Mondoo
Docs
CLI Commands

cnspec vault configure

Configure a vault environment for securely storing credentials, with support for AWS, GCP, HashiCorp Vault, and more.

Set up a vault environment so cnspec can securely retrieve credentials during scans instead of passing them on the command line.

Configure a vault backed by the Linux kernel keyring:

cnspec vault configure my-vault --type linux-kernel-keyring

Configure a vault backed by HashiCorp Vault:

cnspec vault configure hcvault --type hashicorp-vault --option url=https://vault.example.com --option token=hvs.EXAMPLE

Configure a vault backed by AWS Secrets Manager:

cnspec vault configure aws-secrets --type aws-secrets-manager --option region=us-east-1

Options

  -h, --help                    help for configure
      --inventory-file string   Set the path to the inventory file
      --option stringToString   Set additional vault connection options (use --option key=value for multiple) (default [])
      --type string             Set the vault type. Possible values: aws-parameter-store | aws-secrets-manager | encrypted-file | gcp-berglas | gcp-secret-manager | hashicorp-vault | keyring | linux-kernel-keyring | memory | none

Options inherited from parent commands

      --api-proxy string   Set the proxy for communications with Mondoo Platform API
      --auto-update        Enable automatic provider installation and update (default true)
      --config string      Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string   Set the log level: error, warn, info, debug, trace (default "info")
  -v, --verbose            Enable verbose output

SEE ALSO

cnspec vault add-secret

Store a secret in a configured vault environment.

cnspec vault

Manage vault environments for securely storing and retrieving credentials used in cnspec scans.

On this page

OptionsOptions inherited from parent commandsSEE ALSO