mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 12:26:34 +02:00
Code Issues Projects Releases Wiki Activity

Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459)

Browse Source
This commit is contained in:
Jeff Mitchell 2019-03-22 11:15:37 -05:00 committed by GitHub
parent fb17862936
commit d096f62d8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
97 changed files with 1696 additions and 1696 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
website/source/api/auth/alicloud/index.html.md
View File

@ -22,9 +22,9 @@ please update your API calls accordingly.
Registers a role. Only entities using the role registered using this endpoint
will be able to perform the login operation.
| Method | Path | Produces |
| :------- | :------------------------------- | :--------------------- |
| `POST` | `/auth/alicloud/role/:role` | `204 (empty body)` |
| Method | Path |
| :------------------------------- | :--------------------- |
| `POST` | `/auth/alicloud/role/:role` |
### Parameters
@ -69,9 +69,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/alicloud/role/:role` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/alicloud/role/:role` |
### Parameters
@ -107,9 +107,9 @@ $ curl \
Lists all the roles that are registered with the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/alicloud/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/alicloud/roles` |
### Sample Request
@ -137,9 +137,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path | Produces |
| :------- | :------------------------------- | :--------------------- |
| `DELETE` | `/auth/alicloud/role/:role` | `204 (empty body)` |
| Method | Path |
| :------------------------------- | :--------------------- |
| `DELETE` | `/auth/alicloud/role/:role` |
### Parameters
@ -159,9 +159,9 @@ $ curl \
Fetch a token. This endpoint verifies the signature of the signed
GetCallerIdentity request.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/alicloud/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/alicloud/login` |
### Parameters

94
website/source/api/auth/approle/index.html.md
View File

@ -21,9 +21,9 @@ please update your API calls accordingly.
This endpoint returns a list the existing AppRoles in the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/approle/role` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/approle/role` |
### Sample Request
@ -61,9 +61,9 @@ supports both `create` and `update` capabilities. There can be one or more
constraints enabled on the role. It is required to have at least one of them
enabled while creating or updating a role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name` |
### Parameters
@ -133,9 +133,9 @@ $ curl \
Reads the properties of an existing AppRole.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/approle/role/:role_name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/approle/role/:role_name` |
### Parameters
@ -178,9 +178,9 @@ $ curl \
Deletes an existing AppRole from the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/approle/role/:role_name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/approle/role/:role_name` |
### Parameters
@ -199,9 +199,9 @@ $ curl \
Reads the RoleID of an existing AppRole.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/approle/role/:role_name/role-id` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/approle/role/:role_name/role-id` |
### Parameters
@ -235,9 +235,9 @@ $ curl \
Updates the RoleID of an existing AppRole to a custom value.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/role-id` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/role-id` |
### Parameters
@ -285,9 +285,9 @@ tokens, the response will also contain a `secret_id_accessor` value which can
be used to read the properties of the SecretID without divulging the SecretID
itself, and also to delete the SecretID from the AppRole.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id` |
### Parameters
@ -344,9 +344,9 @@ $ curl \
Lists the accessors of all the SecretIDs issued against the AppRole.
This includes the accessors for "custom" SecretIDs as well.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/approle/role/:role_name/secret-id` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/approle/role/:role_name/secret-id` |
### Parameters
@ -387,9 +387,9 @@ $ curl \
Reads out the properties of a SecretID.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/lookup` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/lookup` |
### Parameters
@ -418,9 +418,9 @@ $ curl \
Destroy an AppRole secret ID.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/destroy` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/destroy` |
### Parameters
@ -449,9 +449,9 @@ $ curl \
Reads out the properties of a SecretID.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/lookup` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/lookup` |
### Parameters
@ -480,9 +480,9 @@ $ curl \
Destroy an AppRole secret ID by its accessor.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/destroy` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/destroy` |
### Parameters
@ -512,9 +512,9 @@ $ curl \
Assigns a "custom" SecretID against an existing AppRole. This is used in the
"Push" model of operation.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/custom-secret-id` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/custom-secret-id` |
### Parameters
@ -574,9 +574,9 @@ required; if `bind_secret_id` is enabled (the default) on the AppRole,
`secret_id` is required too. Any other bound authentication values on the
AppRole (such as client IP CIDR) are also evaluated.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/login` |
### Parameters
@ -631,8 +631,8 @@ parameters of the AppRole can be updated using the `/auth/approle/role/:role_nam
endpoint directly. The endpoints for each field is provided separately
to be able to delegate specific endpoints using Vault's ACL system.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/policies` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-num-uses` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-ttl` | `200/204` |
@ -652,9 +652,9 @@ in the token store. Generally, running this is not needed unless upgrade
notes or support personnel suggest it. This may perform a lot of I/O to the
storage method so should be used sparingly.
| Method | Path | Produces |
| :------- | :------------------------------ | :--------------------- |
| `POST` | `/auth/approle/tidy/secret-id` | `204 (empty body)` |
| Method | Path |
| :------------------------------ | :--------------------- |
| `POST` | `/auth/approle/tidy/secret-id` |
### Sample Request

