read
The read
command reads data from Vault at the given path (wrapper command for HTTP GET). You can use the command to read secrets, generate dynamic credentials, get configuration details, and more.
Examples
Read entity details of a given ID:
Generate dynamic AWS credentials for a my-role
:
API versus CLI
Assuming that you have K/V version 2 (kv-v2
) secrets engine enabled at secret/
, the following command reads secrets at the secret/data/customers
API path:
This is equivalent to:
Since K/V secrets engine is a commonly used feature, Vault CLI provides the kv
command. Read secrets from the secret/data/customers
path using the kv
CLI command:
Comparison: All three commands retrieve the same data, but display the output in a different format. By default, vault read
prints output in key-value format. The curl
command prints the response in JSON. Since the kv
command is designed to handle operations associated with K/V secrets engine, it prints the output in more structured format that is easy to read.
Usage
The following flags are available in addition to the standard set of flags included on all commands.
Output options
-field
(string: "")
- Print only the field with the given name, in the format specified in the-format
directive. The result will not have a trailing newline making it ideal for piping to other processes.-format
(string: "table")
- Print the output in the given format. Valid formats are "table", "json", "yaml", or "raw". This can also be specified via theVAULT_FORMAT
environment variable.
For a full list of examples and paths, please see the documentation that corresponds to the secrets engine in use.
Last updated