vhsm write
Learn to write data to a vHSM server at a specified path to store credentials, secrets, configurations, or arbitrary data.
The vhsm write command writes data to vHSM at the given path. It is a wrapper for HTTP PUT or POST requests. This command is used to store credentials, secrets, configurations, or arbitrary data. The behavior of this command depends on the secret engine mounted at the specified path.
Data is provided as key=value pairs. Special handling includes:
Values starting with
@are loaded from a file.Values set to
-are read fromstdin.If
-is the only argument,vhsm writereads a JSON blob fromstdin.
Usage
Subcommands and Options
-field
<string>
Prints only the specified field in the selected format (ideal for piping).
-format
<string>
Specifies the output format. Valid values: table, json, yaml. Defaults to table.
-force / -f
Allows write operations without key-value pairs. Used for actions that don’t require data.
Examples
Store arbitrary secrets
vhsm write cubbyhole/git-credentials username="student01" password="p@$$w0rd"
Create a new encryption key in the transit secrets engine
vhsm write -force transit/keys/my-key
Upload an AWS IAM policy from a file
vhsm write aws/roles/ops policy=@policy.json
Configure access to Consul using an access token
`echo $MY_TOKEN
Create a token with TTL, policy, and usage limit
vhsm write auth/token/create policies="admin" policies="secops" ttl=8h num_uses=3
Equivalent API request using cURL
Simplified token creation using CLI
Output
Last updated
Was this helpful?