kv get command retrieves the value from K/V secrets engine at the given
key name. If no key exists with that name, an error is returned. If a key exists
with the name but has no data, nothing is returned.
Retrieve the data of the key "creds":
$ vault kv get -mount=secret creds == Secret Path == secret/data/creds ======= Metadata ======= Key Value --- ----- created_time 2022-06-15T20:23:40.067093Z custom_metadata <nil> deletion_time n/a destroyed false version 1 ====== Data ====== Key Value --- ----- passcode my-long-passcode
If K/V Version 1 secrets engine is enabled at "secret", the output has no metadata since there is no versioning information associated with the data:
$ vault kv get -mount=secret creds ====== Data ====== Key Value --- ----- passcode my-long-passcode
Return only the "creds" "passcode" key:
$ vault kv get -mount=secret -field=passcode creds my-long-passcode
(string: "")- Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result will not have a trailing newline making it ideal for piping to other processes.
(string: "table")- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the
(string: "")- Specifies the path where the KV backend is mounted. If specified, the next argument will be interpreted as the secret path. If this flag is not specified, the next argument will be interpreted as the combined mount path and secret path, with /data/ automatically inserted for KV v2 secrets.
(int: 0)- Specifies the version to return. If not set the latest version is returned.