NOTE: This is a K/V Version 2 secrets engine command, and not available for Version 1.
kv patch command writes the data to the given path in the K/V v2 secrets
engine. The data can be of any type. Unlike the
kv put command, the
command combines the change with existing data instead of replacing them.
Therefore, this command makes it easy to make a partial updates to an existing
If you wish to add an additional key-value (
ttl=48h) to the existing data at
the key "creds":
$ vault kv patch secret/creds ttl=48h Key Value --- ----- created_time 2019-06-06T16:46:22.090654Z deletion_time n/a destroyed false version 6
kv put command requires both the existing data and
the data you wish to add in order to accomplish the same result.
$ vault kv put secret/creds ttl=48h passcode=my-long-passcode
The data can also be consumed from a file on disk by prefixing with the "@" symbol. For example:
$ vault kv patch secret/creds @data.json
Or it can be read from stdin using the "-" symbol:
$ echo "abcd1234" | vault kv patch secret/foo bar=-
There are no flags beyond the standard set of flags included on all commands.
(string: "")- Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result will not have a trailing newline making it ideal for piping to other processes.
(string: "table")- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the