Commands Cheat Sheet

Example H2

Evaluating engineering tools? Get the comparison in Google Sheets

(Perfect for making buy/build decisions or internal reviews.)

Most-used commands
Your email is safe thing.

Thankyou for your submission

We have sent the cheatsheet on your email!
Oops! Something went wrong while submitting the form.

Connection

export VAULT_ADDR='https://vault.example.com:8200'
Set Vault server address

export VAULT_TOKEN='your-token'
Set Vault authentication token

vault login
Interactive login to Vault

vault login -method=github token=
Login with GitHub auth method

vault login -method=userpass username=user password=pass
Login with username/password

Key Management

vault secrets list
List available secrets engines

vault kv get secret/path
Read a secret from KV store

vault kv put secret/path key=value
Write a secret to KV store

vault kv delete secret/path
Delete a secret

vault kv metadata get secret/path
Get metadata for a secret

Policy Management

vault policy list
List policies

vault policy read policy-name
Read a policy

vault policy write policy-name policy-file.hcl
Create/update a policy

vault policy delete policy-name
Delete a policy

Auth Methods

vault auth list
List auth methods

vault auth enable method-name
Enable an auth method

vault auth disable method-name
Disable an auth method

vault write auth/method-name/config param=value
Configure auth method

Token Management

vault token create
Create a new token

vault token lookup
Look up token information

vault token renew
Renew token

vault token revoke token
Revoke a token

Secret Engines

vault secrets enable -path=path type
Enable a secrets engine

vault secrets disable path
Disable a secrets engine

vault secrets tune -default-lease-ttl=1h path
Tune secrets engine configuration

PKI Management

vault write pki/root/generate/internal common_name="example.com"
Generate root CA

vault write pki/roles/my-role allowed_domains=example.com
Create a PKI role

vault write pki/issue/my-role common_name=test.example.com
Issue certificate

SSH Management

vault write ssh/creds/role-name ip=1.2.3.4
Generate SSH credentials

vault ssh -role=role-name [email protected]
SSH using Vault

Database Management

vault write database/config/my-db plugin_name=mysql
Configure database connection

vault read database/creds/my-role
Generate database credentials