policy
The policy command groups subcommands for interacting with policies. Users can write, read, and list policies in Vault.
For more information, please see the policy documentation.
Examples
List all enabled policies:
$ vault policy listCreate a policy named "my-policy" from contents on local disk:
$ vault policy write my-policy ./my-policy.hclDelete the policy named my-policy:
$ vault policy delete my-policyUsage
Usage: vault policy <subcommand> [options] [args]
# ...
Subcommands:
delete Deletes a policy by name
list Lists the installed policies
read Prints the contents of a policy
write Uploads a named policy from a fileFor more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
policy delete
The policy delete command deletes the policy named NAME in the Vault server. Once the policy is deleted, all tokens associated with the policy are affected immediately.
Note that it is not possible to delete the "default" or "root" policies. These are built-in policies.
Examples
Delete the policy named "my-policy":
$ vault policy delete my-policyUsage
There are no flags beyond the standard set of flags included on all commands.
policy fmt
The policy fmt formats a local policy file to the policy specification. This command will overwrite the file at the given PATH with the properly-formatted policy file contents.
Examples
Format the local file "my-policy.hcl":
$ vault policy fmt my-policy.hclUsage
There are no flags beyond the standard set of flags included on all commands.
policy list
The policy list command Lists the names of the policies that are installed on the Vault server.
Examples
List the available policies:
$ vault policy list
default
rootUsage
The following flags are available in addition to the standard set of flags included on all commands.
Output options
-format(string: "table")- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMATenvironment variable.
policy read
The policy read command prints the contents and metadata of the Vault policy named NAME. If the policy does not exist, an error is returned.
Examples
Read the policy named "my-policy":
$ vault policy read my-policyUsage
The following flags are available in addition to the standard set of flags included on all commands.
Output options
-format(string: "table")- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMATenvironment variable.
policy write
The policy write command uploads a policy with name NAME from the contents of a local file PATH or stdin. If PATH is "-", the policy is read from stdin. Otherwise, it is loaded from the file at the given path on the local disk.
For details on the policy syntax, please see the policy documentation.
Examples
Upload a policy named "my-policy" from "/tmp/policy.hcl" on the local disk:
$ vault policy write my-policy /tmp/policy.hclUpload a policy from stdin:
$ cat my-policy.hcl | vault policy write my-policy -Usage
There are no flags beyond the standard set of flags included on all commands.
Last updated