mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 23:21:08 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
54 lines
1.8 KiB
Plaintext
54 lines
1.8 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: token capabilities - Command
|
|
description: |-
|
|
The "token capabilities" command fetches the capabilities of a token for a
|
|
given path.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# token capabilities
|
|
|
|
The `token capabilities` command fetches the capabilities of a token for a given
|
|
path.
|
|
|
|
If you pass a token value as an argument, this command uses the
|
|
`/sys/capabilities` endpoint and permission. In the absence of an explicit token
|
|
value, this command uses the `/sys/capabilities-self` endpoint and permission
|
|
with the locally authenticated token.
|
|
|
|
## Examples
|
|
|
|
List capabilities for the local token on the `secret/foo` path:
|
|
|
|
```shell-session
|
|
$ vault token capabilities secret/foo
|
|
read
|
|
```
|
|
|
|
The output shows the local token has read permission on the `secret/foo` path.
|
|
|
|
List capabilities for a token (`hvs.CAESI...WtiSW5mWUY`) on the `cubbyhole/foo`
|
|
path:
|
|
|
|
```shell-session
|
|
$ vault token capabilities hvs.CAESI...WtiSW5mWUY database/creds/readonly
|
|
deny
|
|
```
|
|
|
|
The output shows the token (`hvs.CAESI...WtiSW5mWUY`) has no permission to
|
|
operate on the `cubbyhole/foo` path.
|
|
|
|
## Usage
|
|
|
|
The following flags are available in addition to the [standard set of
|
|
flags](/vault/docs/commands) included on all commands.
|
|
|
|
### Output options
|
|
|
|
- `-format` `(string: "table")` - Print the output in the given format. Valid
|
|
formats are "table", "json", or "yaml". This can also be specified via the
|
|
`VAULT_FORMAT` environment variable.
|