Acquisition complete HashiCorp officially joins the IBM family. Learn more
Vault
Vault Home

You are viewing documentation for version v1.5.x. View latest version.

secrets tune

The secrets tune command tunes the configuration options for the secrets engine at the given PATH. The argument corresponds to the PATH where the secrets engine is enabled, not the TYPE!

Examples

Tune the default lease for the PKI secrets engine:

$ vault secrets tune -default-lease-ttl=72h pki/

Usage

The following flags are available in addition to the standard set of flags included on all commands.

  • -audit-non-hmac-request-keys (string: "") - Comma-separated string or list of keys that will not be HMAC'd by audit devices in the request data object.

  • -audit-non-hmac-response-keys (string: "") - Comma-separated string or list of keys that will not be HMAC'd by audit devices in the response data object.

  • -default-lease-ttl (duration: "") - The default lease TTL for this secrets engine. If unspecified, this defaults to the Vault server's globally configured default lease TTL, or a previously configured value for the secrets engine.

  • -max-lease-ttl (duration: "") - The maximum lease TTL for this secrets engine. If unspecified, this defaults to the Vault server's globally configured maximum lease TTL, or a previously configured value for the secrets engine.