# lease

## lease <a href="#lease" id="lease"></a>

The `lease` command groups subcommands for interacting with leases attached to secrets. For leases attached to tokens, use the `vault token` subcommand.

### Examples <a href="#examples" id="examples"></a>

Lookup a lease:

```shell-session
$ vault lease lookup database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key             Value
---             -----
expire_time     2021-03-17T11:55:50.755313-05:00
id              database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
issue_time      2021-03-17T11:45:50.755312-05:00
last_renewal    <nil>
renewable       true
ttl             9m52s
```

Renew a lease:

```shell-session
$ vault lease renew database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key                Value
---                -----
lease_id           database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
lease_duration     5m
lease_renewable    true
```

Revoke a lease:

```shell-session
$ vault lease revoke database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Success! Revoked lease: database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
```

### Usage <a href="#usage" id="usage"></a>

```
Usage: vault lease <subcommand> [options] [args]

  # ...

Subcommands:
    lookup    Lookup lease information by lease id
    renew     Renews the lease of a secret
    revoke    Revokes leases and secrets
```

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

## lease lookup <a href="#lease-lookup" id="lease-lookup"></a>

The `lease lookup` command retrieves information on the lease of a secret.

Every secret in Vault has a lease associated with it. Users can look up information on the lease by referencing the lease ID.

### Examples <a href="#examples" id="examples"></a>

Lookup a lease:

```shell-session
$ vault lease lookup database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key             Value
---             -----
expire_time     2021-03-17T11:55:50.755313-05:00
id              database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
issue_time      2021-03-17T11:45:50.755312-05:00
last_renewal    <nil>
renewable       true
ttl             9m52s
```

### Usage <a href="#usage" id="usage"></a>

There are no flags beyond the standard set of flags included on all commands.

## lease renew <a href="#lease-renew" id="lease-renew"></a>

The `lease renew` command renews the lease on a secret, extending the time that it can be used before it is revoked by Vault.

Every secret in Vault has a lease associated with it. If the owner of the secret wants to use it longer than the lease, then it must be renewed. Renewing the lease does not change the contents of the secret.

### Examples <a href="#examples" id="examples"></a>

Renew a lease:

```shell-session
$ vault lease renew database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Key                Value
---                -----
lease_id           database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
lease_duration     5m
lease_renewable    true
```

### Usage <a href="#usage" id="usage"></a>

The following flags are available in addition to the standard set of flags included on all commands.

* `-increment` `(duration: "")` - Request a specific increment in seconds. Vault is not required to honor this request.

## lease revoke <a href="#lease-revoke" id="lease-revoke"></a>

The `lease revoke` command revokes the lease on a secret, invalidating the underlying secret.

### Examples <a href="#examples" id="examples"></a>

Revoke a lease:

```shell-session
$ vault lease revoke database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
Success! Revoked lease: database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
```

Revoke a lease which starts with a prefix:

```shell-session
$ vault lease revoke -prefix database/creds
Success! Revoked any leases with prefix: database/creds
```

### Usage <a href="#usage" id="usage"></a>

The following flags are available in addition to the standard set of flags included on all commands.

* `-force` `(bool: false)` - Delete the lease from Vault even if the secret engine revocation fails. This is meant for recovery situations where the secret in the target secrets engine was manually removed. If this flag is specified, -prefix is also required. This is aliased as "-f". The default is false.
* `-prefix` `(bool: false)` - Treat the ID as a prefix instead of an exact lease ID. This can revoke multiple leases simultaneously. The default is false.
* `-sync` `(bool: false)` - Make the operation synchronous instead of queuing the revocations to be done in the background.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/vault/cli/lease.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.