Revoke certificate via cli


somewhere in the internet I saw the command

$ vault revoke

but it’s not working:

[rundeck@argus720 ~]$ vault revoke 27:4D:F0:64:76:8D:98:23:72:6B:DC:18:A7:50:C8:99:3A:3A:1F:ED
Usage: vault [args]

Indeed, there is no command “revoke”. Any hint?

Thank you in advance

The general solution to all questions about how to use the Vault CLI for a Vault API that doesn’t have a dedicated CLI subcommands is:

First, look up the Vault function you want in the API docs: PKI - Secrets Engines - HTTP API | Vault by HashiCorp

Then, use vault read (for HTTP GET), vault write (for HTTP PUT/POST - there is no difference between these for Vault), vault list (for HTTP LIST) or vault delete (for HTTP DELETE) to call the endpoint with the documented parameters.

These four commands are an HTTP API client specialised for Vault’s API conventions.


vault write pki/revoke serial_number=...