2017-09-08 02:14:04 +00:00
|
|
|
---
|
2020-01-18 00:18:09 +00:00
|
|
|
layout: docs
|
|
|
|
page_title: read - Command
|
2017-09-08 02:14:04 +00:00
|
|
|
description: |-
|
|
|
|
The "read" command reads data from Vault at the given path. This can be used
|
|
|
|
to read secrets, generate dynamic credentials, get configuration details, and
|
|
|
|
more.
|
|
|
|
---
|
|
|
|
|
|
|
|
# read
|
|
|
|
|
2022-04-21 16:17:24 +00:00
|
|
|
The `read` command reads data from Vault at the given path (wrapper command for
|
|
|
|
HTTP GET). You can use the command to read secrets, generate dynamic
|
|
|
|
credentials, get configuration details, and more.
|
2017-09-08 02:14:04 +00:00
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
2022-04-21 16:17:24 +00:00
|
|
|
Read entity details of a given ID:
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ vault read identity/entity/id/2f09126d-d161-abb8-2241-555886491d97
|
|
|
|
```
|
|
|
|
|
|
|
|
Generate dynamic AWS credentials for a `my-role`:
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ vault read aws/creds/my-role
|
|
|
|
```
|
|
|
|
|
|
|
|
### API versus CLI
|
|
|
|
|
|
|
|
Assuming that you have K/V version 2 (`kv-v2`) secrets engine enabled at
|
|
|
|
`secret/`, the following command reads secrets at the `secret/data/customers`
|
|
|
|
API path:
|
2017-09-08 02:14:04 +00:00
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
```shell-session
|
2022-04-21 16:17:24 +00:00
|
|
|
$ vault read secret/data/customers
|
2017-09-08 02:14:04 +00:00
|
|
|
```
|
|
|
|
|
2022-04-21 16:17:24 +00:00
|
|
|
This is equivalent to:
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ curl --request GET --header "X-Vault-Token: $VAULT_TOKEN" \
|
|
|
|
$VAULT_ADDR/v1/secret/data/customers
|
|
|
|
```
|
|
|
|
|
|
|
|
Since K/V secrets engine is a commonly used feature, Vault CLI provides the
|
|
|
|
[`kv`](/docs/commands/kv) command. Read secrets from the `secret/data/customers`
|
|
|
|
path using the `kv` CLI command:
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ vault kv get secret/customers
|
|
|
|
```
|
|
|
|
|
|
|
|
-> **Comparison:** All three commands retrieve the same data, but display the
|
|
|
|
output in a different format. By default, `vault read` prints output in
|
|
|
|
key-value format. The `curl` command prints the response in JSON. Since the
|
|
|
|
`kv` command is designed to handle operations associated with K/V secrets
|
|
|
|
engine, it prints the output in more structured format that is easy to read.
|
|
|
|
|
2017-09-08 02:14:04 +00:00
|
|
|
## Usage
|
|
|
|
|
|
|
|
The following flags are available in addition to the [standard set of
|
2020-01-22 20:05:41 +00:00
|
|
|
flags](/docs/commands) included on all commands.
|
2017-09-08 02:14:04 +00:00
|
|
|
|
|
|
|
### Output Options
|
|
|
|
|
|
|
|
- `-field` `(string: "")` - Print only the field with the given name. Specifying
|
|
|
|
this option will take precedence over other formatting directives. The result
|
2018-02-12 23:12:16 +00:00
|
|
|
will not have a trailing newline making it ideal for piping to other processes.
|
2017-09-08 02:14:04 +00:00
|
|
|
|
|
|
|
- `-format` `(string: "table")` - Print the output in the given format. Valid
|
|
|
|
formats are "table", "json", or "yaml". This can also be specified via the
|
|
|
|
`VAULT_FORMAT` environment variable.
|
2022-04-21 16:17:24 +00:00
|
|
|
|
|
|
|
For a full list of examples and paths, please see the documentation that
|
|
|
|
corresponds to the secrets engine in use.
|