search
DocumentationTutorialsTry Cloud!

lease

hashtag
lease

The lease command groups subcommands for interacting with leases attached to secrets. For leases attached to tokens, use the vault token subcommand.

hashtag
Examples

Lookup a lease:

$ vault lease lookup database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key             Value
---             -----
expire_time     2021-03-17T11:55:50.755313-05:00
id              database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
issue_time      2021-03-17T11:45:50.755312-05:00
last_renewal    <nil>
renewable       true
ttl             9m52s

Renew a lease:

$ vault lease renew database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key                Value
---                -----
lease_id           database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
lease_duration     5m
lease_renewable    true

Revoke a lease:

hashtag
Usage

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

hashtag
lease lookup

The lease lookup command retrieves information on the lease of a secret.

Every secret in Vault has a lease associated with it. Users can look up information on the lease by referencing the lease ID.

hashtag
Examples

Lookup a lease:

hashtag
Usage

There are no flags beyond the standard set of flags included on all commands.

hashtag
lease renew

The lease renew command renews the lease on a secret, extending the time that it can be used before it is revoked by Vault.

Every secret in Vault has a lease associated with it. If the owner of the secret wants to use it longer than the lease, then it must be renewed. Renewing the lease does not change the contents of the secret.

hashtag
Examples

Renew a lease:

hashtag
Usage

The following flags are available in addition to the standard set of flags included on all commands.

  • -increment (duration: "") - Request a specific increment in seconds. Vault is not required to honor this request.

hashtag
lease revoke

The lease revoke command revokes the lease on a secret, invalidating the underlying secret.

hashtag
Examples

Revoke a lease:

Revoke a lease which starts with a prefix:

hashtag
Usage

The following flags are available in addition to the standard set of flags included on all commands.

  • -force (bool: false) - Delete the lease from Vault even if the secret engine revocation fails. This is meant for recovery situations where the secret in the target secrets engine was manually removed. If this flag is specified, -prefix is also required. This is aliased as "-f". The default is false.

  • -prefix (bool: false) - Treat the ID as a prefix instead of an exact lease ID. This can revoke multiple leases simultaneously. The default is false.

  • -sync (bool: false) - Make the operation synchronous instead of queuing the revocations to be done in the background.

PreviouskvNextlicense

Last updated