Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Usage
  • Examples
  • API vs CLI
  • Flags
  • Additional information

Was this helpful?

  1. vHSM CLI
  2. Secret Management

vhsm read

Learn to retrieve data from a specified path in a vHSM server.

The vhsm read command retrieves data from vHSM at a specified path. It acts as a wrapper for an HTTP GET request, allowing users to:

  • Read secrets

  • Generate dynamic credentials

  • Retrieve configuration details

  • Access other stored data in a vHSM

Usage

vhsm read [flags] <path>
  • <path>: The path in vHSM where data is stored.

Examples

1. Read entity details for a given ID

vhsm read identity/entity/id/2f09126d-d161-abb8-2241-555886491d97

2. Generate dynamic AWS credentials for a role

vhsm read aws/creds/my-role

API vs CLI

If the Key/Value (K/V) v2 secrets engine is enabled at secret/, the following command reads secrets from secret/data/customers:

vhsm read secret/data/customers

This is equivalent to making a direct API request using curl:

curl --request GET --header "X-Vault-Token: $VAULT_TOKEN" \
    $VAULT_ADDR/v1/secret/data/customers

However, since the K/V secrets engine is commonly used, vHSM provides a dedicated kv command for better handling:

vhsm kv get -mount=secret customers

Comparison of Methods

Method
Command
Output Format

CLI (vault read)

vhsm read secret/data/customers

Key-value format

API (curl)

curl --request GET ...

JSON format

CLI (vault kv get)

vhsm kv get -mount=secret customers

Structured format optimized for K/V secrets


Flags

Output options

Flag
Default
Description

-field=<name>

"" (empty)

Prints only the specified field, formatted according to -format. No trailing newline (ideal for piping to other processes).

-format=<type>

"table"

Defines the output format. Valid options: "table", "json", "yaml", or "raw". Can also be set using the VAULT_FORMAT environment variable.


Additional information

For a full list of examples and paths, refer to the documentation corresponding to the specific secrets engine in use.

PreviousSecret ManagementNextvhsm write

Last updated 2 months ago

Was this helpful?