Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Version Columns (-detailed flag)
  • Examples
  • Available Options

Was this helpful?

  1. vHSM CLI
  2. Secret Management
  3. vhsm secrets

vhsm secrets list

Learn to view all the enabled secrets engine on the vHSM server.

The vhsm secrets list command lists all enabled secrets engines on the vHSM server. It also displays key details such as configured TTLs and descriptions.

A TTL value of "system" means the system default TTL is in use.

Deprecation status column

  • All built-in secrets engines have an associated Deprecation Status.

  • For custom (non-built-in) secrets engines, this column will display "n/a".

Usage

vhsm secrets list [options]

Version Columns (-detailed flag)

Using the -detailed flag provides additional version details:

Column
Description

Version

Configured plugin version (empty or "n/a" means built-in or unversioned).

Running Version

The actual plugin version currently running.

Running SHA256

The SHA256 checksum of the running plugin binary. If different from the catalog, the plugin hasn't been reloaded since an update.


Examples

  • List all enabled secrets engines

    vhsm secrets list

    Output

    EditPath          Type         Accessor              Description
    ----          ----         --------              -----------
    cubbyhole/    cubbyhole    cubbyhole_548b4dc5    per-token private secret storage
    secret/       kv           identity_aa00c06d     key/value secret storage
    sys/          system       system_547412e3       system endpoints used for control, policy, and debugging
  • List all enabled secrets engines with detailed output

    vhsm secrets list -detailed

    Output

    Path           Plugin        Accessor               Default TTL    Max TTL    Force No Cache    Replication    Seal Wrap    External Entropy Access    Options    Description                                                UUID                                  Version    Running Version          Running SHA256    Deprecation Status
    ----           ------        --------               -----------    -------    --------------    -----------    ---------    -----------------------    -------    -----------                                                ----                                  -------    ---------------          --------------    ------------------
    cubbyhole/     cubbyhole     cubbyhole_b16d1bc0     n/a            n/a        false             local          false        false                      map[]      per-token private secret storage                           8c64d56b-9d46-d667-1155-a8c1a83a5d01  n/a        v1.12.0+builtin.vault    n/a               n/a
    identity/      identity      identity_3d67c936      system         system     false             replicated     false        false                      map[]      identity store                                             5aa1e59c-33b5-9dec-05d6-c80c9a800557  n/a        v1.12.0+builtin.vault    n/a               n/a
    postgresql/    postgresql    postgresql_f0a54308    system         system     false             replicated     false        false                      map[]      n/a                                                        8cdc1d2d-0713-eaa6-17e3-49790a60650b  n/a        v1.12.0+builtin.vault    n/a               deprecated
    sys/           system        system_c86bd362        n/a            n/a        false             replicated     true         false                      map[]      system endpoints used for control, policy and debugging    e3193999-0875-d38d-3458-21d9f2762c80  n/a        v1.12.0+builtin.vault    n/a               n/a

Available Options

Output Options

Option
Description

-format=<string>

Specifies the output format: "table" (default), "json", or "yaml". Can also be set via the VAULT_FORMAT environment variable.

Command Options

Option
Description

-detailed

Displays detailed information about each secrets engine, including replication status, configuration, and version details.

Previousvhsm secrets disableNextvhsm secrets move

Last updated 2 months ago

Was this helpful?