CLI reference
Global flags
Flag | Description | Default | Environment variable |
---|---|---|---|
--addr | [Global] The URL of the Piiano Vault implementation. | http://localhost:8123 | $PVAULT_ADDR |
--json -j | [Global] Where JSON is used in the command, return the output in JSON format. | (Optional) | |
--compact --co | [Global] When used with the --json flag, the JSON output is compact. | (Optional) | |
--insecure -k | [Global] Skip TLS certificate verification. | (Optional) | |
--reason | [Global] The REASON for accessing Piiano Vault, using one of these codes: AppFunctionality , Analytics , Notifications , ThirdPartyMarketing , Marketing , FraudPreventionSecurityAndCompliance , AccountManagement , DataSubjectRequest , and Maintenance . | Maintenance | $PVAULT_ACCESS_REASON |
--authtoken | [Global] The authorization TOKEN that is passed in the header of each request. | pvaultauth | $PVAULT_AUTH_TOKEN |
--delegation | [Global] The DELEGATION passed in the X-Pvault-Delegation header of each request. | (Optional) | $PVAULT_DELEGATION |
--request-id | [Global] The request ID passed in the X-Pvault-Request-Id header of each request. If not set, a random UUID is generated. | (Optional) | $PVAULT_REQUEST_ID |
--custom-audit | [Global] A custom AUDIT message to be logged in the audit log. | (Optional) | |
--log-level | [Global] The LOG_LEVEL of the log recorded by this transaction. The allowed values are debug , info , warn , and error . | info | $PVAULT_LOG_LEVEL |
--verbose -v | [Global] Print debug information. | (Optional) | |
--no-color | [Global] Disable colored output. | (Optional) | $NO_COLOR |
Collection
List collections
Lists all collections.
The default table output lists the collection names and their corresponding types, creation time, and last modification time. To obtain details of the collection and its properties, use the JSON or PVSchema flags.
pvault collection list [ --show-builtins ] [ --pvschema ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--pvschema | Return the collections list in the PVSchema format. | (Optional) |
Get collection
Gets a collection and its properties.
The default response to this command is a PVSchema for the collection.
pvault collection get [ --pvschema ] [ --show-builtins ] { --name | --collection | -c | -n=NAME }
Flag | Description | Default | Environment variable |
---|---|---|---|
--pvschema | Return the collection details in PVSchema format. | (Optional) | |
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--name --collection -c -n | The collection NAME . | Required |
Add collection
Adds a collection.
The collection can be defined using a specification in JSON or PVSchema format. A template can also be used, with or without test data.
pvault collection add [ --collection-json=value ] [ --collection-pvschema=value ] [ --pvschema ] [ --show-builtins ] [ --wait-for-sync ] [ --collection-template=value ] [ --add-test-data ] [ --name | --collection | -c | -n=NAME ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--collection-json | The collection details to add in JSON format. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--collection-pvschema | The collection details to add in PVSchema format. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--pvschema | Return the collection in PVSchema format. | (Optional) | |
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) | |
--collection-template | The collection template to use. This template provides example properties and can be combined with --add-test-data to add example data to the collection. Supported values are: persons and credit_cards . | (Optional) | |
--add-test-data | Add example data to the collection. Can only be used with --collection-template . | (Optional) | |
--name --collection -c -n | The collection NAME . | (Optional) |
Update collection
Updates properties of a collection.
The update includes:
-
Adding any properties in the request that are not in the collection.
-
Amending the description, is_index, and is_nullable attributes, where they have changed, for any properties in the request that are in the collection. is_nullable can only be changed from false to true. All other attributes of existing properties are ignored. This command may take a long time to complete.
This command may take a long time to complete.
The default response to this command is a PVSchema for the properties added.
pvault collection update [ --collection-json=value ] [ --collection-pvschema=value ] [ --pvschema ] [ --show-builtins ] [ --wait-for-sync ] { --name | --collection | -c | -n=NAME }
Flag | Description | Default | Environment variable |
---|---|---|---|
--collection-json | The collection details to update in JSON format. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--collection-pvschema | The collection details to update in PVSchema format. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--pvschema | Return the collection in PVSchema format. | (Optional) | |
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) | |
--name --collection -c -n | The collection NAME . | Required |
Apply collection
Updates properties of a collection or creates a new collection if the collection is not found.
The update includes:
-
Adding any properties in the request that are not in the collection.
-
Amending the description, is_index, and is_nullable attributes, where they have changed, for any properties in the request that are in the collection. is_nullable can only be changed from false to true. All other attributes of existing properties are ignored. This command may take a long time to complete.
This command may take a long time to complete.
