mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-27 05:31:40 +01:00
dd294fc041
* VAULT-2285 adding capability to accept comma separated entries for auth enable/tune * Adding changelog * Adding logic to detect invalid input parameter for auth enable config * Updating tune.mdx * Updating secret enable/tune for comma separated parameters * Adding further parameter checks for auth/secret tests Fixing changelog using builtin type for a switch statement Fixing a possible panic scenario * Changing a function name, using deep.Equal instead of what reflect package provides * Fixing auth/secret enable/tune mdx files * One more mdx file fix * Only when users provide a single comma separated string in a curl command, split the entries by commas * Fixing API docs for auth/mount enable/tune for comma separated entries * updating docs, removing an unnecessary switch case
66 lines
2.5 KiB
Plaintext
66 lines
2.5 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: secrets tune - Command
|
|
description: |-
|
|
The "secrets tune" command tunes the configuration options for the secrets
|
|
engine at the given PATH. The argument corresponds to the PATH where the
|
|
secrets engine is enabled, not the TYPE!
|
|
---
|
|
|
|
# secrets tune
|
|
|
|
The `secrets tune` command tunes the configuration options for the secrets
|
|
engine at the given PATH. The argument corresponds to the PATH where the secrets
|
|
engine is enabled, not the TYPE!
|
|
|
|
## Examples
|
|
|
|
Tune the default lease for the PKI secrets engine:
|
|
|
|
```shell-session
|
|
$ vault secrets tune -default-lease-ttl=72h pki/
|
|
```
|
|
|
|
Specify multiple audit non-hmac request keys:
|
|
|
|
```shell-session
|
|
$ vault secrets tune -audit-non-hmac-request-keys=value1 -audit-non-hmac-request-keys=value2 pki/
|
|
```
|
|
|
|
## Usage
|
|
|
|
The following flags are available in addition to the [standard set of
|
|
flags](/docs/commands) included on all commands.
|
|
|
|
`-allowed-response-headers` `(string: "")` - response header values that the
|
|
secrets engine will be allowed to set. Note that multiple keys may be
|
|
specified by providing this option multiple times, each time with 1 key.
|
|
|
|
- `-audit-non-hmac-request-keys` `(string: "")` - Key that will not be HMAC'd
|
|
by audit devices in the request data object. Note that multiple keys may be
|
|
specified by providing this option multiple times, each time with 1 key.
|
|
|
|
- `-audit-non-hmac-response-keys` `(string: "")` - Key that will not be HMAC'd
|
|
by audit devices in the response data object. Note that multiple keys may be
|
|
specified by providing this option multiple times, each time with 1 key.
|
|
|
|
- `-default-lease-ttl` `(duration: "")` - The default lease TTL for this secrets
|
|
engine. If unspecified, this defaults to the Vault server's globally
|
|
configured default lease TTL, or a previously configured value for the secrets
|
|
engine.
|
|
|
|
- `-description` `(string: "")` - Specifies the description of the mount.
|
|
This overrides the current stored value, if any.
|
|
|
|
- `-listing-visibility` `(string: "")` - The flag to toggle whether to show the
|
|
mount in the UI-specific listing endpoint.
|
|
|
|
- `-max-lease-ttl` `(duration: "")` - The maximum lease TTL for this secrets
|
|
engine. If unspecified, this defaults to the Vault server's globally
|
|
configured maximum lease TTL, or a previously configured value for the secrets
|
|
engine.
|
|
|
|
- `-passthrough-request-headers` `(string: "")` - request header values that will
|
|
be sent to the secrets engine. Note that multiple keys may be
|
|
specified by providing this option multiple times, each time with 1 key.
|