Patch versioned key/value data
Use the patch process to update specific values or add new key/value pairs to
an existing data path in the kv
v2 plugin.
Assumptions
- You have set up a
kv
v2 plugin. - Your authentication token has appropriate permissions for the
kv
v2 plugin:patch
permission to make direct updates withPATCH
actions.create
+update
permission if you want to make indirect updates with the Vault CLI by combiningGET
andPOST
actions.
- You know the keys or subkeys you want to patch.
Use the vault kv patch
command and set the
-cas
flag to the expected data version to perform a check-and-set operation
before applying the patch:
For example:
If the -cas
version is older than the current version of data at the target
path, the patch fails:
To force a patch, you can exclude the -cas
flag or use the
read+write
patch method with the -method
flag. For example:
Instead of using an HTTP PATCH
action, the read+write
method uses a sequence
of GET
and POST
operations to fetch the most recent version of data stored
at the targeted path, perform an in-memory update to the targeted keys, then
push the update to the plugin.