jq Patterns

jq patterns I’ve actually used. Every entry has a date and context.

2026-04-03: Vault Certificate Extraction

Problem: Extract certificate and private key from Vault PKI JSON response

Context: P16g EAP-TLS deployment, Vault cert issuance

The Fix:

# Issue cert and capture full response
vault write pki_int/issue/domus-client \
  common_name="modestus-p16g.inside.domusdigitalis.dev" \
  ttl="8760h" -format=json | tee /tmp/vault-cert.json

# Extract certificate
jq -r '.data.certificate' /tmp/vault-cert.json > /tmp/client.crt

# Extract private key
jq -r '.data.private_key' /tmp/vault-cert.json > /tmp/client.key

# Extract CA chain
jq -r '.data.ca_chain[]' /tmp/vault-cert.json > /tmp/ca-chain.crt

Rule: Use tee to save full JSON response, then extract fields with jq -r (raw output, no quotes).

Worklog: WRKLOG-2026-04-03

2026-04-02: ISE DataConnect Query Parsing

Problem: Parse ISE DataConnect JDBC query results (JSON array of objects)

Context: P16g deployment, verifying endpoint registration via netapi

The Fix:

# Extract specific field from array
echo "$response" | jq -r '.[].MACAddress'

# Filter by field value
echo "$response" | jq -r '.[] | select(.EndPointPolicy == "DOMUS-IoT")'

# Format as table
echo "$response" | jq -r '.[] | [.MACAddress, .EndPointPolicy, .IdentityGroup] | @tsv'

Rule: Use select() for filtering, @tsv for tabular output.

Worklog: WRKLOG-2026-04-02

jq Patterns

2026-04-03: Vault Certificate Extraction

2026-04-02: ISE DataConnect Query Parsing

Template for New Entries