> For the complete documentation index, see [llms.txt](https://docs.enclaive.cloud/virtual-hsm/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management/vhsm-proxy.md).

# vhsm proxy

### Usage

```
vhsm proxy [options]
```

This command starts a vHSM Proxy that can perform automatic authentication in certain environments.

#### Example:

```
vhsm proxy -config=/etc/vault/config.hcl
```

### HTTP Options

| Option                      | Description                                        | Default                  | Environment Variable      |
| --------------------------- | -------------------------------------------------- | ------------------------ | ------------------------- |
| `-address=<string>`         | Address of the vHSM server                         | `https://127.0.0.1:8200` | `VAULT_ADDR`              |
| `-agent-address=<string>`   | Address of the Agent                               | (not set)                | `VAULT_AGENT_ADDR`        |
| `-ca-cert=<string>`         | Path to a single PEM-encoded CA certificate        | (not set)                | `VAULT_CACERT`            |
| `-ca-path=<string>`         | Path to a directory of PEM-encoded CA certificates | (not set)                | `VAULT_CAPATH`            |
| `-client-cert=<string>`     | Path to a PEM-encoded client certificate           | (not set)                | `VAULT_CLIENT_CERT`       |
| `-client-key=<string>`      | Path to a PEM-encoded client key                   | (not set)                | `VAULT_CLIENT_KEY`        |
| `-disable-redirects`        | Disable redirect behavior                          | `false`                  | `VAULT_DISABLE_REDIRECTS` |
| `-header=<key=value>`       | Add HTTP headers to requests                       | (not set)                | (not applicable)          |
| `-mfa=<string>`             | Supply MFA credentials                             | (not set)                | `VAULT_MFA`               |
| `-namespace=<string>`       | Namespace to use for the command                   | (not set)                | `VAULT_NAMESPACE`         |
| `-non-interactive`          | Prevent user input via terminal                    | `false`                  | (not applicable)          |
| `-output-curl-string`       | Print cURL equivalent command instead of execution | `false`                  | (not applicable)          |
| `-output-policy`            | Print required HCL policy instead of execution     | `false`                  | (not applicable)          |
| `-policy-override`          | Override a soft-mandatory Sentinel policy          | `false`                  | (not applicable)          |
| `-tls-server-name=<string>` | Name to use as the SNI host for TLS                | (not set)                | `VAULT_TLS_SERVER_NAME`   |
| `-tls-skip-verify`          | Disable TLS certificate verification               | `false`                  | `VAULT_SKIP_VERIFY`       |
| `-unlock-key=<string>`      | Key to unlock a namespace API lock                 | (not set)                | (not applicable)          |
| `-wrap-ttl=<duration>`      | Wraps response in a cubbyhole token                | (not set)                | `VAULT_WRAP_TTL`          |

### Command options

| Option                          | Description                                               | Default   | Environment Variable |
| ------------------------------- | --------------------------------------------------------- | --------- | -------------------- |
| `-config=<string>`              | Path to a configuration file                              | (not set) | (not applicable)     |
| `-exit-after-auth`              | Exit after a successful auth                              | `false`   | (not applicable)     |
| `-log-file=<string>`            | Path to log file                                          | (not set) | (not applicable)     |
| `-log-format=<string>`          | Log format (`standard` or `json`)                         | (not set) | `VAULT_LOG_FORMAT`   |
| `-log-level=<string>`           | Log verbosity (`trace`, `debug`, `info`, `warn`, `error`) | (not set) | `VAULT_LOG_LEVEL`    |
| `-log-rotate-bytes=<int>`       | Max log file size before rotation                         | Unlimited | (not applicable)     |
| `-log-rotate-duration=<string>` | Max log duration before rotation                          | (not set) | (not applicable)     |
| `-log-rotate-max-files=<int>`   | Max number of old log files to keep                       | (not set) | (not applicable)     |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management/vhsm-proxy.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.