lease

The lease command groups subcommands for interacting with leases attached to secrets. For leases attached to tokens, use the vault token subcommand.

Examples

Lookup a lease:

$ vault lease lookup database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key             Value
---             -----
expire_time     2021-03-17T11:55:50.755313-05:00
id              database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
issue_time      2021-03-17T11:45:50.755312-05:00
last_renewal    <nil>
renewable       true
ttl             9m52s

Renew a lease:

$ vault lease renew database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key                Value
---                -----
lease_id           database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
lease_duration     5m
lease_renewable    true

Revoke a lease:

$ vault lease revoke database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Success! Revoked lease: database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83

Usage

Usage: vault lease <subcommand> [options] [args]

  # ...

Subcommands:
    lookup    Lookup lease information by lease id
    renew     Renews the lease of a secret
    revoke    Revokes leases and secrets

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

lease lookup

The lease lookup command retrieves information on the lease of a secret.

Every secret in Vault has a lease associated with it. Users can look up information on the lease by referencing the lease ID.

Examples

Lookup a lease:

$ vault lease lookup database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key             Value
---             -----
expire_time     2021-03-17T11:55:50.755313-05:00
id              database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
issue_time      2021-03-17T11:45:50.755312-05:00
last_renewal    <nil>
renewable       true
ttl             9m52s

Usage

There are no flags beyond the standard set of flags included on all commands.

lease renew

The lease renew command renews the lease on a secret, extending the time that it can be used before it is revoked by Vault.

Every secret in Vault has a lease associated with it. If the owner of the secret wants to use it longer than the lease, then it must be renewed. Renewing the lease does not change the contents of the secret.

Examples

Renew a lease:

$ vault lease renew database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key                Value
---                -----
lease_id           database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
lease_duration     5m
lease_renewable    true

Usage

The following flags are available in addition to the standard set of flags included on all commands.

-increment (duration: "") - Request a specific increment in seconds. Vault is not required to honor this request.

lease revoke

The lease revoke command revokes the lease on a secret, invalidating the underlying secret.

Examples

Revoke a lease:

$ vault lease revoke database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Success! Revoked lease: database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83

Revoke a lease which starts with a prefix:

$ vault lease revoke -prefix database/creds
Success! Revoked any leases with prefix: database/creds

Usage

The following flags are available in addition to the standard set of flags included on all commands.

-force (bool: false) - Delete the lease from Vault even if the secret engine revocation fails. This is meant for recovery situations where the secret in the target secrets engine was manually removed. If this flag is specified, -prefix is also required. This is aliased as "-f". The default is false.
-prefix (bool: false) - Treat the ID as a prefix instead of an exact lease ID. This can revoke multiple leases simultaneously. The default is false.
-sync (bool: false) - Make the operation synchronous instead of queuing the revocations to be done in the background.

Previouskv Nextlicense

Last updated 6 months ago