mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-07 15:17:03 +02:00
Code Issues Projects Releases Wiki Activity
04e75372fb
vault/website/content/docs/commands/token/capabilities.mdx
Yoko Hyakuna f2ce14b4b2
[Docs] Minor editorial fixes - "token capabilities" (#27851) 
* Minor editorial fixes

* Fix a typo
2024-07-24 09:00:53 -07:00

51 lines
1.4 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: token capabilities - Command
description: |-
The "token capabilities" command fetches the capabilities of a token for a
given path.
---
# token capabilities
The `token capabilities` command fetches the capabilities of a token for a given
path.
If you pass a token value as an argument, this command uses the
`/sys/capabilities` endpoint and permission. In the absence of an explicit token
value, this command uses the `/sys/capabilities-self` endpoint and permission
with the locally authenticated token.
## Examples
List capabilities for the local token on the `secret/foo` path:
```shell-session
$ vault token capabilities secret/foo
read
```
The output shows the local token has read permission on the `secret/foo` path.
List capabilities for a token (`hvs.CAESI...WtiSW5mWUY`) on the `cubbyhole/foo`
path:
```shell-session
$ vault token capabilities hvs.CAESI...WtiSW5mWUY database/creds/readonly
deny
```
The output shows the token (`hvs.CAESI...WtiSW5mWUY`) has no permission to
operate on the `cubbyhole/foo` path.
## Usage
The following flags are available in addition to the [standard set of
flags](/vault/docs/commands) included on all commands.
### Output options
- `-format` `(string: "table")` - Print the output in the given format. Valid
formats are "table", "json", or "yaml". This can also be specified via the
`VAULT_FORMAT` environment variable.
Reference in New Issue View Git Blame Copy Permalink