open-vault/website/content/docs/commands/read.mdx

78 lines
2.3 KiB
Plaintext
Raw Normal View History

2017-09-08 02:14:04 +00:00
---
layout: docs
page_title: read - Command
2017-09-08 02:14:04 +00:00
description: |-
The "read" command reads data from Vault at the given path. This can be used
to read secrets, generate dynamic credentials, get configuration details, and
more.
---
# read
The `read` command reads data from Vault at the given path (wrapper command for
HTTP GET). You can use the command to read secrets, generate dynamic
credentials, get configuration details, and more.
2017-09-08 02:14:04 +00:00
## Examples
Read entity details of a given ID:
```shell-session
$ vault read identity/entity/id/2f09126d-d161-abb8-2241-555886491d97
```
Generate dynamic AWS credentials for a `my-role`:
```shell-session
$ vault read aws/creds/my-role
```
### API versus CLI
Assuming that you have K/V version 2 (`kv-v2`) secrets engine enabled at
`secret/`, the following command reads secrets at the `secret/data/customers`
API path:
2017-09-08 02:14:04 +00:00
```shell-session
$ vault read secret/data/customers
2017-09-08 02:14:04 +00:00
```
This is equivalent to:
```shell-session
$ curl --request GET --header "X-Vault-Token: $VAULT_TOKEN" \
$VAULT_ADDR/v1/secret/data/customers
```
Since K/V secrets engine is a commonly used feature, Vault CLI provides the
[`kv`](/docs/commands/kv) command. Read secrets from the `secret/data/customers`
path using the `kv` CLI command:
```shell-session
$ vault kv get secret/customers
```
-> **Comparison:** All three commands retrieve the same data, but display the
output in a different format. By default, `vault read` prints output in
key-value format. The `curl` command prints the response in JSON. Since the
`kv` command is designed to handle operations associated with K/V secrets
engine, it prints the output in more structured format that is easy to read.
2017-09-08 02:14:04 +00:00
## Usage
The following flags are available in addition to the [standard set of
flags](/docs/commands) included on all commands.
2017-09-08 02:14:04 +00:00
### Output Options
- `-field` `(string: "")` - Print only the field with the given name. Specifying
this option will take precedence over other formatting directives. The result
CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format
2018-02-12 23:12:16 +00:00
will not have a trailing newline making it ideal for piping to other processes.
2017-09-08 02:14:04 +00:00
- `-format` `(string: "table")` - Print the output in the given format. Valid
formats are "table", "json", or "yaml". This can also be specified via the
`VAULT_FORMAT` environment variable.
For a full list of examples and paths, please see the documentation that
corresponds to the secrets engine in use.