Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Usage
  • HTTP Options
  • Command options

Was this helpful?

  1. vHSM CLI
  2. Server and Infrastructure Management

vhsm proxy

Learn about authentication, caching, and secure communication to streamline vHSM adoption.

Usage

vhsm proxy [options]

This command starts a vHSM Proxy that can perform automatic authentication in certain environments.

Example:

vhsm proxy -config=/etc/vault/config.hcl

HTTP Options

Option
Description
Default
Environment Variable

-address=<string>

Address of the vHSM server

https://127.0.0.1:8200

VAULT_ADDR

-agent-address=<string>

Address of the Agent

(not set)

VAULT_AGENT_ADDR

-ca-cert=<string>

Path to a single PEM-encoded CA certificate

(not set)

VAULT_CACERT

-ca-path=<string>

Path to a directory of PEM-encoded CA certificates

(not set)

VAULT_CAPATH

-client-cert=<string>

Path to a PEM-encoded client certificate

(not set)

VAULT_CLIENT_CERT

-client-key=<string>

Path to a PEM-encoded client key

(not set)

VAULT_CLIENT_KEY

-disable-redirects

Disable redirect behavior

false

VAULT_DISABLE_REDIRECTS

-header=<key=value>

Add HTTP headers to requests

(not set)

(not applicable)

-mfa=<string>

Supply MFA credentials

(not set)

VAULT_MFA

-namespace=<string>

Namespace to use for the command

(not set)

VAULT_NAMESPACE

-non-interactive

Prevent user input via terminal

false

(not applicable)

-output-curl-string

Print cURL equivalent command instead of execution

false

(not applicable)

-output-policy

Print required HCL policy instead of execution

false

(not applicable)

-policy-override

Override a soft-mandatory Sentinel policy

false

(not applicable)

-tls-server-name=<string>

Name to use as the SNI host for TLS

(not set)

VAULT_TLS_SERVER_NAME

-tls-skip-verify

Disable TLS certificate verification

false

VAULT_SKIP_VERIFY

-unlock-key=<string>

Key to unlock a namespace API lock

(not set)

(not applicable)

-wrap-ttl=<duration>

Wraps response in a cubbyhole token

(not set)

VAULT_WRAP_TTL

Command options

Option
Description
Default
Environment Variable

-config=<string>

Path to a configuration file

(not set)

(not applicable)

-exit-after-auth

Exit after a successful auth

false

(not applicable)

-log-file=<string>

Path to log file

(not set)

(not applicable)

-log-format=<string>

Log format (standard or json)

(not set)

VAULT_LOG_FORMAT

-log-level=<string>

Log verbosity (trace, debug, info, warn, error)

(not set)

VAULT_LOG_LEVEL

-log-rotate-bytes=<int>

Max log file size before rotation

Unlimited

(not applicable)

-log-rotate-duration=<string>

Max log duration before rotation

(not set)

(not applicable)

-log-rotate-max-files=<int>

Max number of old log files to keep

(not set)

(not applicable)

Previousvhsm serverNextvhsm monitor

Last updated 2 months ago

Was this helpful?