vhsm write
Learn to write data to a vHSM server at a specified path to store credentials, secrets, configurations, or arbitrary data.
The vhsm write
command writes data to vHSM at the given path. It is a wrapper for HTTP PUT
or POST
requests. This command is used to store credentials, secrets, configurations, or arbitrary data. The behavior of this command depends on the secret engine mounted at the specified path.
Data is provided as key=value
pairs. Special handling includes:
Values starting with
@
are loaded from a file.Values set to
-
are read fromstdin
.If
-
is the only argument,vhsm write
reads a JSON blob fromstdin
.
Usage
vhsm write <path> <key=value> [options]
Subcommands and Options
-field
<string>
Prints only the specified field in the selected format (ideal for piping).
-format
<string>
Specifies the output format. Valid values: table
, json
, yaml
. Defaults to table
.
-force
/ -f
Allows write operations without key-value pairs. Used for actions that don’t require data.
Examples
Store arbitrary secrets
vhsm write cubbyhole/git-credentials username="student01" password="p@$$w0rd"
Create a new encryption key in the transit secrets engine
vhsm write -force transit/keys/my-key
Upload an AWS IAM policy from a file
vhsm write aws/roles/ops [email protected]
Configure access to Consul using an access token
`echo $MY_TOKEN
Create a token with TTL, policy, and usage limit
vhsm write auth/token/create policies="admin" policies="secops" ttl=8h num_uses=3
Equivalent API request using cURL
tee request_payload.json -<<EOF
{
"policies": ["admin", "secops"],
"ttl": "8h",
"num_uses": 3
}
EOF
curl --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @request_payload.json \
$VAULT_ADDR/v1/auth/token/create
Simplified token creation using CLI
vhsm token create -policy=admin -policy=secops -ttl=8h -use-limit=3
Output
Key Value
--- -----
token hvs.CAESIBcWWiHVdrJIIqLUOIX5_QuJtp3xrd-FEFT-rqngnFXCGh4KHGh2cy5nZEl0ZWtkcmg5Q1kxMHJFNTVUcGtoMXA
token_accessor LiCLc2rBMS5epeu6rcaJcJX4
token_duration 8h
token_renewable true
token_policies ["admin" "default" "secops"]
identity_policies []
policies ["admin" "default" "secops"]
Last updated
Was this helpful?