--- layout: docs page_title: secrets list - Command description: |- The "secrets list" command lists the enabled secrets engines on the Vault server. This command also outputs information about the enabled path including configured TTLs and human-friendly descriptions. A TTL of "system" indicates that the system default is in use. --- # secrets list The `secrets list` command lists the enabled secrets engines on the Vault server. This command also outputs information about the enabled path including configured TTLs and human-friendly descriptions. A TTL of "system" indicates that the system default is in use. ## Deprecation status column As of 1.12, all built-in secrets engines will have an associated Deprecation Status. This status will be reflected in the `Deprecation Status` column, seen below. All secrets engines which are not provided by built-in plugins will show a `Deprecation Status` of "n/a". ## Version columns The `-detailed` view displays some version information for each mount. The Version field indicates the configured version for the plugin. Empty, or "n/a", indicates the built-in or any matching unversioned plugin that may have been registered. Running Version indicates the actual plugin version running, which may differ from Version if the plugin hasn't been reloaded since the configured version was updated using the `secrets tune` command. Finally, the Running SHA256 field indicates the SHA256 sum of the running plugin's binary. This may be different from the SHA256 registered in the catalog if the plugin hasn't been reloaded since the plugin version was overwritten in the catalog. ## Examples List all enabled secrets engines: ```shell-session $ vault secrets list Path Type Accessor Description ---- ---- -------- ----------- cubbyhole/ cubbyhole cubbyhole_548b4dc5 per-token private secret storage secret/ kv identity_aa00c06d key/value secret storage sys/ system system_547412e3 system endpoints used for control, policy and debugging ``` List all enabled secrets engines with detailed output: ```shell-session $ vault secrets list -detailed Path Plugin Accessor Default TTL Max TTL Force No Cache Replication Seal Wrap External Entropy Access Options Description UUID Version Running Version Running SHA256 Deprecation Status ---- ------ -------- ----------- ------- -------------- ----------- --------- ----------------------- ------- ----------- ---- ------- --------------- -------------- ------------------ cubbyhole/ cubbyhole cubbyhole_b16d1bc0 n/a n/a false local false false map[] per-token private secret storage 8c64d56b-9d46-d667-1155-a8c1a83a5d01 n/a v1.12.0+builtin.vault n/a n/a identity/ identity identity_3d67c936 system system false replicated false false map[] identity store 5aa1e59c-33b5-9dec-05d6-c80c9a800557 n/a v1.12.0+builtin.vault n/a n/a postgresql/ postgresql postgresql_f0a54308 system system false replicated false false map[] n/a 8cdc1d2d-0713-eaa6-17e3-49790a60650b n/a v1.12.0+builtin.vault n/a deprecated sys/ system system_c86bd362 n/a n/a false replicated true false map[] system endpoints used for control, policy and debugging e3193999-0875-d38d-3458-21d9f2762c80 n/a v1.12.0+builtin.vault n/a n/a ``` ## Usage The following flags are available in addition to the [standard set of flags](/vault/docs/commands) included on all commands. ### Output options - `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the `VAULT_FORMAT` environment variable. ### Command options - `-detailed` `(bool: false)` - Print detailed information such as configuration and replication status about each secrets engine.