204
website/source/api/auth/aws/index.html.md
View File

@ -30,9 +30,9 @@ the environment variables `AWS_ACCESS_KEY`, `AWS_SECRET_KEY` and
method is configured on an EC2 instance with metadata querying
capabilities, the credentials are fetched automatically.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/client` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/client` |
### Parameters
@ -89,9 +89,9 @@ $ curl \
Returns the previously configured AWS access credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/client` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/client` |
### Sample Request
@ -119,9 +119,9 @@ $ curl \
Deletes the previously configured AWS access credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/client` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/client` |
### Sample Request
@ -138,9 +138,9 @@ This configures the way that Vault interacts with the
[Identity](/docs/secrets/identity/index.html) store. The default (as of Vault
1.0.3) is `role_id` for both values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/identity` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/identity` |
### Parameters
@ -188,9 +188,9 @@ $ curl \
Returns the previously configured Identity integration configuration
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/identity` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/identity` |
### Sample Request
@ -218,9 +218,9 @@ digest, the identity signature will have RSA digest, and hence the public
keys for each type varies respectively. Indicate the type of the public key
using the "type" parameter.
| Method | Path | Produces |
| :------- | :------------------------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/certificate/:cert_name` | `204 (empty body)` |
| Method | Path |
| :------------------------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/certificate/:cert_name` |
### Parameters
@ -255,9 +255,9 @@ $ curl \
Returns the previously configured AWS public key.
| Method | Path | Produces |
| :------- | :--------------------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/certificate/:cert_name` | `200 application/json` |
| Method | Path |
| :--------------------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/certificate/:cert_name` |
### Parameters
@ -286,9 +286,9 @@ $ curl \
Removes the previously configured AWS public key.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/certificate/:cert_name` | `204 (empty body)` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/certificate/:cert_name` |
### Sample Request
@ -303,9 +303,9 @@ $ curl \
Lists all the AWS public certificates that are registered with the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/config/certificates` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/config/certificates` |
### Sample Request
@ -335,9 +335,9 @@ Allows the explicit association of STS roles to satellite AWS accounts
running.) Vault will use credentials obtained by assuming these STS roles
when validating IAM principals or EC2 instances in the particular AWS account.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/sts/:account_id` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/sts/:account_id` |
### Parameters
@ -370,9 +370,9 @@ $ curl \
Returns the previously configured STS role.
| Method | Path | Produces |
| :------- | :--------------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/sts/:account_id` | `200 application/json` |
| Method | Path |
| :--------------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/sts/:account_id` |
### Parameters
@ -401,9 +401,9 @@ $ curl \
Lists all the AWS Account IDs for which an STS role is registered.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/config/sts` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/config/sts` |
### Sample Request
@ -431,9 +431,9 @@ $ curl \
Deletes a previously configured AWS account/STS role association.
| Method | Path | Produces |
| :------- | :--------------------------------- | :------------------|
| `DELETE` | `/auth/aws/config/sts/:account_id` | `204 (empty body)` |
| Method | Path |
| :--------------------------------- | :------------------|
| `DELETE` | `/auth/aws/config/sts/:account_id` |
### Parameters
@ -453,9 +453,9 @@ $ curl \
Configures the periodic tidying operation of the whitelisted identity entries.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/tidy/identity-whitelist` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/tidy/identity-whitelist` |
### Parameters
@ -487,9 +487,9 @@ $ curl \
Returns the previously configured periodic whitelist tidying settings.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/tidy/identity-whitelist` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/tidy/identity-whitelist` |
### Sample Request
@ -514,9 +514,9 @@ $ curl \
Deletes the previously configured periodic whitelist tidying settings.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/tidy/identity-whitelist` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/tidy/identity-whitelist` |
### Sample Request
@ -531,9 +531,9 @@ $ curl \
Configures the periodic tidying operation of the blacklisted role tag entries.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/tidy/roletag-blacklist` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/tidy/roletag-blacklist` |
### Parameters
@ -565,9 +565,9 @@ $ curl \
Returns the previously configured periodic blacklist tidying settings.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/tidy/roletag-blacklist` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/tidy/roletag-blacklist` |
### Sample Request
@ -592,9 +592,9 @@ $ curl \
