Checking Out a Secret
Use the vaultCLI checkout-secret command to check out a secret from a box in your secrets vault.
Syntax
vaultcli checkout-secret [options]
| Option | Description |
|
-h or --help |
Displays usage text. |
|
-b or --boxid string |
The ID or name of the box where the secret is located. Strings must be enclosed in double quotes. |
|
-d or --dont-save-lease string |
When this option is added, the lease information will not be saved in a file. |
|
-j or --json-output string |
When this option is added, the JSON-formatted output is displayed. |
|
-l or --lease-file string |
The file location where the lease details will be saved upon successful checkout. If neither this option nor the dont-save-lease option is not provided, then the lease details will be stored by default at $HOMEDIR/vault.data/vault_lease_<id>.txt. |
|
-s or --secretid string |
The ID or name of the secret to fetch. Strings must be enclosed in double quotes. |
|
-v, or --version int |
The version of the secret to fetch in integer format. If not specified, fetch the latest version. |
Example:
This example checks out the secret MySecret in the box MyBox.
./vaultCLI checkout-secret -b MyBox -s MySecret
Secret data: secretdata
Lease:
Expires at: Wednesday, 22 December 2021 08:23:26 PM
Lease id: eyJkYXRhIjp7ImJveCI6ImIxLTJjOWY3ZSIsInNlY3JldCI6InNlY3JldC01MTEyNGIiLCJsZWFzZSI6ImY4ODVmMmZlIn0sInNpZyI6IjcwZGI4NzRhOTNhMDUxNDdlNGRiNzI0YWQwYWRmNGMwN2Y2Y2Q1NGMyMmU5YmFjMzYzZTc1MWZiYjBiYmE3NjQiLCJzcGVjIjoxLCJpZCI6Ijk2MzlkMTg1LWM1ZmMtNDgwMi1iMmYyLTE5NTUwZGZhMjU2YyJ9
Renewable: false
Lease id saved in /root/vaultcli.data/vault_lease_YjF8c2VjcmV0.txt. Pass this file if checking in the secret with --lease-file option.
