Retrieve secrets from Vault Secrets

The hcp vault-secrets secrets read command reads a static, rotating, or dynamic secret's metadata from the Vault Secrets application.

Read a secret's metadata:

$ hcp vault-secrets secrets read "test_secret"

Read a secret's metadata from under a specified Vault Secrets application:

$ hcp vault-secrets secrets read "test_secret" --app test-app

1. From the HCP Vault Secrets dashboard, select the app you want to view a secrets metadata in.

2. Click the name of the secret.

   Metadata information such as the secret type, and secret version is displayed. The secret value is masked.

The hcp vault-secrets secrets open command reads the plaintext value of a static, rotating, or dynamic secret from the Vault Secrets application.

Open plaintext secret:

$ hcp vault-secrets secrets open "test_secret"

Open a plaintext secret from under a specified Vault Secrets application:

$ hcp vault-secrets secrets open "test_secret" --app=test-app

Inject all of the app's secrets as environment variables:

$ hcp vault-secrets secrets run ./my_app.sh

1. From the HCP Vault Secrets dashboard, select the app you want to view a secrets metadata in.

2. Click the name of the secret.

   Metadata information such as the secret type, and secret version is displayed. The secret value is masked.

3. Click the view icon to reveal the secret value.