Deletes the previously configured periodic blacklist tidying settings.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/tidy/roletag-blacklist` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/tidy/roletag-blacklist` |
### Sample Request
@ -619,9 +619,9 @@ inferencing configuration of that role. For the constraints which accept a list
of values, the authenticating instance/principal must match any one value in the
list in order to satisfy that constraint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/role/:role` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/role/:role` |
### Parameters
@ -793,9 +793,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/role/:role` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/role/:role` |
### Parameters
@ -832,9 +832,9 @@ $ curl \
Lists all the roles that are registered with the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/roles` |
### Sample Request
@ -862,9 +862,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/role/:role` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/role/:role` |
### Parameters
@ -896,9 +896,9 @@ on the new role tag. Since those must be a subset of the role
capabilities, the role should never provide more capabilities than any
given instance can be allowed to gain in a worst-case scenario.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/role/:role/tag` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/role/:role/tag` |
### Parameters
@ -960,9 +960,9 @@ defined on the role with which the login is being performed. With the ec2
auth method, as an alternative to pkcs7 signature, the identity document
along with its RSA digest can be supplied to this endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/login` |
### Sample Payload
@ -1064,9 +1064,9 @@ that if the role tag was previously used to perform a successful login,
placing the tag in the blacklist does not invalidate the already issued
token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/roletag-blacklist/:role_tag` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@ -1087,9 +1087,9 @@ $ curl \
Returns the blacklist entry of a previously blacklisted role tag.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/roletag-blacklist/:role_tag` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@ -1121,9 +1121,9 @@ $ curl \
Lists all the role tags that are blacklisted.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/roletag-blacklist` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/roletag-blacklist` |
### Sample Request
@ -1150,9 +1150,9 @@ $ curl \
Deletes a blacklisted role tag.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/roletag-blacklist/:role_tag` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@ -1175,9 +1175,9 @@ $ curl \
Cleans up the entries in the blacklist based on expiration time on the entry and
`safety_buffer`.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/tidy/roletag-blacklist` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/tidy/roletag-blacklist` |
### Parameters
@ -1199,9 +1199,9 @@ $ curl \
Returns an entry in the whitelist. An entry will be created/updated by every
successful login.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/identity-whitelist/:instance_id` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/identity-whitelist/:instance_id` |
### Parameters
@ -1236,9 +1236,9 @@ $ curl \
Lists all the instance IDs that are in the whitelist of successful logins.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/identity-whitelist` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/identity-whitelist` |
### Sample Request
@ -1265,9 +1265,9 @@ $ curl \
Deletes a cache of the successful login from an instance.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/identity-whitelist/:instance_id` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/identity-whitelist/:instance_id` |
### Parameters
@ -1289,9 +1289,9 @@ $ curl \
Cleans up the entries in the whitelist based on expiration time and
`safety_buffer`.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/tidy/identity-whitelist` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/tidy/identity-whitelist` |
### Parameters

48
website/source/api/auth/azure/index.html.md
View File

@ -24,9 +24,9 @@ Configures the credentials required for the plugin to perform API calls
to Azure. These credentials will be used to query the metadata about the
virtual machine.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/config` |
### Parameters
@ -61,9 +61,9 @@ $ curl \
Returns the previously configured config, including credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/azure/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/azure/config` |
### Sample Request
@ -92,9 +92,9 @@ $ curl \
Deletes the previously configured Azure config and credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/config` |
### Sample Request
@ -112,9 +112,9 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/role/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
@ -173,9 +173,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/azure/role/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/azure/role/:name` |
### Parameters
@ -216,9 +216,9 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/azure/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/azure/roles` |
### Sample Request
@ -247,9 +247,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/role/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/role/:name` |
### Parameters
@ -270,9 +270,9 @@ Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and
a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/login` |
### Sample Payload