The default response to this command is a PVSchema for the collections and properties added.
pvault collection apply [ --collection-json=value ] [ --collection-pvschema=value ] [ --pvschema ] [ --show-builtins ] [ --wait-for-sync ] { --name | --collection | -c | -n=NAME }
Flag | Description | Default | Environment variable |
---|---|---|---|
--collection-json | The collection details to apply in JSON format. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--collection-pvschema | The collection details to apply in PVSchema format. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--pvschema | Return the collection in PVSchema format. | (Optional) | |
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) | |
--name --collection -c -n | The collection NAME . | Required |
Delete collection
Deletes a collection.
pvault collection delete [ --force | -f ] { --name | --collection | -c | -n=NAME }
Flag | Description | Default | Environment variable |
---|---|---|---|
--force -f | Ignore interactive protection. | (Optional) | |
--name --collection -c -n | The collection NAME . | Required |
Collection // Property
List collection properties
Lists all the properties of a collection.
pvault collection property list [ --show-builtins ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Get collection property
Gets a property of a collection.
pvault collection property get { --name | -n=value } { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The property name. | Required | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Add collection property
Adds a property to a collection.
pvault collection property add [ --prop | -p=value ] [ --name | -n=value ] [ --description=value ] [ --pii-type-name=value ] [ --is-unique ] [ --is-index ] [ --is-not-encrypted ] [ --is-nullable ] [ --is-substring-index ] [ --wait-for-sync ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--prop -p | The property to add in JSON format. Must be provided if --name isn't provided. See the Add collection property REST API for the specification of the JSON format. To use a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--name -n | The property name. Must be unique. Must be provided if --prop isn't provided. | (Optional) | |
--description | The property description. | (Optional) | |
--pii-type-name | The property data type name. Must be provided if --name is provided. | (Optional) | |
--is-unique | The property value is unique on each object. | (Optional) | |
--is-index | The property is be indexed. | (Optional) | |
--is-not-encrypted | The property is not encrypted. | (Optional) | |
--is-nullable | The property is nullable. When the collection contains objects, only nullable properties can be added to the collection. | (Optional) | |
--is-substring-index | The property is substring indexed. | (Optional) | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Update collection property
Update a property of a collection. This command may take a long time to complete.
pvault collection property update [ --prop | -p=value ] [ --name | -n=value ] [ --description=value ] [ --is-index ] [ --is-substring-index ] [ --is-nullable ] [ --is-unique ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--prop -p | The property to update in JSON format. Must be provided if --name isn't provided. See the REST API Update collection property operation for the specification of the JSON format. To use a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--name -n | The property name. Must be unique. Must be provided if --prop isn't provided. | (Optional) | |
--description | The property description. | (Optional) | |
--is-index | The property is indexed. | (Optional) | |
--is-substring-index | The property is substring indexed. | (Optional) | |
--is-nullable | The property can have no value. | (Optional) | |
--is-unique | The property value is unique across objects. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Delete collection property
Deletes a property from a collection.
Any values stored against the property in objects are also deleted. This operation is irreversible.
pvault collection property delete { --name | -n=value } { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The property name. | Required | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Action
List actions
Lists all actions.
pvault action list
Get action
Gets an action.
pvault action get { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the action. | Required |
Add action
Adds a action
pvault action add { --name | -n=value } [ --description=value ] --function=value --role=value [ --wait-for-sync ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the action. | Required | |
--description | The action description | (Optional) | |
--function | The function name of the action in the format of bundle_name.function_name . | Required | |
--role | The IAM role to assign to the action. | Required | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) |
Delete action
Deletes an action.
pvault action delete { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the action. | Required |
Bundle
List bundles
Lists the names of all bundles.
pvault bundle list
Get bundle
Gets a bundle and its code.
pvault bundle get { --name | -n=value } [ --dump-code ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the bundle. | Required | |
--dump-code | Dump the bundle code to stdout. | (Optional) |
Add bundle
Adds a bundle
pvault bundle add { --name | -n=value } [ --description=value ] [ --bundle-code=value ] [ --bundle-template=value ] [ --wait-for-sync ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the bundle. | Required | |
--description | The bundle description | (Optional) | |
--bundle-code | The JavaScript code. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--bundle-template | The bundle template to use. A template provides an example bundle. Supported values are: sample . | (Optional) | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) |
Update bundle
Updates a bundle
pvault bundle update { --name | -n=value } [ --description=value ] [ --bundle-code=value ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the bundle. | Required | |
--description | The new bundle description | (Optional) | |
--bundle-code | The new JavaScript code. To read from a file path prefix with '@' or to use stdin use '-'. | (Optional) |
Delete bundle
Deletes a bundle. By default, a bundle is not deleted if a data type references it. To delete a referenced bundle, set the --force
flag.
pvault bundle delete { --name | -n=value } [ --force ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the bundle. | Required | |
--force | Delete the bundle even if it is referenced by a data type that is in use. A data type that is in use is one that is used by a property in a collection. | (Optional) |
Datatype
List data types
Lists all data types.
pvault datatype list [ --show-builtins ] [ --bundle=value ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--show-builtins | Show built-in types. | (Optional) | |
--bundle | If provided, return only types that depend on the bundle with the specified name. | (Optional) |
Get data type
Gets a data type.
pvault datatype get { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the data type. | Required |
Add data type
Adds a data type.
pvault datatype add --datatype-json=value [ --wait-for-sync ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--datatype-json | The data type details in JSON format. See the Add data type REST API operation for details of the structure and content of the JSON specification. To read from a file path prefix with '@' or to use stdin use '-'. | Required | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) |
Update data type
Updates a data type.
