# read

The `read` command reads data from Vault at the given path (wrapper command for HTTP GET). You can use the command to read secrets, generate dynamic credentials, get configuration details, and more.

### Examples <a href="#examples" id="examples"></a>

Read entity details of a given ID:

```shell-session
$ vault read identity/entity/id/2f09126d-d161-abb8-2241-555886491d97
```

Generate dynamic AWS credentials for a `my-role`:

```shell-session
$ vault read aws/creds/my-role
```

#### API versus CLI <a href="#api-versus-cli" id="api-versus-cli"></a>

Assuming that you have K/V version 2 (`kv-v2`) secrets engine enabled at `secret/`, the following command reads secrets at the `secret/data/customers` API path:

```shell-session
$ vault read secret/data/customers
```

This is equivalent to:

```shell-session
$ curl --request GET --header "X-Vault-Token: $VAULT_TOKEN" \
    $VAULT_ADDR/v1/secret/data/customers
```

Since K/V secrets engine is a commonly used feature, Vault CLI provides the `kv` command. Read secrets from the `secret/data/customers` path using the `kv` CLI command:

```shell-session
$ vault kv get -mount=secret customers
```

**Comparison:** All three commands retrieve the same data, but display the output in a different format. By default, `vault read` prints output in key-value format. The `curl` command prints the response in JSON. Since the `kv` command is designed to handle operations associated with K/V secrets engine, it prints the output in more structured format that is easy to read.

### Usage <a href="#usage" id="usage"></a>

The following flags are available in addition to the standard set of flags included on all commands.

#### Output options <a href="#output-options" id="output-options"></a>

* `-field` `(string: "")` - Print only the field with the given name, in the format specified in the `-format` directive. The result will not have a trailing newline making it ideal for piping to other processes.
* `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", "yaml", or "raw". This can also be specified via the `VAULT_FORMAT` environment variable.

For a full list of examples and paths, please see the documentation that corresponds to the secrets engine in use.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/vault/cli/read.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.