# patch

The `patch` command updates data in Vault at the given path (wrapper command for HTTP PATCH using the JSON Patch format). The data can be credentials, secrets, configuration, or arbitrary data. The specific behavior of the `patch` command is determined at the thing mounted at the path.

Data is specified as "**key=value**" pairs on the command line. If the value begins with an "**@**", then it is loaded from a file. If the value for a key is "**-**", Vault will read the value from stdin rather than the command line.

Some API fields require more advanced structures such as maps. These cannot directly be represented on the command line. However, direct control of the request parameters can be achieved by using `-` as the only data argument. This causes `vault patch` to read a JSON blob containing all request parameters from stdin. This argument will be ignored if used in conjunction with any "key=value" pairs.

For a full list of examples and paths, please see the documentation that corresponds to the secrets engines in use.

Unlike the `write` command, the `patch` command only modifies data specified on the command line.

### Examples <a href="#examples" id="examples"></a>

Updates a PKI role to modify a single parameter:

```shell-session
$ vault patch pki/roles/example allow_localhost=false
```

#### API versus CLI <a href="#api-versus-cli" id="api-versus-cli"></a>

Updates a PKI role to modify the `allow_localhost` parameter:

```shell-session
$ vault patch pki/roles/example allow_localhost=false
```

Equivalent cURL command for this operation:

```shell-session
$ tee request_payload.json -<<EOF
{
   "organization": "hashicorp"
}
EOF

$ curl --header "X-Vault-Token: $VAULT_TOKEN" \
    --request PATCH \
    --header 'Content-Type: application/merge-patch+json'
    --data @request_payload.json \
    $VAULT_ADDR/v1/pki/roles/example
```

The `vault patch` command simplifies the API call.

### Usage <a href="#usage" id="usage"></a>

The following flags are available in addition to the standard set of flags included on all commands.

#### Output options <a href="#output-options" id="output-options"></a>

* `-field` `(string: "")` - Print only the field with the given name, in the format specified in the `-format` directive. The result will not have a trailing newline making it ideal for piping to other processes.
* `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the `VAULT_FORMAT` environment variable.

#### Command options <a href="#command-options" id="command-options"></a>

* `-force` `(bool: false)` - Allow the operation to continue with no key=value pairs. This allows writing to keys that do not need or expect data. This is aliased as `-f`.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/vault/cli/patch.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.