open-vault/website/pages/docs/commands/write.mdx

---
layout: docs
page_title: write - Command
sidebar_title: <code>write</code>
description: |-
  The "write" command writes data to Vault at the given path. The data can be
  credentials, secrets, configuration, or arbitrary data. The specific behavior
  of this command is determined at the thing mounted at the path.
---

# write

The `write` command writes data to Vault at the given path. The data can be
credentials, secrets, configuration, or arbitrary data. The specific behavior of
this command is determined at the thing mounted at the path.

Data is specified as "key=value" pairs. If the value begins with an "@", then it
is loaded from a file. If the value is "-", Vault will read the value from
stdin.

For a full list of examples and paths, please see the documentation that
corresponds to the secrets engines in use.

## Examples

Persist data in the KV secrets engine:

```text
$ vault write secret/my-secret foo=bar
```

Create a new encryption key in the transit secrets engine:

```text
$ vault write -f transit/keys/my-key
```

Upload an AWS IAM policy from a file on disk:

```text
$ vault write aws/roles/ops policy=@policy.json
```

Configure access to Consul by providing an access token:

```text
$ echo $MY_TOKEN | vault write consul/config/access token=-
```

## Usage

The following flags are available in addition to the [standard set of
flags](/docs/commands/index.html) included on all commands.

### Output Options

- `-field` `(string: "")` - Print only the field with the given name. Specifying
  this option will take precedence over other formatting directives. The result
  will not have a trailing newline making it ideal for piping to other processes.

- `-format` `(string: "table")` - Print the output in the given format. Valid
  formats are "table", "json", or "yaml". This can also be specified via the
  `VAULT_FORMAT` environment variable.

### Command Options

- `-force` `(bool: false)` - Allow the operation to continue with no key=value
  pairs. This allows writing to keys that do not need or expect data. This is
  aliased as "-f".
Add "write" command documentation 2017-09-08 02:14:36 +00:00			`---`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`layout: docs`
			`page_title: write - Command`
			`sidebar_title: <code>write</code>`
Add "write" command documentation 2017-09-08 02:14:36 +00:00			`description: \|-`
			`The "write" command writes data to Vault at the given path. The data can be`
			`credentials, secrets, configuration, or arbitrary data. The specific behavior`
			`of this command is determined at the thing mounted at the path.`
			`---`

			`# write`

			The `write` command writes data to Vault at the given path. The data can be
			`credentials, secrets, configuration, or arbitrary data. The specific behavior of`
			`this command is determined at the thing mounted at the path.`

			`Data is specified as "key=value" pairs. If the value begins with an "@", then it`
			`is loaded from a file. If the value is "-", Vault will read the value from`
			`stdin.`

			`For a full list of examples and paths, please see the documentation that`
Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`corresponds to the secrets engines in use.`
Add "write" command documentation 2017-09-08 02:14:36 +00:00
			`## Examples`

Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`Persist data in the KV secrets engine:`
Add "write" command documentation 2017-09-08 02:14:36 +00:00
			```text
			`$ vault write secret/my-secret foo=bar`
			```

			`Create a new encryption key in the transit secrets engine:`

			```text
			`$ vault write -f transit/keys/my-key`
			```

			`Upload an AWS IAM policy from a file on disk:`

			```text
			`$ vault write aws/roles/ops policy=@policy.json`
			```

			`Configure access to Consul by providing an access token:`

			```text
			`$ echo $MY_TOKEN \| vault write consul/config/access token=-`
			```

			`## Usage`

			`The following flags are available in addition to the [standard set of`
			`flags](/docs/commands/index.html) included on all commands.`

			`### Output Options`

			- `-field` `(string: "")` - Print only the field with the given name. Specifying
			`this option will take precedence over other formatting directives. The result`
CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format 2018-02-12 23:12:16 +00:00			`will not have a trailing newline making it ideal for piping to other processes.`
Add "write" command documentation 2017-09-08 02:14:36 +00:00
			- `-format` `(string: "table")` - Print the output in the given format. Valid
			`formats are "table", "json", or "yaml". This can also be specified via the`
			`VAULT_FORMAT` environment variable.

			`### Command Options`

			- `-force` `(bool: false)` - Allow the operation to continue with no key=value
			`pairs. This allows writing to keys that do not need or expect data. This is`
			`aliased as "-f".`