pvault datatype update { --name | -n=value } --datatype-json=value [ --wait-for-sync ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the data type. | Required | |
--datatype-json | The data type details in JSON format. See the update data type REST API operation for details of the structure and content of the JSON specification. To read from a file path prefix with '@' or to use stdin use '-'. | Required | |
--wait-for-sync | Wait for the cluster workers to be in sync. | (Optional) |
Delete data type
Deletes a data type. Referenced bundles are not deleted by this command, use Delete bundle to remove any redundant bundles.
pvault datatype delete { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | The name of the data type. | Required |
Object
Add object
Adds an object to a collection. To set the object's ID to match that of an item in an external system, include id in the fields flag. The ID must be in UUID format.
pvault object add --fields=value [ --expiration-secs=value ] [ --no-expiration ] [ --import ] [ --export-key=import ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--fields | The object details in JSON format. To use a file path prefix with '@' or to use stdin use '-'. | Required | |
--expiration-secs | The expiration time in seconds for the object. If not set, the default is used. | (Optional) | |
--no-expiration | The object doesn't expire. | (Optional) | |
--import | Whether to import the object. import is a process where a read only properties like creation_time and modification_time could be provided. when 'export_key' parameter is provided in the request the property values are expected to be encrypted from an export hence will be decrypted. | (Optional) | |
--export-key | The key to decrypt property values. Can be provided only when import is true . | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Update an object
Updates an object of a collection.
pvault object update { --id | -i=value } --fields=value [ --expiration-secs=value ] [ --no-expiration ] [ --archived ] [ --import ] [ --export-key=import ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | The ID of the object to update. | Required | |
--fields | The object details in JSON format. To use a file path prefix with '@' or to use stdin use '-'. | Required | |
--expiration-secs | Expiration time in seconds for the object. If not set, the expiration time in seconds is not changed. | (Optional) | |
--no-expiration | The object doesn't expire. | (Optional) | |
--archived | Return only archived objects. | (Optional) | |
--import | Whether to import the object. import is a process where a read only properties like creation_time and modification_time could be provided. when 'export_key' parameter is provided in the request the property values are expected to be encrypted from an export hence will be decrypted. | (Optional) | |
--export-key | The key to decrypt property values. Can be provided only when import is true . | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Get objects
Gets details of objects in a collection.
pvault object get { --id | -i=value } [ --props | -p=value ] [ --all-unsafe | -a ] [ --show-builtins ] [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | A comma-delimited list of objects IDs. Accepts multiple inputs. | Required | |
--props -p | Comma-delimited list of property names and transformations to return. Accepts multiple inputs. | (Optional) | |
--all-unsafe -a | Return all properties of the object. | (Optional) | |
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--archived | Return only archived objects. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Search objects
Returns a paginated list of objects in a collection by query.
pvault object query [ --in=value ] [ --match=value ] [ --like=value ] [ --query-json=value ] [ --props | -p=value ] [ --all-unsafe | -a ] [ --cursor=value ] [ --page-size=0 ] [ --show-builtins ] [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--in | Equal sign delimiter for property name and array of possible values in the form of property=value1, value2. Accepts multiple inputs. | (Optional) | |
--match | Equal sign delimiter for property name and searched value in the form of property=value. Accepts multiple inputs. | (Optional) | |
--like | Equal sign delimiter for property name and pattern in the form of property=pattern. Accepts multiple inputs. | (Optional) | |
--query-json | The query in JSON format. To use a file path prefix with '@' or to use stdin use '-'. | (Optional) | |
--props -p | Comma-delimited list of property names and transformations to return. Accepts multiple inputs. | (Optional) | |
--all-unsafe -a | Return all properties for the object. | (Optional) | |
--cursor | The cursor returned by the previous call or an empty string for the first call. | (Optional) | |
--page-size | The maximum number of items to be returned in the call. | 0 | |
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--archived | Return only archived objects. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
List all objects
Returns a paginated list of all objects from a collection with all or a subset of object property values.
pvault object list [ --props | -p=value ] [ --all-unsafe | -a ] [ --cursor=value ] [ --page-size=0 ] [ --show-builtins ] [ --archived ] [ --export ] [ --reload-cache ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--props -p | Comma-delimited list of property names and transformations to return. Accepts multiple inputs. | (Optional) | |
--all-unsafe -a | Return all properties for the object. | (Optional) | |
--cursor | Reference to the next page for a subsequent call with the same request parameters. An empty string for the first call. | (Optional) | |
--page-size | The maximum number of items to return in the call. | 0 | |
--show-builtins | Show the built-in properties in the response. | (Optional) | |
--archived | Return only archived objects. | (Optional) | |
--export | Encrypt the property values for export. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Counts objects in a collection
Returns a count of active, archived, and all objects in a collection.
pvault object count { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Delete an object
Deletes object from a collection.
pvault object delete { --id | -i=value } [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | The ID of the object to delete. Accepts multiple inputs. | Required | |
--archived | Delete archived objects or active objects. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Archive an object
Archives an object by forcing it to expire immediately.
