HashiConf 2024 Now streaming live from Boston! Attend for free
Vault
Vault Home

You are viewing documentation for version v1.12.x. View latest version.

token capabilities

The token capabilities command fetches the capabilities of a token for a given path.

If a TOKEN is provided as an argument, this command uses the "/sys/capabilities" endpoint and permission. If no TOKEN is provided, this command uses the "/sys/capabilities-self" endpoint and permission with the locally authenticated token.

Examples

List capabilities for the local token on the "secret/foo" path:

$ vault token capabilities secret/foo
read

List capabilities for a token on the "cubbyhole/foo" path:

$ vault token capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 database/creds/readonly
deny

Usage

The following flags are available in addition to the standard set of flags included on all commands.

Output options

  • -format (string: "table") - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the VAULT_FORMAT environment variable.