Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Usage
  • vhsm lease lookup
  • vhsm lease renew
  • vhsm lease revoke

Was this helpful?

  1. vHSM CLI
  2. Configuration and Management

vhsm lease

Learn to use vhsm lease command to interact with the leases attached to the secrets.

The vhsm lease command groups subcommands for interacting with leases attached to secrets. For leases attached to tokens, use the vhsm token subcommand.

Ensure that you have the id of the lease that you would like to interact with.

Usage

vhsm lease <subcommand> [options] [args]

Subcommands

Command
Description

Retrieve lease information by lease ID.

Renew the lease of a secret.

Revoke leases and secrets.


vhsm lease lookup

The lookup command retrieves information on the lease of a secret.

Example

vhsm lease lookup database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83

Output

Key             Value
---             -----
expire_time     2021-03-17T11:55:50.755313-05:00
id              database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
issue_time      2021-03-17T11:45:50.755312-05:00
last_renewal    <nil>
renewable       true
ttl             9m52s

vhsm lease renew

Renews the lease on a secret, extending its usage before revocation by vHSM. Renewing a lease does not change the contents of the secret.

Example

vhsm lease renew database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83

Output

Key                Value
---                -----
lease_id           database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83
lease_duration     5m
lease_renewable    true

Options

Flag
Description

-increment <duration>

Request a specific increment in seconds. vHSM may not honor this request.


vhsm lease revoke

Revokes the lease on a secret, invalidating the underlying secret.

Example 1: Revoke a specific lease

vhsm lease revoke database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83

Output

Success! Revoked lease: database/creds/readonly/27e1b9a1-27b8-83d9-9fe0-d99d786bdc83

Example 2: Revoke leases with a specific prefix

vhsm lease revoke -prefix database/creds

Output

Success! Revoked any leases with prefix: database/creds

Options

Flag
Description

-force (-f)

Delete the lease from vHSM even if secret engine revocation fails. Requires -prefix. Default: false.

-prefix

Treat the ID as a prefix instead of an exact lease ID, allowing multiple leases to be revoked. Default: false.

-sync

Make the operation synchronous instead of queuing revocations in the background. Default: false.

Previousvhsm path-helpNextAuditing and Debugging

Last updated 2 months ago

Was this helpful?

lookup
renew
revoke