54
website/source/api/auth/cert/index.html.md
View File

@ -22,9 +22,9 @@ location, please update your API calls accordingly.
Sets a CA cert and associated parameters in a role name.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/certs/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/certs/:name` |
### Parameters
@ -110,9 +110,9 @@ $ curl \
Gets information associated with the named role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/cert/certs/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/cert/certs/:name` |
### Parameters
@ -152,9 +152,9 @@ $ curl \
Lists configured certificate names.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/cert/certs` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/cert/certs` |
### Sample Request
@ -188,9 +188,9 @@ $ curl \
Deletes the named role and CA cert from the method mount.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/cert/certs/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/cert/certs/:name` |
### Parameters
@ -209,9 +209,9 @@ $ curl \
Sets a named CRL.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/crls/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/crls/:name` |
### Parameters
@ -243,9 +243,9 @@ Gets information associated with the named CRL (currently, the serial
numbers contained within). As the serials can be integers up to an
arbitrary size, these are returned as strings.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/cert/crls/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/cert/crls/:name` |
### Parameters
@ -280,9 +280,9 @@ $ curl \
Deletes the named CRL from the auth method mount.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/cert/crls/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/cert/crls/:name` |
### Parameters
@ -301,9 +301,9 @@ $ curl \
Configuration options for the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/config` |
### Parameters
@ -338,9 +338,9 @@ is required to be verified, then it should be a fully qualified DNS domain name
and must be duplicated as a DNS SAN (see
https://tools.ietf.org/html/rfc6125#section-2.3)
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/login` |
### Parameters

54
website/source/api/auth/gcp/index.html.md
View File

@ -25,9 +25,9 @@ to Google Cloud. These credentials will be used to query the status of IAM
entities and get service account or other Google public certificates
to confirm signed JWTs passed in during login.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/config` |
### Parameters
@ -67,9 +67,9 @@ $ curl \
Returns the configuration, if any, including credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/gcp/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/gcp/config` |
### Sample Request
@ -99,9 +99,9 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/role/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/role/:name` |
### Parameters
@ -230,9 +230,9 @@ Edit service accounts for an existing IAM role in the method.
This allows you to add or remove service accounts from the list of
service accounts on the role.
| Method | Path | Produces |
| :------- | :---------------------------------------| :------------------|
| `POST` | `/auth/gcp/role/:name/service-accounts` | `204 (empty body)` |
| Method | Path |
| :---------------------------------------| :------------------|
| `POST` | `/auth/gcp/role/:name/service-accounts` |
### Parameters
@ -274,9 +274,9 @@ $ curl \
Edit labels for an existing GCE role in the backend. This allows you to add or
remove labels (keys, values, or both) from the list of keys on the role.
| Method | Path | Produces |
| :------- | :---------------------------------------| :------------------|
| `POST` | `/auth/gcp/role/:name/labels` | `204 (empty body)` |
| Method | Path |
| :---------------------------------------| :------------------|
| `POST` | `/auth/gcp/role/:name/labels` |
### Parameters
@ -320,9 +320,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/gcp/role/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/gcp/role/:name` |
### Parameters
@ -368,9 +368,9 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/gcp/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/gcp/roles` |
### Sample Request
@ -398,9 +398,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/gcp/role/:role` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/gcp/role/:role` |
### Parameters
@ -422,9 +422,9 @@ Login to retrieve a Vault token. This endpoint takes a signed JSON Web Token
Cloud to authenticate that entity and then authorizes the entity for the given
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/login` |
### Sample Payload

