Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Usage
  • vhsm policy delete
  • vhsm policy fmt
  • vhsm policy list
  • vhsm policy read
  • vhsm policy write

Was this helpful?

  1. vHSM CLI
  2. Authentication and Authorization

vhsm policy

Learn to write, read, list, and delete vHSM policies

The vhsm policy command groups subcommands for interacting with vHSM policies. Users can write, read, list, and delete policies.

Usage

vhsm policy <subcommand> [options] [args]

Subcommands

Subcommand
Description

Deletes a policy by name.

Formats a local policy file.

Lists installed policies.

Prints the contents of a policy.

Uploads a named policy from a file.

vhsm policy delete

Deletes the specified policy from the vHSM server. This action immediately affects all tokens associated with the policy.

Note: The built-in default and root policies cannot be deleted.

Example

vhsm policy delete my-policy

Output

Success! Deleted policy: my-policy

This command does not have additional flags beyond the standard vHSM CLI options.

vhsm policy fmt

Formats a local policy file according to vHSM's policy specification. This command overwrites the existing file.

Example

vhsm policy fmt my-policy.hcl

Output

Success! Formatted policy: my-policy.hcl

This command does not have additional flags beyond the standard vHSM CLI options.

vhsm policy list

Lists the names of all installed policies in the vHSM server.

Example

vhsm policy list

Output:

default
my-policy
root

Options

Flag
Type
Default
Description

-format

string

table

Output format: table, json, or yaml. Can also be set via VAULT_FORMAT.

vhsm policy read

Displays the contents and metadata of a specified policy. Returns an error if the policy does not exist.

Example

vhsm policy read my-policy

Output

# Define policy name and capabilities
path "secret/data/my-app/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

# Grant read-only access to another secret path
path "secret/data/config" {
  capabilities = ["read", "list"]
}

# Allow access to check authentication status
path "auth/token/lookup-self" {
  capabilities = ["read"]
}

Options

Flag
Type
Default
Description

-format

string

table

Output format: table, json, or yaml. Can also be set via VAULT_FORMAT.


vhsm policy write

Uploads a policy from a file or standard input.

Examples

Upload a policy from a local file:

vhsm policy write my-policy /tmp/policy.hcl

Upload a policy from stdin:

cat my-policy.hcl | vault policy write my-policy 

Output

Success! Uploaded policy: my-policy

This command does not have additional flags beyond the standard Vault CLI options.


Previousvhsm tokenNextStorage and Data Mangement

Last updated 2 months ago

Was this helpful?

delete
fmt
list
read
write