# vhsm write

The `vhsm write` command writes data to vHSM at the given path. It is a wrapper for HTTP `PUT` or `POST` requests. This command is used to store credentials, secrets, configurations, or arbitrary data. The behavior of this command depends on the secret engine mounted at the specified path.

Data is provided as `key=value` pairs. Special handling includes:

* Values starting with `@` are loaded from a file.
* Values set to `-` are read from `stdin`.
* If `-` is the only argument, `vhsm write` reads a JSON blob from `stdin`.

### **Usage**

```sh
vhsm write <path> <key=value> [options]
```

### **Subcommands and Options**

| Option          | Type       | Description                                                                                |
| --------------- | ---------- | ------------------------------------------------------------------------------------------ |
| `-field`        | `<string>` | Prints only the specified field in the selected format (ideal for piping).                 |
| `-format`       | `<string>` | Specifies the output format. Valid values: `table`, `json`, `yaml`. Defaults to `table`.   |
| `-force` / `-f` |            | Allows write operations without key-value pairs. Used for actions that don’t require data. |

### **Examples**

| Action                                                    | Command                                                                             |
| --------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| Store arbitrary secrets                                   | `vhsm write cubbyhole/git-credentials username="student01" password="p@$$w0rd"`     |
| Create a new encryption key in the transit secrets engine | `vhsm write -force transit/keys/my-key`                                             |
| Upload an AWS IAM policy from a file                      | `vhsm write aws/roles/ops policy=@policy.json`                                      |
| Configure access to Consul using an access token          | \``echo $MY_TOKEN`                                                                  |
| Create a token with TTL, policy, and usage limit          | `vhsm write auth/token/create policies="admin" policies="secops" ttl=8h num_uses=3` |

#### **Equivalent API request using cURL**

```sh
tee request_payload.json -<<EOF
{
   "policies": ["admin", "secops"],
   "ttl": "8h",
   "num_uses": 3
}
EOF

curl --header "X-Vault-Token: $VAULT_TOKEN" \
    --request POST \
    --data @request_payload.json \
    $VAULT_ADDR/v1/auth/token/create
```

#### **Simplified token creation using CLI**

```sh
vhsm token create -policy=admin -policy=secops -ttl=8h -use-limit=3
```

**Output**

```
Key                  Value
---                  -----
token                hvs.CAESIBcWWiHVdrJIIqLUOIX5_QuJtp3xrd-FEFT-rqngnFXCGh4KHGh2cy5nZEl0ZWtkcmg5Q1kxMHJFNTVUcGtoMXA
token_accessor       LiCLc2rBMS5epeu6rcaJcJX4
token_duration       8h
token_renewable      true
token_policies       ["admin" "default" "secops"]
identity_policies    []
policies             ["admin" "default" "secops"]
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-write.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.