cnquery vault configure

Set up a vault environment so cnquery can securely retrieve credentials during queries instead of passing them on the command line.

Configure a vault backed by the Linux kernel keyring:

cnquery vault configure my-vault --type linux-kernel-keyring

Configure a vault backed by HashiCorp Vault:

cnquery vault configure hcvault --type hashicorp-vault --option url=https://vault.example.com --option token=hvs.EXAMPLE

Configure a vault backed by AWS Secrets Manager:

cnquery vault configure aws-secrets --type aws-secrets-manager --option region=us-east-1

Options

  -h, --help                    help for configure
      --inventory-file string   Set the path to the inventory file
      --option stringToString   Set additional vault connection options (use --option key=value for multiple) (default [])
      --type string             Set the vault type. Possible values: aws-parameter-store | aws-secrets-manager | encrypted-file | gcp-berglas | gcp-secret-manager | hashicorp-vault | keyring | linux-kernel-keyring | memory | none

Options inherited from parent commands

      --api-proxy string   Set the proxy for communications with Mondoo Platform API
      --auto-update        Enable automatic provider installation and update (default true)
      --config string      Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string   Set the log level: error, warn, info, debug, trace (default "info")
  -v, --verbose            Enable verbose output

cnquery vault configure

Options

Options inherited from parent commands

SEE ALSO

On this page