pvault object archive { --id | -i=value } [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | The ID of the object to archive. | Required | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Restore an archived object
Restores an object by changing changing its expiration to a time in the future.
pvault object restore { --id | -i=value } [ --expiration-secs=value ] [ --no-expiration ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | The ID of the object to restore. | Required | |
--expiration-secs | The expiration time in seconds for the object. If not set, the default is used. | (Optional) | |
--no-expiration | The object doesn't expire. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Get a blob
Gets the value of a BLOB property of an object and save it to a file.
pvault object get-blob { --id | -i=value } { --prop | -p=value } --blob-file=value [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | The ID of the object to get. | Required | |
--prop -p | The property name of the blob. | Required | |
--blob-file | The path to save the blob. | Required | |
--archived | Return only archived objects. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
update a blob
update the value of a BLOB property of an object from a file.
pvault object update-blob { --id | -i=value } { --prop | -p=value } --blob-file=value [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | The ID of the object to update. | Required | |
--prop -p | The property name of the blob. | Required | |
--blob-file | The path to of the blob to update. | Required | |
--archived | Return only archived objects. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Token
Tokenize
Creates tokens that reference the values of objects' properties. The returned list of token IDs is in the same order as the object IDs in the request. If any of the object IDs are invalid or not found, no tokens are produced.
pvault token create [ --object-id=value ] [ --object-fields=value ] [ --ciphertext=value ] [ --encryption-scope=default ] [ --props | -p=value ] --type=value [ --store-object ] [ --expiration-secs=value ] [ --no-expiration ] [ --token-id=value ] [ --scope=default ] [ --tag=value ] [ --ensure-unique-tenant-tags=value ] [ --fptemplate=value ] [ --fpprops=value ] [ --transaction-id=value ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--object-id | Comma-separated list of object IDs. Cannot be used with --object-fields or --ciphertext . Accepts multiple inputs. | (Optional) | |
--object-fields | Object fields on JSON format. To use a file path prefix with '@' or to use stdin use '-'. Cannot be used with --object-id or --ciphertext . | (Optional) | |
--ciphertext | The ciphertext of the encrypted object. Cannot be used with --object-id or --object-fields . | (Optional) | |
--encryption-scope | The scope used to encrypt the object. | default | |
--props -p | Comma-separated list of property names. If not specified, all of the non-builtin properties are used. Accepts multiple inputs. | (Optional) | |
--type | The type of the tokens. Options: pci , pci_oneway , pointer , randomized or deterministic . | Required | |
--store-object | When object-fields flag is included, store the property values as an object in the collection. The token is owned by the new object. Default is false. | (Optional) | |
--expiration-secs | The expiration time in seconds for the tokens. If not set, the default is used. | (Optional) | |
--no-expiration | The tokens don't expire. | (Optional) | |
--token-id | User provided ID to set for the token. If not set, a new token ID is generated. | (Optional) | |
--scope | A classification for the tokens. | default | |
--tag | Comma-separated list of tags to attach to the tokens. Accepts multiple inputs. | (Optional) | |
--ensure-unique-tenant-tags | Comma-separated list of tags to validate as unique in tenant scope. Must be subset of 'tags'. Accepts multiple inputs. | (Optional) | |
--fptemplate | Format preserve template to use to generate the token IDs. | (Optional) | |
--fpprops | Property names to be used by the format preserve template to generate the token IDs. Accepts multiple inputs. | (Optional) | |
--transaction-id | An ID to attach to the tokens. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Detokenize
Returns the object property values for tokens. The detokenized tokens are those that match all the criteria in --token-id
or -t
, --object-id
, and --tag
.
pvault token detokenize [ --token-id | -t=value ] [ --object-id=value ] [ --tag=value ] [ --archived ] [ --include-metadata ] [ --include-aggregation ] [ --props | -p=value ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--token-id -t | Comma-separated list of token IDs. Accepts multiple inputs. | (Optional) | |
--object-id | Comma-separated list of object IDs that own the tokens. Accepts multiple inputs. | (Optional) | |
--tag | Comma-separated list of tags. Accepts multiple inputs. | (Optional) | |
--archived | Detokenize archived tokens. If not set, detokenizes active tokens. | (Optional) | |
--include-metadata | Include the metadata of the tokens returned by the query. | (Optional) | |
--include-aggregation | Include aggregated data of the query. Only applicable if include-metadata is set. | (Optional) | |
--props -p | Comma-separated list of property names. If not specified, return all properties. Accepts multiple inputs. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Search tokens
Gets tokens with their metadata. The listed tokens are those that match all the criteria in --token-id
or -t
, --object-id
, and --tag
.
pvault token info [ --token-id | -t=value ] [ --object-id=value ] [ --tag=value ] [ --include-aggregation ] [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--token-id -t | Comma-separated list of token IDs. Accepts multiple inputs. | (Optional) | |
--object-id | Comma-separated list of object IDs that own the tokens. Accepts multiple inputs. | (Optional) | |
--tag | Comma-separated list of tags. Accepts multiple inputs. | (Optional) | |
--include-aggregation | Include aggregated data of the query. | (Optional) | |
--archived | Return archived tokens. If not set, returns active tokens. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Update tokens
Updates tags
, expiration
token metadata, or the token data itself. The tokens updated are those that match all the criteria in --token-id
or -t
, --object-id
, and --tag
.