42
website/source/api/auth/github/index.html.md
View File

@ -22,9 +22,9 @@ please update your API calls accordingly.
Configures the connection parameters for GitHub. This path honors the
distinction between the `create` and `update` capabilities inside ACL policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/github/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/config` |
### Parameters
@ -58,9 +58,9 @@ $ curl \
Reads the GitHub configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/github/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/github/config` |
### Sample Request
@ -92,9 +92,9 @@ $ curl \
Map a list of policies to a team that exists in the configured GitHub organization.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/teams/:team_name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/teams/:team_name` |
### Parameters
@ -124,9 +124,9 @@ $ curl \
Reads the GitHub team policy mapping.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/teams/:team_name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/teams/:team_name` |
### Sample Request
@ -159,9 +159,9 @@ $ curl \
Map a list of policies to a specific GitHub user exists in the configured
organization.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/users/:user_name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/users/:user_name` |
### Parameters
@ -193,9 +193,9 @@ policy **in addition to** any team policies.
Reads the GitHub user policy mapping.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/users/:user_name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/users/:user_name` |
### Sample Request
@ -228,9 +228,9 @@ $ curl \
Login using GitHub access token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/github/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/login` |
### Parameters

54
website/source/api/auth/jwt/index.html.md
View File

@ -24,9 +24,9 @@ Configures the validation information to be used globally across all roles. One
(and only one) of `oidc_discovery_url` and `jwt_validation_pubkeys` must be
set.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/config` |
### Parameters
@ -62,9 +62,9 @@ $ curl \
Returns the previously configured config.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/config` |
### Sample Request
@ -95,9 +95,9 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login. At least one of the bound values must be set.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/role/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
@ -172,9 +172,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/role/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/role/:name` |
### Parameters
@ -218,9 +218,9 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/jwt/role` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/jwt/role` |
### Sample Request
@ -249,9 +249,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/jwt/role/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/jwt/role/:name` |
### Parameters
@ -270,9 +270,9 @@ $ curl \
Obtain an authorization URL from Vault to start an OIDC login flow.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/oidc/auth_url` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/oidc/auth_url` |
### Parameters
@ -317,9 +317,9 @@ $ curl \
Exchange an authorization code for an OIDC ID Token. The ID token will be further validated
against any bound claims, and if valid a Vault token will be returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/oidc/callback` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/oidc/callback` |
### Parameters
@ -362,9 +362,9 @@ Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and
a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/login` |
### Parameters

44
website/source/api/auth/kubernetes/index.html.md
View File

@ -24,9 +24,9 @@ existence with the Kubernetes TokenReview API. This endpoint configures the
public key used to validate the JWT signature and the necessary information to
access the Kubernetes API.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/config` |
### Parameters
- `kubernetes_host` `(string: <required>)` - Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@ -64,9 +64,9 @@ $ curl \
Returns the previously configured config, including credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/kubernetes/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/kubernetes/config` |
### Sample Request
@ -95,9 +95,9 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/role/:name`| `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/role/:name`|
### Parameters
- `name` `(string: <required>)` - Name of the role.
@ -145,9 +145,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/kubernetes/role/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/kubernetes/role/:name` |
### Parameters
@ -183,10 +183,10 @@ $ curl \
Lists all the roles that are registered with the auth method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/kubernetes/role` | `200 application/json` |
| `GET` | `/auth/kubernetes/role?list=true` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/kubernetes/role` |
| `GET` | `/auth/kubernetes/role?list=true` |
### Sample Request
@ -214,9 +214,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/kubernetes/role/:role`| `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/kubernetes/role/:role`|
### Parameters
@ -237,9 +237,9 @@ Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and
a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/login` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/login` |
### Sample Payload

66
website/source/api/auth/ldap/index.html.md
View File

@ -21,9 +21,9 @@ please update your API calls accordingly.
This endpoint configures the LDAP auth method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/config` |
### Parameters
@ -111,9 +111,9 @@ $ curl \
This endpoint retrieves the LDAP configuration for the auth method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/config` |
### Sample Request
@ -158,9 +158,9 @@ $ curl \
This endpoint returns a list of existing groups in the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/ldap/groups` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/ldap/groups` |
### Sample Request
@ -194,9 +194,9 @@ $ curl \
This endpoint returns the policies associated with a LDAP group.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/groups/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/groups/:name` |
### Parameters
@ -231,9 +231,9 @@ $ curl \
This endpoint creates or updates LDAP group policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/groups/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/groups/:name` |
### Parameters
@ -263,9 +263,9 @@ $ curl \
This endpoint deletes the LDAP group and policy association.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/ldap/groups/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/ldap/groups/:name` |
### Parameters
@ -284,9 +284,9 @@ $ curl \
This endpoint returns a list of existing users in the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/ldap/users` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/ldap/users` |
### Sample Request
@ -320,9 +320,9 @@ $ curl \
This endpoint returns the policies associated with a LDAP user.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/users/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/users/:username` |
### Parameters
@ -358,9 +358,9 @@ $ curl \
This endpoint creates or updates LDAP users policies and group associations.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/users/:username` |
### Parameters
@ -392,9 +392,9 @@ $ curl \
This endpoint deletes the LDAP user and policy association.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/ldap/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/ldap/users/:username` |
### Parameters
@ -413,9 +413,9 @@ $ curl \
This endpoint allows you to log in with LDAP credentials
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/login/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/login/:username` |
### Parameters

