Vault CLI

Vault CLI is HashiCorp's command surface for secret management, authentication, policy control, and day-to-day Vault operations. It covers both application-facing secret access and operator tasks such as token, lease, auth, audit, and cluster administration.

• Read, write, list, patch, and delete secrets or configuration at Vault API paths, including KV, transit, PKI, and other mounted engines.
• Log in with supported auth methods and manage tokens, leases, policies, auth mounts, secret engines, namespaces, and audit devices from the shell.
• Check seal or HA health, inspect operator or raft state, stream server logs, and run vault agent or vault proxy for auto-auth and secret delivery.

• Global -format=json and VAULT_FORMAT=json, plus -field and stdin input, make many inspect and mutation commands easy to chain into parse-and-act loops.
• The command surface mirrors Vault's HTTP API, so agents can use generic verbs like read and write or switch to more focused groups such as kv, token, and operator when the workflow needs them.
• Automation fit depends on environment: a reachable Vault instance, credentials, TLS material, and sometimes config-managed long-running processes are prerequisites.

• Most commands are only useful against an existing Vault deployment; local invocation alone does not provide secret storage or service state.
• Auth and admin flows can become interactive with prompts, MFA, or token-helper behavior unless credentials and non-interactive settings are supplied explicitly.