pvault token update [ --token-id | -t=value ] [ --object-id=value ] [ --tag=value ] [ --input-object-id=value ] [ --object-fields=value ] [ --ciphertext=value ] [ --encryption-scope=default ] [ --props | -p=value ] [ --new-tags=value ] [ --ensure-unique-tenant-tags=value ] [ --expiration-secs=value ] [ --no-expiration ] [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--token-id -t | Comma-separated list of token IDs. Accepts multiple inputs. | (Optional) | |
--object-id | Comma-separated list of object IDs that own the tokens. Accepts multiple inputs. | (Optional) | |
--tag | Comma-separated list of tags. Accepts multiple inputs. | (Optional) | |
--input-object-id | Input object ID to be used as input for the new update data. Cannot be used with --object-fields or --ciphertext . Accepts multiple inputs. | (Optional) | |
--object-fields | Object fields on JSON format to be used as input for the new update data. To use a file path prefix with '@' or to use stdin use '-'. Cannot be used with --input-object-id , or --ciphertext . | (Optional) | |
--ciphertext | The ciphertext of the encrypted object to be used as input for the new update data. Cannot be used with --input-object-id , or --object-fields . | (Optional) | |
--encryption-scope | The scope used to encrypt the object used in --ciphertext . | default | |
--props -p | Comma-separated list of property names to use out of the input object, when updating the token data. If not specified, all of the non-builtin properties are used. Accepts multiple inputs. | (Optional) | |
--new-tags | Comma-separated list of tags. Accepts multiple inputs. | (Optional) | |
--ensure-unique-tenant-tags | Comma-separated list of tags to validate as unique in tenant scope. Must be subset of 'tags'. Accepts multiple inputs. | (Optional) | |
--expiration-secs | The expiration time in seconds for the tokens. If not set, the expiry dates of the tokens are not changed. | (Optional) | |
--no-expiration | The tokens don't expire. | (Optional) | |
--archived | Update archived tokens. If not set, updates active tokens. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Rotate tokens
Generates new token IDs for tokens. The tokens rotated are those that match all the criteria in --token-id
or -t
, --object-id
, and --tag
.
pvault token rotate { --token-id | -t=value } [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--token-id -t | Comma-separated list of token IDs. Accepts multiple inputs. | Required | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Delete tokens
Deletes tokens. The tokens deleted are those that match all the criteria in --token-id
or -t
, --object-id
, --tag
, and tenant-id
. --tenant-id
is matched against the tenant ID of the object owning the token.
pvault token delete [ --token-id | -t=value ] [ --object-id=value ] [ --tag=value ] [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--token-id -t | Comma-separated list of token IDs. Accepts multiple inputs. | (Optional) | |
--object-id | Comma-separated list of object IDs that own the tokens. Accepts multiple inputs. | (Optional) | |
--tag | Comma-separated list of tags. Accepts multiple inputs. | (Optional) | |
--archived | Delete archived tokens. If not set, deletes active tokens. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Archive tokens
Archives tokens. The tokens archived are those that match all the criteria in --token-id
or -t
, --object-id
, and --tag
.
pvault token archive [ --token-id | -t=value ] [ --object-id=value ] [ --tag=value ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--token-id -t | Comma-separated list of token IDs. Accepts multiple inputs. | (Optional) | |
--object-id | Comma-separated list of object IDs that own the tokens. Accepts multiple inputs. | (Optional) | |
--tag | Comma-separated list of tags. Accepts multiple inputs. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Restore tokens
Restores tokens. The tokens restored are those that match the --token-id
or -t
options.
pvault token restore [ --token-id | -t=value ] [ --expiration-secs=value ] [ --no-expiration ] { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--token-id -t | Comma-separated list of token IDs. Accepts multiple inputs. | (Optional) | |
--expiration-secs | The new expiration time in seconds for the token(s). | (Optional) | |
--no-expiration | The token doesn't expire. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Get by transaction ID
Gets the token IDs for a transaction ID, an arbitrary identifier provided during tokenization.
pvault token get-by-transaction-id { --id | -i=TRANSACTION ID } { --collection | -c=COLLECTION } [ --tenant-id=TENANT_ID ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--id -i | The TRANSACTION ID to return token IDs for. | Required | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
--tenant-id | Enforce the TENANT_ID for the request. Accepts multiple inputs. | (Optional) | $PVAULT_TENANT_ID |
Counts the tokens in a collection
Returns a count of active, archived, and all tokens in a collection.
pvault token count { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Crypto
Encrypt fields from objects or input fields
Encrypt fields from objects or input fields.