66
website/source/api/auth/okta/index.html.md
View File

@ -22,9 +22,9 @@ please update your API calls accordingly.
Configures the connection parameters for Okta. This path honors the
distinction between the `create` and `update` capabilities inside ACL policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/config` |
### Parameters
@ -65,9 +65,9 @@ $ curl \
Reads the Okta configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/okta/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/okta/config` |
### Sample Request
@ -100,9 +100,9 @@ $ curl \
List the users configurated in the Okta method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/okta/users` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/okta/users` |
### Sample Request
@ -136,9 +136,9 @@ $ curl \
Registers a new user and maps a set of policies to it.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/users/:username` |
### Parameters
@ -169,9 +169,9 @@ $ curl \
Reads the properties of an existing username.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/okta/users/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/okta/users/:username` |
### Parameters
@ -208,9 +208,9 @@ $ curl \
Deletes an existing username from the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/okta/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/okta/users/:username` |
### Parameters
@ -229,9 +229,9 @@ $ curl \
List the groups configurated in the Okta method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/okta/groups` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/okta/groups` |
### Sample Request
@ -265,9 +265,9 @@ $ curl \
Registers a new group and maps a set of policies to it.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/groups/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/groups/:name` |
### Parameters
@ -297,9 +297,9 @@ $ curl \
Reads the properties of an existing group.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/okta/groups/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/okta/groups/:name` |
### Parameters
@ -335,9 +335,9 @@ $ curl \
Deletes an existing group from the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/okta/groups/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/okta/groups/:name` |
### Parameters
@ -356,9 +356,9 @@ $ curl \
Login with the username and password.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/login/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/okta/login/:username` |
### Parameters

38
website/source/api/auth/radius/index.html.md
View File

@ -22,9 +22,9 @@ please update your API calls accordingly.
Configures the connection parameters and shared secret used to communicate with
RADIUS.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/radius/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/radius/config` |
### Parameters
@ -65,9 +65,9 @@ $ curl \
Registers a new user and maps a set of policies to it. This path honors the
distinction between the `create` and `update` capabilities inside ACL policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/radius/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/radius/users/:username` |
### Parameters
@ -95,9 +95,9 @@ $ curl \
Reads the properties of an existing username.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/radius/users/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/radius/users/:username` |
### Parameters
@ -130,9 +130,9 @@ $ curl \
Deletes an existing username from the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/radius/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/radius/users/:username` |
### Parameters
@ -151,9 +151,9 @@ $ curl \
List the users registered with the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/radius/users` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/radius/users` |
### Sample Request
@ -187,10 +187,10 @@ $ curl \
Login with the username and password.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/radius/login` | `200 application/json` |
| `POST` | `/auth/radius/login/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/radius/login` |
| `POST` | `/auth/radius/login/:username` |
### Parameters

