token capabilities
The token capabilities
command fetches the capabilities of a token for a given
path.
If a TOKEN is provided as an argument, this command uses the "/sys/capabilities" endpoint and permission. If no TOKEN is provided, this command uses the "/sys/capabilities-self" endpoint and permission with the locally authenticated token.
Examples
List capabilities for the local token on the "secret/foo" path:
$ vault token capabilities secret/fooread
List capabilities for a token on the "cubbyhole/foo" path:
$ vault token capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 database/creds/readonlydeny
Usage
The following flags are available in addition to the standard set of flags included on all commands.
Output Options
-format
(string: "table")
- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMAT
environment variable.