»secrets tune

The secrets tune command tunes the configuration options for the secrets engine at the given PATH. The argument corresponds to the PATH where the secrets engine is enabled, not the TYPE!

»Examples

Tune the default lease for the PKI secrets engine:

$ vault secrets tune -default-lease-ttl=72h pki/

Specify multiple audit non-hmac request keys:

$ vault secrets tune -audit-non-hmac-request-keys=value1 -audit-non-hmac-request-keys=value2 pki/

»Usage

The following flags are available in addition to the standard set of flags included on all commands.

  • -audit-non-hmac-request-keys (string: "") - Key that will not be HMAC'd by audit devices in the request data object. Note that multiple keys may be specified by providing this option multiple times, each time with 1 key.

  • -audit-non-hmac-response-keys (string: "") - Key that will not be HMAC'd by audit devices in the response data object. Note that multiple keys may be specified by providing this option multiple times, each time with 1 key.

  • -default-lease-ttl (duration: "") - The default lease TTL for this secrets engine. If unspecified, this defaults to the Vault server's globally configured default lease TTL, or a previously configured value for the secrets engine.

  • -max-lease-ttl (duration: "") - The maximum lease TTL for this secrets engine. If unspecified, this defaults to the Vault server's globally configured maximum lease TTL, or a previously configured value for the secrets engine.