vhsm proxy

Learn about authentication, caching, and secure communication to streamline vHSM adoption.

Usage

vhsm proxy [options]

This command starts a vHSM Proxy that can perform automatic authentication in certain environments.

Example:

vhsm proxy -config=/etc/vault/config.hcl

HTTP Options

Option
Description
Default
Environment Variable

-address=<string>

Address of the vHSM server

https://127.0.0.1:8200

VAULT_ADDR

-agent-address=<string>

Address of the Agent

(not set)

VAULT_AGENT_ADDR

-ca-cert=<string>

Path to a single PEM-encoded CA certificate

(not set)

VAULT_CACERT

-ca-path=<string>

Path to a directory of PEM-encoded CA certificates

(not set)

VAULT_CAPATH

-client-cert=<string>

Path to a PEM-encoded client certificate

(not set)

VAULT_CLIENT_CERT

-client-key=<string>

Path to a PEM-encoded client key

(not set)

VAULT_CLIENT_KEY

-disable-redirects

Disable redirect behavior

false

VAULT_DISABLE_REDIRECTS

-header=<key=value>

Add HTTP headers to requests

(not set)

(not applicable)

-mfa=<string>

Supply MFA credentials

(not set)

VAULT_MFA

-namespace=<string>

Namespace to use for the command

(not set)

VAULT_NAMESPACE

-non-interactive

Prevent user input via terminal

false

(not applicable)

-output-curl-string

Print cURL equivalent command instead of execution

false

(not applicable)

-output-policy

Print required HCL policy instead of execution

false

(not applicable)

-policy-override

Override a soft-mandatory Sentinel policy

false

(not applicable)

-tls-server-name=<string>

Name to use as the SNI host for TLS

(not set)

VAULT_TLS_SERVER_NAME

-tls-skip-verify

Disable TLS certificate verification

false

VAULT_SKIP_VERIFY

-unlock-key=<string>

Key to unlock a namespace API lock

(not set)

(not applicable)

-wrap-ttl=<duration>

Wraps response in a cubbyhole token

(not set)

VAULT_WRAP_TTL

Command options

Option
Description
Default
Environment Variable

-config=<string>

Path to a configuration file

(not set)

(not applicable)

-exit-after-auth

Exit after a successful auth

false

(not applicable)

-log-file=<string>

Path to log file

(not set)

(not applicable)

-log-format=<string>

Log format (standard or json)

(not set)

VAULT_LOG_FORMAT

-log-level=<string>

Log verbosity (trace, debug, info, warn, error)

(not set)

VAULT_LOG_LEVEL

-log-rotate-bytes=<int>

Max log file size before rotation

Unlimited

(not applicable)

-log-rotate-duration=<string>

Max log duration before rotation

(not set)

(not applicable)

-log-rotate-max-files=<int>

Max number of old log files to keep

(not set)

(not applicable)

Last updated

Was this helpful?