1.5 KiB
| layout | page_title | sidebar_title | sidebar_current | description |
|---|---|---|---|---|
| docs | unwrap - Command | <code>unwrap</code> | docs-commands-unwrap | The "unwrap" command unwraps a wrapped secret from Vault by the given token. The result is the same as the "vault read" operation on the non-wrapped secret. If no token is given, the data in the currently authenticated token is unwrapped. |
unwrap
The unwrap command unwraps a wrapped secret from Vault by the given token. The
result is the same as the "vault read" operation on the non-wrapped secret. If
no token is given, the data in the currently authenticated token is unwrapped.
Examples
Unwrap the data in the cubbyhole secrets engine for a token:
$ vault unwrap 3de9ece1-b347-e143-29b0-dc2dc31caafd
Unwrap the data in the active token:
$ vault login 848f9ccf-7176-098c-5e2b-75a0689d41cd
$ vault unwrap # unwraps 848f9ccf...
Usage
The following flags are available in addition to the standard set of flags included on all commands.
Output Options
-
-field(string: "")- Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result will not have a trailing newline making it ideal for piping to other processes. -
-format(string: "table")- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMATenvironment variable.