secrets engine's path. |
| Command | Description |
|---|---|
vault audit enable |
Enables an audit device in Vault to log events. |
vault audit disable |
Disables an audit device in Vault. |
vault audit list |
Lists all enabled audit devices in Vault. |
vault audit hash |
Hashes a single audit log file for integrity verification. |
vault audit recover |
Recovers and replays the audit log from a specified path. |
vault audit migrate |
Migrates audit devices from one path to another. |
vault audit purge |
Purges audit log files from a specified path. |
vault monitor |
Monitors the activity of secrets engines and authentication requests in real-time. |
vault read sys/audit-hash |
Retrieves the current hash of the audit log file. |
| Command | Description |
|---|---|
vault operator init |
Initializes a new Vault instance with a master key share. |
vault operator unseal |
Unseals the Vault by providing a master key share. |
vault operator seal |
Seals the Vault, making it inaccessible. |
vault operator rekey |
Rekeys the Vault, rotating the encryption keys. |
vault operator rotate |
Rotates the underlying encryption keys for the transit secrets engine. |
vault operator generate-root |
Generates a new root token for disaster recovery. |
| Command | Description |
vault status |
Displays the current status of the Vault. |
vault version |
Displays the version information of the running Vault server. |
vault list sys/mounts |
Lists all the mounted secret backends. |
vault auth token/lookup-self |
Retrieves information about the currently authenticated token. |
vault auth token/revoke-self |
Revokes the currently authenticated token. |
vault path-help |
Displays help information for a specific Vault path. |
vault policy validate |
Validates the syntax of a policy without saving it. |
| `vault secrets |