Vault
audit list
List information about active audit devices.
$ vault audit list [flags]
$ vault audit list [-help | -h]
Description
vault audit list
displays information about active audit devices.
Related API endpoints
ListAuditDevices - GET:/sys/audit
Command arguments
None.
Command options
None.
Command flags
Print detailed information such as options and replication status about each audit device.
Example: -detailed
Standard flags
Address of the Vault server.
Examples:
- CLI flag:
-address "https://mydomain/vault:8200"
- Environment variable:
export VAULT_ADDR="https://mydomain/vault:8200"
Address of the Vault Agent, if used.
Examples:
- CLI flag:
-agent-address "https://mydomain/vault-agent:8200"
- Environment variable:
export VAULT_AGENT_ADDR="https://mydomain/vault-agent:8200"
Path to a PEM-encoded CA certificate file on the local disk. Used to verify SSL
certificates for the server. Takes precedence over -ca_path
.
Examples:
- CLI flag:
-ca-cert "/path/to/certs/mycert.pem"
- Environment variable:
export VAULT_CACERT="/path/to/certs/mycert.pem"
Path to a directory with PEM-encoded CA certificate files on the local disk. Used to verify SSL certificates for the server.
Examples:
- CLI flag:
-ca-path "/path/to/certs/dir"
- Environment variable:
export VAULT_CAPATH="/path/to/certs/dir"
Path to a PEM-encoded CA certificate file on the local disk. Used for TLS
communication with the server. The specified certificate must match to the
private key specified with -client-cert
.
Examples:
- CLI flag:
-client-cert "/path/to/certs/mycert.pem"
- Environment variable:
export VAULT_CLIENT_CERT="/path/to/certs/mycert.pem"
Path to a PEM-encoded private key that matches the client certificate set with
-client-cert
.
Examples:
- CLI flag:
-client-key "/path/to/keys/myprivatekey.pem"
- Environment variable:
export VAULT_CLIENT_KEY="/path/to/keys/myprivatekey.pem"
Disable the default CLI redirect behavior so the CLI honors the first redirect response from the underlying API instead of following the full HTTP redirect chain.
Examples:
- CLI flag:
-disable-redirects
- Environment variable:
export VAULT_DISABLE_REDIRECTS=1
Warning
Disabling the default redirect behavior may cause commands that redirect
requests to primary cluster notes (like vault operator raft snapshot
) to
misbehave.
Set the CLI output format.
Value | Description |
---|---|
table | Structure the response as a table |
json | Structure the response as JSON data |
yaml | Structure the response as YAML data |
jsonx | Structure information as XML data |
Examples:
- CLI flag:
-format json
- Environment variable:
export VAULT_FORMAT=json
Optional HTTP header in the form "<key>=<value>"
for the CLI request. Repeat
the -header
flag as needed with one string per flag. User-defined headers
cannot start with X-Vault-
Example: -header "Cache-Control=max-age=0"
[-mfa | VAULT_MFA] (string : "")
Enterprise
A multi-factor authentication (MFA) credential, in the format
mfa_method_name[:key[=value]]
, that the CLI should use to authenticate to
Vault. The CLI adds MFA credentials to the X-Vault-MFA
header when calling the
underlying API endpoint.
Examples:
- CLI flag:
-mfa "totp:password=12345"
- Environment variable:
export VAULT_MFA="totp:password=12345"
Note
The VAULT_MFA
environment variable only accepts one MFA method specification
and one credential for the specified method. To supply multiple credentials or
MFA methods, use the -mfa
CLI flag and repeat the flag as needed.
Root namespace for the CLI command. Setting a default namespace allow relative mount paths.
Examples:
- CLI flag:
-namespace "admin"
- Environment variable:
export VAULT_NAMESPACE="admin"
Prevent the CLI from asking users for input through the terminal.
Example: -non-interactive
Print the API call(s) required to execute the CLI command as cURL
strings
then exit without running the command.
Example: -output-curl-string
Print the Vault policy required to execute the CLI command as HCL then exit without running the command.
Example: -output-policy
Overrides any Sentinel policy where enforcement_level
is "soft-mandatory".
Example: -policy-override
Name of the SNI host for TLS handshake resolution for TLS connections to Vault.
Examples:
- CLI flag:
-tls-server-name "hostname.domain"
- Environment variable:
export VAULT_TLS_SERVER_NAME="hostname.domain"
Disable verification for all TLS certificates. Use with caution. Disabling TLS certificate verification decreases the security of data transmissions to and from the Vault server.
Examples:
- CLI flag:
-tls-skip-verify
- Environment variable:
export VAULT_SKIP_VERIFY=1
Plaintext key that unlocks the underlying API endpoint for a given namespace.
Example: -unlock-key "7oXtdlmvRQ"
Default time-to-live in <number>[s|m|h|d]
format for the Cubbyhole token used
to wrap CLI responses. You must use vault unwrap
to view response data before
the duration expires. Leave wrap_ttl
unset to leave CLI responses unwrapped.
Examples:
- CLI flag:
-wrap-ttl "5m"
- Environment variable:
export VAULT_WRAP_TTL="5m"
Examples
List basic information for all active audit devices:
$ vault audit list
Path Type Description
---- ---- -----------
file/ file n/a
List detailed information for all active audit devices:
$ vault audit list -detailed
Path Type Description Replication Options
---- ---- ----------- ----------- -------
file/ file n/a replicated file_path=/var/log/audit.log