kv patch
NOTE: This is a K/V Version 2 secrets engine command, and not available for Version 1.
The kv patch
command writes the data to the given path in the K/V v2 secrets
engine. The data can be of any type. Unlike the kv put
command, the patch
command combines the change with existing data instead of replacing them.
Therefore, this command makes it easy to make a partial updates to an existing
data.
Examples
If you wish to add an additional key-value (ttl=48h
) to the existing data at
the key "creds":
NOTE: The kv put
command requires both the existing data and
the data you wish to add in order to accomplish the same result.
The data can also be consumed from a file on disk by prefixing with the "@" symbol. For example:
Or it can be read from stdin using the "-" symbol:
Usage
Output Options
-field
(string: "")
- Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result will not have a trailing newline making it ideal for piping to other processes.-format
(string: "table")
- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMAT
environment variable.
Command Options
-method
(string: "patch")
- Specifies the patch method to use. Valid methods arepatch
andrw
. Thepatch
method uses an HTTPPATCH
request to apply the partial update. Therw
method will fetch the secret's data, perform an in-memory update, and write the updated data.-cas
(int: 0)
- Specifies the value to use for the Check-And-Set operation. This flag will only be used for thepatch
method. This flag is required ifcas_required
is set totrue
on either the secret or the engine's config. In order for apatch
to be successful,-cas
must be set to the current version of the secret. This flag will be ignored for therw
method. Instead, its value will be derived from fetching the current version of the secret.