Read certificates and key via CLI?

Moin,

I generated a certificate using the CLI:
vault write pki_int/issue/fritz-dot-box common_name="hermes.fritz.box" ttl="820h"

How can I read the certificate and the key now using the CLI?

Thanks

Hi,

I would recommend to use the -format=json option of Vault cli, and store the output in a variable. You can then use jq afterwards to extract the values from the output.

Maybe something like this:

RESULT=$(vault write pki_int/issue/fritz-dot-box common_name="hermes.fritz.box" ttl="820h" --format=json)
echo $RESULT|jq -j '<json-path-to-cert'>' > cert.pem
echo $RESULT|jq -j '<json-path-to-key'>' > key.pem
unset RESULT

I don’t know the exact paths for <json-path-to-cert'> and <json-path-to-key by heart, you’ll need to look at the json itself for this.

Thank you, that’s it.
I never used jq before, but it was very easy to extract the data.

I forgot to mention the json-path, maybe it is helpful for someone else …

… | jq .data.certificate
… | jq .data.private_key

CU

1 Like