pvault crypto encrypt [ --object-id=value ] [ --object-fields=value ] [ --ciphertext=value ] [ --encryption-scope=default ] [ --type=value ] [ --scope=default ] [ --props | -p=value ] [ --expiration-secs=value ] [ --no-expiration ] [ --tag=value ] [ --reload-cache ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--object-id | Comma-separated list of object IDs. Cannot be used with --object-fields or --ciphertext . Accepts multiple inputs. | (Optional) | |
--object-fields | Object fields on JSON format. To use a file path prefix with '@' or to use stdin use '-'. Cannot be used with --object-id or --ciphertext . | (Optional) | |
--ciphertext | The ciphertext of the encrypted object. Cannot be used with --object-id or --object-fields . | (Optional) | |
--encryption-scope | The scope used to encrypt the object. | default | |
--type | The type of the encryption. Options: randomized or deterministic . | (Optional) | |
--scope | A classification for the encryption. | default | |
--props -p | Comma-separated list of property names. If not specified, all of the non-builtin properties are used. Accepts multiple inputs. | (Optional) | |
--expiration-secs | The expiration time in seconds for the encrypted objects. If not set, the default is used. | (Optional) | |
--no-expiration | The encrypted objects don't expire. | (Optional) | |
--tag | Comma-separated list of tags to attach to the encrypted object metadata. Accepts multiple inputs. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Decrypt fields blob
Returns the object property values for encrypted objects.
pvault crypto decrypt --ciphertext=value [ --encryption-scope=default ] [ --archived ] [ --include-metadata ] [ --props | -p=value ] [ --reload-cache ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--ciphertext | The ciphertext of encrypted object to decrypt. | Required | |
--encryption-scope | The scope used to encrypt the object. | default | |
--archived | Decrypt only archived encrypted objects. If not set, decrypt active encrypted objects. | (Optional) | |
--include-metadata | Show encrypted object metadata. | (Optional) | |
--props -p | Comma-separated list of property names. If not specified, return all properties. Accepts multiple inputs. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Update encrypted fields blob
Update encrypted fields blob.
pvault crypto update --ciphertext=value [ --encryption-scope=default ] --fields=value [ --type=value ] [ --props | -p=value ] [ --expiration-secs=value ] [ --no-expiration ] [ --archived ] [ --reload-cache ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--ciphertext | The ciphertext of encrypted object to update. | Required | |
--encryption-scope | The scope used to encrypt the object. | default | |
--fields | Fields details to update in JSON format. To use a file path prefix with '@' or to use stdin use '-'. | Required | |
--type | The type of the encryption. Options: randomized or deterministic . | (Optional) | |
--props -p | Comma-separated list of property names. If not specified, all of the non-builtin properties are used. Accepts multiple inputs. | (Optional) | |
--expiration-secs | The expiration time in seconds for the encrypted object. If not set, the expiry date of the encrypted object is not changed. | (Optional) | |
--no-expiration | The encrypted object don't expire. | (Optional) | |
--archived | Update only archived encrypted objects If not set, update active encrypted objects. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Encrypt an input field for a property of type BLOB
ncrypt an input field for a property of type BLOB.
pvault crypto encrypt-blob --blob=value { --output | -o=value } { --prop | -p=value } [ --type=value ] [ --scope=default ] [ --expiration-secs=value ] [ --no-expiration ] [ --tag=value ] [ --reload-cache ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--blob | Raw content to encrypt. To use a file path prefix with '@' or to use stdin use '-'. | Required | |
--output -o | File path to store the encrypted ciphertext. To use stdout use '-'. | Required | |
--prop -p | The property name of the encrypted object. Must be of type BLOB. | Required | |
--type | The type of the encryption. Options: randomized or deterministic . | (Optional) | |
--scope | A classification for the encryption. | default | |
--expiration-secs | The expiration time in seconds for the encrypted objects. If not set, the default is used. | (Optional) | |
--no-expiration | The encrypted objects don't expire. | (Optional) | |
--tag | Comma-separated list of tags to attach to the encrypted object metadata. Accepts multiple inputs. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Decrypt a ciphertext of a single blob
Returns the plaintext of a single an encrypted blob ciphertext, in raw format.
pvault crypto decrypt-blob --ciphertext=value { --output | -o=value } { --prop | -p=value } [ --archived ] [ --scope=default ] [ --reload-cache ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--ciphertext | The ciphertext of encrypted blob property to decrypt. To use a file path prefix with '@' or to use stdin use '-'. | Required | |
--output -o | File path to store the decrypted blob. To use stdout use '-'. | Required | |
--prop -p | The property name of the encrypted object. Must be of type BLOB. | Required | |
--archived | Decrypt only archived encrypted objects. If not set, decrypt active encrypted objects. | (Optional) | |
--scope | A classification for the encryption. | default | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Hash object
Returns a deterministic hash based on the collection name, object ID, property values, and scope. This command is similar to using the "deterministic" token type in the "Tokenize" command. The hash value is identical to the token ID that is provided for the same combination of collection, object, property values, and scope. However, unlike the token, this hash is not stored in Vault's storage and, as such, cannot be detokenized, searched, or invalidated.
