Skip to content

Latest commit

 

History

History
320 lines (317 loc) · 7.29 KB

README.md

File metadata and controls

320 lines (317 loc) · 7.29 KB

Vault Cheat Sheet

Vault Commands Cheat Sheet

Secrets Management

Command Description
vault kv put Creates or updates a key-value pair in a secret backend.
vault kv get Retrieves the value of a specific key in a secret backend.
vault kv delete Deletes a key-value pair from a secret backend.
vault kv list Lists all keys in a secret backend.
vault kv metadata get Retrieves the metadata of a specific key in a secret backend.
vault kv metadata delete Deletes the metadata of a specific key in a secret backend.
vault kv metadata list Lists the metadata for all keys in a secret backend.
vault kv enable-versioning Enables versioning for a secret backend.
vault kv disable-versioning Disables versioning for a secret backend.
vault kv undelete Restores a deleted key-value pair in a secret backend.
vault kv destroy Permanently removes a key-value pair in a secret backend.
vault kv undelete-metadata Restores a deleted key's metadata in a secret backend.
vault kv destroy-metadata Permanently removes a key's metadata in a secret backend.

Authentication

Command Description
vault login Authenticates a user to Vault.
vault logout Logs out the currently authenticated user.
vault token create Creates a new token for authentication.
vault token revoke Revokes a token, rendering it invalid.
vault token lookup Retrieves information about a token.
vault token renew Renews the lease of a token, extending its validity period.
vault token revoke-prefix Revokes all tokens with a given prefix.
vault auth enable Enables an authentication method in Vault.
vault auth disable Disables an authentication method in Vault.
vault auth list Lists all enabled authentication methods in Vault.

Policies

Secrets Engines

Command Description
vault policy write Creates or updates a policy with the specified name.
vault policy read Retrieves the contents of a policy.
vault policy delete Deletes a policy.
vault policy list Lists all policies in Vault.
vault policy capabilities Displays the capabilities of a policy.
vault write auth/token/roles/my-role Creates or updates a token role.
Command Description
vault secrets enable Enables a secrets engine in Vault.
vault secrets disable Disables a secrets engine in Vault.
vault secrets list Lists all enabled secrets engines in Vault.
vault secrets tune Adjusts the configuration of a secrets engine.
vault secrets move Moves a secrets engine from one path to another.
vault secrets migrate Migrates secrets from one secrets engine to another.
vault secrets upgrade Upgrades the version of a secrets engine.
vault secrets path-help Displays help information for a secrets engine's path.

Auditing and Logging

Command Description
vault audit enable Enables an audit device in Vault to log events.
vault audit disable Disables an audit device in Vault.
vault audit list Lists all enabled audit devices in Vault.
vault audit hash Hashes a single audit log file for integrity verification.
vault audit recover Recovers and replays the audit log from a specified path.
vault audit migrate Migrates audit devices from one path to another.
vault audit purge Purges audit log files from a specified path.
vault monitor Monitors the activity of secrets engines and authentication requests in real-time.
vault read sys/audit-hash Retrieves the current hash of the audit log file.

Key Management

Miscellaneous

Command Description
vault operator init Initializes a new Vault instance with a master key share.
vault operator unseal Unseals the Vault by providing a master key share.
vault operator seal Seals the Vault, making it inaccessible.
vault operator rekey Rekeys the Vault, rotating the encryption keys.
vault operator rotate Rotates the underlying encryption keys for the transit secrets engine.
vault operator generate-root Generates a new root token for disaster recovery.
Command Description
vault status Displays the current status of the Vault.
vault version Displays the version information of the running Vault server.
vault list sys/mounts Lists all the mounted secret backends.
vault auth token/lookup-self Retrieves information about the currently authenticated token.
vault auth token/revoke-self Revokes the currently authenticated token.
vault path-help Displays help information for a specific Vault path.
vault policy validate Validates the syntax of a policy without saving it.
`vault secrets