vhsm policy
Learn to write, read, list, and delete vHSM policies
The vhsm policy
command groups subcommands for interacting with vHSM policies. Users can write, read, list, and delete policies.
Usage
vhsm policy <subcommand> [options] [args]
Subcommands
vhsm policy delete
vhsm policy delete
Deletes the specified policy from the vHSM server. This action immediately affects all tokens associated with the policy.
Example
vhsm policy delete my-policy
Output
Success! Deleted policy: my-policy
This command does not have additional flags beyond the standard vHSM CLI options.
vhsm policy fmt
vhsm policy fmt
Formats a local policy file according to vHSM's policy specification. This command overwrites the existing file.
Example
vhsm policy fmt my-policy.hcl
Output
Success! Formatted policy: my-policy.hcl
This command does not have additional flags beyond the standard vHSM CLI options.
vhsm policy list
vhsm policy list
Lists the names of all installed policies in the vHSM server.
Example
vhsm policy list
Output:
default
my-policy
root
Options
-format
string
table
Output format: table
, json
, or yaml
. Can also be set via VAULT_FORMAT
.
vhsm policy read
vhsm policy read
Displays the contents and metadata of a specified policy. Returns an error if the policy does not exist.
Example
vhsm policy read my-policy
Output
# Define policy name and capabilities
path "secret/data/my-app/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
# Grant read-only access to another secret path
path "secret/data/config" {
capabilities = ["read", "list"]
}
# Allow access to check authentication status
path "auth/token/lookup-self" {
capabilities = ["read"]
}
Options
-format
string
table
Output format: table
, json
, or yaml
. Can also be set via VAULT_FORMAT
.
vhsm policy write
vhsm policy write
Uploads a policy from a file or standard input.
Examples
Upload a policy from a local file:
vhsm policy write my-policy /tmp/policy.hcl
Upload a policy from stdin
:
cat my-policy.hcl | vault policy write my-policy
Output
Success! Uploaded policy: my-policy
This command does not have additional flags beyond the standard Vault CLI options.
Last updated
Was this helpful?