pvault crypto hash [ --object-id=value ] [ --object-fields=value ] [ --ciphertext=value ] [ --encryption-scope=default ] [ --props | -p=value ] [ --scope=default ] [ --fptemplate=value ] [ --fpprops=value ] [ --reload-cache ] { --collection | -c=COLLECTION }
Flag | Description | Default | Environment variable |
---|---|---|---|
--object-id | Comma-separated list of object IDs. Cannot be used with --object-fields or --ciphertext . Accepts multiple inputs. | (Optional) | |
--object-fields | Object fields on JSON format. To use a file path prefix with '@' or to use stdin use '-'. Cannot be used with --object-id or --ciphertext . | (Optional) | |
--ciphertext | The ciphertext of the encrypted object. Cannot be used with --object-id or --object-fields . | (Optional) | |
--encryption-scope | The scope used to encrypt the object. | default | |
--props -p | Comma-separated list of property names. Accepts multiple inputs. | (Optional) | |
--scope | A classification for the token. | default | |
--fptemplate | Format preserve template to use to generate the token IDs. | (Optional) | |
--fpprops | Property names to be used by the format preserve template to generate the token IDs. Accepts multiple inputs. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) | |
--collection -c | The COLLECTION name. | Required | $PVAULT_COLLECTION |
Identity And Access Management
Get IAM configuration
Gets IAM configuration in TOML format.
pvault iam get
Set IAM configuration
Sets the IAM configuration.
pvault iam apply --conf=value
Flag | Description | Default | Environment variable |
---|---|---|---|
--conf | The configuration to apply in TOML format. To use a file path prefix with '@' or to use stdin use '-'. | Required |
Regenerate user API key
Regenerates a user's API key. The user's current key is invalidated. The Admin user's API key cannot be regenerated and must be set using the PVAULT_SERVICE_ADMIN_API_KEY environment variable.
pvault iam regen-api-key { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | Username of the user to regenerate the API key for. | Required |
Update user API key expiration
Updates a user's API key expiration.
pvault iam update-api-key-expiration { --name | -n=value } --expiration-days=value
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | Name of the user to update the API key expiration for. | Required | |
--expiration-days | New expiration in days (from now) for the API key. | Required |
Get the user's details
Get the user's details.
pvault iam get-user { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | user name. | Required |
Get user capabilities and policies
Gets the capabilities and policies for a user.
pvault iam user-view { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | user name. | Required |
Get resource access details
Gets details of the users and associated reasons that can access a resource for an operation.
pvault iam resource-view --resource=value --operation=value
Flag | Description | Default | Environment variable |
---|---|---|---|
--resource | resource. | Required | |
--operation | operation. | Required |
Dynamic Configuration
Get configuration variable
Get the value of a dynamic configuration variable.
pvault confvar get { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | Name of the configuration variable. Supported names: log_level | Required |
Set configuration variable
Set the value of a dynamic configuration variable. This command is unavailable in the hosted version of Vault.
pvault confvar set { --name | -n=value } --value=value
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | Name of the configuration variable. Supported names: log_level | Required | |
--value | Value of the configuration variable. Supported values for log_level are: debug , info , warn , error . |
Supported values for trace_sql
are: true
, false
| Required | |
Clear configuration variable
Clear the value of a dynamic configuration variable. This command is unavailable in the hosted version of Vault.
pvault confvar clear { --name | -n=value }
Flag | Description | Default | Environment variable |
---|---|---|---|
--name -n | Name of the configuration variable. Supported names: log_level | Required |
Clear all configuration variables
Clear the values of all dynamic configuration variables. This command is unavailable in the hosted version of Vault.
pvault confvar clear-all
Status
Get system status.
pvault status
System
Get cluster information on cache generations
pvault system cluster-info
Get vault info, including backing store
pvault system info
Admin
Set Admin API key
Set the api key for the Admin user of Vault.
pvault admin set-admin-api-key --key=KEY
Flag | Description | Default | Environment variable |
---|---|---|---|
--key | The api KEY . | Required |
Rotate encryption keys
Key rotation not managed in the hosted version of Vault.
pvault admin rotate-keys
Get system configuration
pvault admin get-configuration
Get KMS status
pvault admin kms-status
Get license details
pvault admin get-license
Set license
In the hosted version of Vault, Piiano manages and sets the license key.
pvault admin set-license --key=value
Flag | Description | Default | Environment variable |
---|---|---|---|
--key | The license key. | Required |
Delete objects and tokens
Deletes objects and tokens that have been in the archived state for longer than the retention period and token transaction IDs with no associated tokens. By default, this command deletes objects, tokens, and dangling token transaction IDs.
pvault admin gc [ --objects-only ] [ --tokens-only ] [ --transaction-ids-only ] [ --dry-run ] [ --force | -f ] [ --quiet ] [ --reload-cache ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--objects-only | Delete archived objects only. | (Optional) | |
--tokens-only | Delete archived tokens only. | (Optional) | |
--transaction-ids-only | Delete token transaction IDs with no associated tokens only. | (Optional) | |
--dry-run | Return a count of items eligible for deletion, without deleting them. | (Optional) | |
--force -f | Ignore interactive protection. | (Optional) | |
--quiet | Suppress the printing of output. Can only be included when the --force flag is set. | (Optional) | |
--reload-cache | Force a cache reload. | (Optional) |
Version
Get the version of the Vault.
