» kv metadata
NOTE: This is a K/V Version 2 secrets engine command, and not available for Version 1.
The kv metadata
command has subcommands for interacting with the metadata and
versions for the versioned secrets (K/V Version 2 secrets engine) at the
specified path.
» Usage
» kv metadata delete
The kv metadata delete
command deletes all versions and metadata for the
provided key.
» Examples
Deletes all versions and metadata of the key "creds":
» kv metadata get
The kv metadata get
command retrieves the metadata of the versioned secrets at
the given key name. If no key exists with that name, an error is returned.
» Examples
Retrieves the metadata of the key name, "creds":
» kv metadata put
The kv metadata put
command can be used to create a blank key in the K/V v2
secrets engine or to update key configuration for a specified key.
» Examples
Create a key in the K/V v2 with no data at the key "creds":
Set the maximum number of versions to keep for the key "creds":
NOTE: If not set, the backend’s configured max version is used. Once a key has more than the configured allowed versions the oldest version will be permanently deleted.
Require Check-and-Set for the key "creds":
NOTE: When check-and-set is required, the key will require the cas
parameter to be set on all write requests. Otherwise, the backend’s
configuration will be used.
Set the length of time before a version is deleted for the key "creds":
NOTE: If not set, the backend's configured Delete-Version-After is used. If set to a duration greater than the backend's, the backend's Delete-Version-After setting will be used. Any changes to the Delete-Version-After setting will only be applied to new versions.
» Output Options
-format
(string: "table")
- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMAT
environment variable.
» Subcommand Options
-cas-required
(bool: false)
- If true the key will require the cas parameter to be set on all write requests. If false, the backend’s configuration will be used. The default is false.-max-versions
(int: 0)
- The number of versions to keep per key. If not set, the backend’s configured max version is used. Once a key has more than the configured allowed versions the oldest version will be permanently deleted.-delete-version-after
(string:"0s")
– Set thedelete-version-after
value to a duration to specify thedeletion_time
for all new versions written to this key. If not set, the backend'sdelete_version_after
will be used. If the value is greater than the backend'sdelete_version_after
, the backend'sdelete_version_after
will be used. Accepts Go duration format string.custom-metadata
(string: "")
- Specifies a key-value pair for thecustom_metadata
field. This can be specified multiple times to add multiple pieces of metadata.