kv metadata
NOTE: This is a K/V Version 2 secrets engine command, and not available for Version 1.
The kv metadata
command has subcommands for interacting with the metadata and
versions for the versioned secrets (K/V Version 2 secrets engine) at the
specified path.
Usage
kv metadata delete
The kv metadata delete
command deletes all versions and metadata for the
provided key.
Examples
Deletes all versions and metadata of the key "creds":
kv metadata get
The kv metadata get
command retrieves the metadata of the versioned secrets at
the given key name. If no key exists with that name, an error is returned.
Examples
Retrieves the metadata of the key name, "creds":
kv metadata put
The kv metadata put
command can be used to create a blank key in the K/V v2
secrets engine or to update key configuration for a specified key.
Examples
Create a key in the K/V v2 with no data at the key "creds":
Set the maximum number of versions to keep for the key "creds":
NOTE: If not set, the backend’s configured max version is used. Once a key has more than the configured allowed versions the oldest version will be permanently deleted.
Require Check-and-Set for the key "creds":
NOTE: When check-and-set is required, the key will require the cas
parameter to be set on all write requests. Otherwise, the backend’s
configuration will be used.
Set the length of time before a version is deleted for the key "creds":
NOTE: If not set, the backend's configured Delete-Version-After is used. If set to a duration greater than the backend's, the backend's Delete-Version-After setting will be used. Any changes to the Delete-Version-After setting will only be applied to new versions.
Output Options
-format
(string: "table")
- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMAT
environment variable.
Subcommand Options
-cas-required
(bool: false)
- If true the key will require the cas parameter to be set on all write requests. If false, the backend’s configuration will be used. The default is false.-max-versions
(int: 0)
- The number of versions to keep per key. If not set, the backend’s configured max version is used. Once a key has more than the configured allowed versions the oldest version will be permanently deleted.-delete-version-after
(string:"0s")
– Set thedelete-version-after
value to a duration to specify thedeletion_time
for all new versions written to this key. If not set, the backend'sdelete_version_after
will be used. If the value is greater than the backend'sdelete_version_after
, the backend'sdelete_version_after
will be used. Accepts Go duration format string.custom-metadata
(string: "")
- Specifies a key-value pair for thecustom_metadata
field. This can be specified multiple times to add multiple pieces of metadata.