search
Home

vhsm lease

Learn to use vhsm lease command to interact with the leases attached to the secrets.

The vhsm lease command groups subcommands for interacting with leases attached to secrets. For leases attached to tokens, use the vhsm token subcommand.

circle-info

Ensure that you have the id of the lease that you would like to interact with.

hashtag
Usage

vhsm lease <subcommand> [options] [args]

hashtag
Subcommands

Command
Description

lookup

Retrieve lease information by lease ID.

renew

Renew the lease of a secret.

revoke

Revoke leases and secrets.

hashtag
vhsm lease lookup

The lookup command retrieves information on the lease of a secret.

hashtag
Example

vhsm lease lookup database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83

Output

Key             Value
---             -----
expire_time     2021-03-17T11:55:50.755313-05:00
id              database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
issue_time      2021-03-17T11:45:50.755312-05:00
last_renewal    <nil>
renewable       true
ttl             9m52s

hashtag
vhsm lease renew

Renews the lease on a secret, extending its usage before revocation by vHSM. Renewing a lease does not change the contents of the secret.

hashtag
Example

Output

hashtag
Options

Flag
Description

-increment <duration>

Request a specific increment in seconds. vHSM may not honor this request.

hashtag
vhsm lease revoke

Revokes the lease on a secret, invalidating the underlying secret.

Example 1: Revoke a specific lease

Output

Example 2: Revoke leases with a specific prefix

Output

hashtag
Options

Flag
Description

-force (-f)

Delete the lease from vHSM even if secret engine revocation fails. Requires -prefix. Default: false.

-prefix

Treat the ID as a prefix instead of an exact lease ID, allowing multiple leases to be revoked. Default: false.

-sync

Make the operation synchronous instead of queuing revocations in the background. Default: false.

Previousvhsm path-helpNextAttestation

Last updated

Was this helpful?