Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Usage
  • Example
  • Options
  • Output Fields
  • Notes

Was this helpful?

  1. vHSM CLI
  2. Server and Infrastructure Management

vhsm status

Learn about the current status of vHSM server.

The vhsm status command displays the current state of vHSM server, including its seal status, key shares, high availability (HA) mode, and other relevant details. This command works regardless of whether the vHSM is sealed.

The exit code indicates the seal status:

  • 0 – Unsealed

  • 1 – Error

  • 2 – Sealed

Usage

vhsm status [options]

Example

Check the current vhsm status

vhsm status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.3.7-0
Build Date      2025-01-29T15:11:42Z
Storage Type    inmem
Cluster Name    vault-cluster-64dcd906
Cluster ID      d36a3be0-d5ae-380d-58ae-ad2a18b01c6c
HA Enabled      false

Options

Flag
Description
Default

-format (string)

Specifies the output format: table, json, or yaml.

table

VAULT_FORMAT (env var)

Sets the output format globally via the environment variable.

table

Output Fields

Field
Description
Condition

Sealed

Indicates whether vHSM is sealed (true or false).

Always displayed.

Total Shares

Number of key shares required for unsealing.

Always displayed.

Threshold

Minimum number of key shares required to unseal.

Always displayed.

Unseal Progress

Number of key shares provided so far.

Displayed only when vHSM is sealed.

Unseal Nonce

Nonce used during unsealing.

Displayed only when vHSM is sealed.

Version

Version of vHSM currently running.

Always displayed.

Build Date

Timestamp of the vHSM build.

Always displayed.

Cluster Name

Name of the vHSM cluster.

Displayed if available.

Cluster ID

Unique identifier of the vHSM cluster.

Displayed if available.

High-Availability Enabled

Indicates if HA mode is enabled.

Always displayed.

HA Cluster

Shows details about the HA cluster.

Displayed when HA mode is enabled.

HA Mode

Specifies the HA mode (e.g., active, standby).

Displayed when HA mode is enabled.

Active Since

Timestamp indicating when the node became active.

Displayed for active HA nodes.

Performance Standby Node

Indicates if the node is a performance standby.

Displayed for performance standby nodes.

Performance Standby Last Remote WAL

Last known write-ahead log for performance standby nodes.

Displayed for performance standby nodes.

Raft Committed Index

The last index committed in Raft storage.

Displayed if non-zero.

Raft Applied Index

The last index applied in Raft storage.

Displayed if non-zero.

Last WAL

The last write-ahead log entry in Raft storage.

Displayed if non-zero.

Warnings

Displays relevant warnings, if any.

Displayed if applicable.

Notes

  • By default, the output is formatted in a human-readable table format. Use -format=json or -format=yaml for structured output.

  • The vhsm status command can be used even if vHSM is sealed, making it useful for debugging and monitoring.

Previousvhsm monitorNextvhsm agent

Last updated 2 months ago

Was this helpful?