pvault version
Selftest
Run a performance suite
Run a performance benchmarking suite using a separate database collection. The given parameters control how the benchmarking suite is performed.
pvault selftest bench [ --par=1 ] [ --rate=0 ] [ --scale=1000 ] [ --duration=0 ] [ --middle-stage-duration=0 ] [ --read=0 ] [ --update=0 ] [ --token=0 ] [ --replace=0 ] [ --query=0 ] [ --sleep=0 ] [ --persisted=value ] [ --skip-recreate ] [ --html-output=value ] [ --term-output ] [ --columns=9 ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--par | Goroutine parallelism - how many requests to perform in parallel | 1 | |
--rate | Optimistic target RPS. 0 to set no limit and request as fast as possible. | 0 | |
--scale | Scale multiple - control the total amount of work and dataset size | 1000 | |
--duration | Minimum duration in minutes in which to repeated run the benchmark, 0 - for a single execution | 0 | |
--middle-stage-duration | Number of seconds for the middle stage where random operations are done (0 = no middle stage) | 0 | |
--read | Weight reads in the middle stage | 0 | |
--update | Weight updates in the middle stage | 0 | |
--token | Weight tokens in the middle stage | 0 | |
--replace | Weight replace in the middle stage | 0 | |
--query | Weight query in the middle stage | 0 | |
--sleep | Duration of seconds to sleep between executions | 0 | |
--persisted | Provide a shadow database to the bench. By providing this file, the final 'Delete' stage is replaced the save of the UUIDs of the created objects. If the file already exist, the initial 'Add' stage is replaced with the loading of the UUIDs from the file. | (Optional) | |
--skip-recreate | Skip recreation of the test collection and assume it already exists. | (Optional) | |
--html-output | Issue an HTML report to this path | (Optional) | |
--term-output | Show term graphics depicting operations | (Optional) | |
--columns | Control the number of properties in the schema | 9 |
Quick validation for a working Vault
pvault selftest basic [ --fail-on-warnings | -w ] [ --collection | -c=COLLECTION ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--fail-on-warnings -w | Fail on check warnings | (Optional) | |
--collection -c | The COLLECTION name. | (Optional) | $PVAULT_COLLECTION |
Completions
Generate auto-completion script for bash
Generates a bash completion script for pvault-cli commands and flags. The script is output on stdout, enabling you to redirect it to a file that can be sourced by your terminal session or by your bash profile. Works only with the CLI binary.
pvault completions bash
Generate auto-completion script for zsh
Generates a zsh completion script for pvault-cli commands and flags. The script is output on stdout, enabling you to redirect it to a file that can be sourced in your terminal session or by your zsh profile. Works only with the CLI binary.
pvault completions zsh
Export
Export Vault data
Exports Vault data for one or more collections to a zip file. By default, the export includes collection objects, collection schemas, the IAM configuration file, custom data type specifications, and custom data type bundles. You can include archived objects in the export. If you're using the hosted version of Vault and need to export data, contact Piiano.
pvault export [ --collections=value ] [ --include-archived ] [ --no-data ] [ --no-iam ] [ --no-collection-schemas ] [ --no-bundles ] [ --no-data-types ] [ --data-only ] [ --include-deterministic-tokens ] [ --output-dir | -d=. ] [ --no-progress ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--collections | Comma-separated list of the collections to export. If not specified, all collections are exported. Accepts multiple inputs. | (Optional) | |
--include-archived | Include archived objects in the export. | (Optional) | |
--no-data | Exclude collection objects from the export. | (Optional) | |
--no-iam | Exclude IAM data from the export. | (Optional) | |
--no-collection-schemas | Exclude collection schemas from the export. | (Optional) | |
--no-bundles | Exclude bundles from the export. | (Optional) | |
--no-data-types | Exclude data types from the export. | (Optional) | |
--data-only | Export collection objects only. This flag is a shortcut for --no-iam, --no-collection-schemas, --no-bundles, and --no-data-types. | (Optional) | |
--include-deterministic-tokens | Whether to include deterministic tokens in the export. If not specified, defaults to false. | (Optional) | |
--output-dir -d | The directory to write the exported zip file to. If not specified, defaults to the current directory. | . | |
--no-progress | Hide the progress display. | (Optional) |
Import
Imports Vault data
Imports Vault data from a zip file. If you're using the hosted version of Vault and need to import exported data, contact Piiano.
pvault import --zip-file=value [ --no-progress ] [ --no-data ] [ --data-only ] [ --override-duplicates ] [ --skip-duplicates ] [ --max-skip-duplicates=0 ] [ --force ]
Flag | Description | Default | Environment variable |
---|---|---|---|
--zip-file | The zip file to import. | Required | |
--no-progress | Hide the progress display. | (Optional) | |
--no-data | Exclude collection objects from the import. | (Optional) | |
--data-only | Import collection objects only. | (Optional) | |
--override-duplicates | Override duplicate objects. | (Optional) | |
--skip-duplicates | Skip duplicate objects. | (Optional) | |
--max-skip-duplicates | Maximum number of duplicate objects to skip. | 0 | |
--force | Force import to a vault with different version from the vault which used for export. | (Optional) |