VaultCLI Create-Secret Command

Use the vaultCLI create-secret command to create a secret in a box.

Syntax

vaultcli create-secret [options]

Option Description

-h or --help

 Displays usage text.

-T or --ESXi-tls-version string

 Optional. If the managed-type option is set to ESXiHostAccount, you can use this option to set the TLS version to use while connecting to an ESXi host.

-c or --ESXicacert string

Optional. If the managed-type option is set to ESXiHostAccount, use this option to specify the CA certificate to use while connecting to an ESXi host.

-H or --ESXihost string

 The ESXi host address. Required if the managed-type option is set to ESXiHostAccount.

-P or --ESXipasswd string

The password for the ESXi host. Required if the managed-type option is set to ESXiHostAccount.

-U or --ESXiuser string

 The ESXi username. Required if the managed-type option is set to ESXiHostAccount.

-b or --boxid string

 The name or ID of the box where the secret will be created.

-D or --data string

 The secret data.

-X or --datakey stringArray

 The key to associate with the secret data.

-Y or --datavalue stringArray

 The value that corresponds to specific secret data.

-d or --description string

 A short description of the secret.

-x or --exclusive-checkout string {enable|disable}

If this flag is set, all secret checkouts will be exclusive.

Important: If this property is set in a secret, it takes precedence over the property being set in a box.

-e or --expires_at string

The expiration time in RFC 3339 format, prefixed with TS. For example, TS2020-12-12T22:04:16.162848Z.

-l or --lease-duration string

The lease duration to enforce for this secret. The duration must be in ISO 8601 format. For example, P1M15DT12H30M.

Important: If this property is set in a secret, it takes precedence over the property being set in a box.

-L or --lease-renewable string

 Reserved for future use.

-m or --managed-type string

 The type of managed secret. For this release, only ESXiHostAccount is supported.

-B or --master-boxID string

 Optional. The box ID or name of the master secret, if the managed-type option is set to ESXiHostAccount.

-I or --master-secretid string

 Optional. The master secret ID or name, if the managed-type option is set to ESXiHostAccount.

-n or --name string

 The name of the secret.

-r or --rotation-duration string

The duration for when the secret will be rotated. The behavior depends on the rotation-force option. The duration must be in ISO 8601 format. For example, P1M15DT12H30M.

Important: If this property is set in a secret, it takes precedence over the property being set in a box.

-f or --rotation-force string {enable|disable}

If this flag is set, it forces the rotation of this secret. The behavior varies depending on the rotation-duration and rotation-on-checkin options.

Important: If this property is set in a secret, it takes precedence over the property being set in a box.

-o or --rotation-on-checkin string {enable|disable}

If this flag is set, the secret rotation is attempted when the secret is checked in. The behavior depends on the rotation-force option.

Important: If this property is set in a secret, it takes precedence over the property being set in a box.

-t or --tagkey stringArray

 The tag key to associate with the secret. This option is repeatable.

-v or --tagvalue stringArray

 The tag value to associate with the secret. This option is repeatable.