100
website/source/api/auth/token/index.html.md
View File

@ -19,9 +19,9 @@ This endpoint lists token accessor. This requires `sudo` capability, and access
to it should be tightly controlled as the accessors can be used to revoke very
large numbers of tokens and their associated leases at once.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/token/accessors` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/token/accessors` |
### Sample Request
@ -60,11 +60,11 @@ token is not required to create an orphan token (otherwise set with the
be created against the specified role name; this may override options set
during this call.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/create` | `200 application/json` |
| `POST` | `/auth/token/create-orphan` | `200 application/json` |
| `POST` | `/auth/token/create/:role_name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/create` |
| `POST` | `/auth/token/create-orphan` |
| `POST` | `/auth/token/create/:role_name` |
### Parameters
@ -150,9 +150,9 @@ $ curl \
Returns information about the client token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/lookup` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/lookup` |
### Parameters
@ -213,9 +213,9 @@ $ curl \
Returns information about the current client token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/token/lookup-self` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/token/lookup-self` |
### Sample Request
@ -262,9 +262,9 @@ $ curl \
Returns information about the client token from the accessor.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/lookup-accessor` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/lookup-accessor` |
### Parameters
@ -327,9 +327,9 @@ Renews a lease associated with a token. This is used to prevent the expiration
of a token, and the automatic revocation of it. Token renewal is possible only
if there is a lease associated with it.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/renew` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/renew` |
### Parameters
@ -381,9 +381,9 @@ Renews a lease associated with the calling token. This is used to prevent the
expiration of a token, and the automatic revocation of it. Token renewal is
possible only if there is a lease associated with it.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/renew-self` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/renew-self` |
### Parameters
@ -432,9 +432,9 @@ $ curl \
Revokes a token and all child tokens. When the token is revoked, all dynamic secrets
generated with it are also revoked.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke` |
### Parameters
@ -463,9 +463,9 @@ $ curl \
Revokes the token used to call it and all child tokens. When the token is
revoked, all dynamic secrets generated with it are also revoked.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke-self` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke-self` |
### Sample Request
@ -482,9 +482,9 @@ Revoke the token associated with the accessor and all the child tokens. This is
meant for purposes where there is no access to token ID but there is need to
revoke a token and its children.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke-accessor` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke-accessor` |
### Parameters
@ -515,9 +515,9 @@ generated with it are also revoked. All child tokens are orphaned, but can be
revoked sub-sequently using `/auth/token/revoke/`. This is a root-protected
endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke-orphan` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/revoke-orphan` |
### Parameters
@ -546,9 +546,9 @@ $ curl \
Fetches the named role configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/token/roles/:role_name`| `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/token/roles/:role_name`|
### Parameters
@ -590,9 +590,9 @@ $ curl \
List available token roles.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/token/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/token/roles` |
### Sample Request
@ -626,9 +626,9 @@ endpoints. The role name is also included in the token path, allowing all
tokens created against a role to be revoked using the
`/sys/leases/revoke-prefix` endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/roles/:role_name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/roles/:role_name` |
### Parameters
@ -707,9 +707,9 @@ $ curl \
This endpoint deletes the named token role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/token/roles/:role_name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/token/roles/:role_name` |
### Parameters
@ -731,9 +731,9 @@ in the token store. Generally, running this is not needed unless upgrade
notes or support personnel suggest it. This may perform a lot of I/O to the
storage method so should be used sparingly.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/token/tidy` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/token/tidy` |
### Sample Request

42
website/source/api/auth/userpass/index.html.md
View File

@ -22,9 +22,9 @@ please update your API calls accordingly.
Create a new user or update an existing user. This path honors the distinction between the `create` and `update` capabilities inside ACL policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/users/:username` |
### Parameters
@ -63,9 +63,9 @@ $ curl \
Reads the properties of an existing username.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/userpass/users/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/userpass/users/:username` |
### Sample Request
@ -96,9 +96,9 @@ $ curl \
This endpoint deletes the user from the method.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/userpass/users/:username` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/userpass/users/:username` |
### Parameters
@ -117,9 +117,9 @@ $ curl \
Update password for an existing user.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/users/:username/password` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/users/:username/password` |
### Parameters
@ -148,9 +148,9 @@ $ curl \
Update policies for an existing user.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/users/:username/policies` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/users/:username/policies` |
### Parameters
@ -179,9 +179,9 @@ $ curl \
List available userpass users.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/auth/userpass/users` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/userpass/users` |
### Sample Request
@ -209,9 +209,9 @@ $ curl \
Login with the username and password.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/login/:username` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/userpass/login/:username` |
### Parameters

32
website/source/api/secret/ad/index.html.md
View File

@ -51,11 +51,11 @@ text that fulfills those requirements. `{{PASSWORD}}` must appear exactly once a
At present, this endpoint does not confirm that the provided AD credentials are
valid AD credentials with proper permissions.
| Method | Path | Produces |
| :------- | :--------------------- | :--------------------- |
| `POST` | `/ad/config` | `204 (empty body)` |
| `GET` | `/ad/config` | `200 application/json` |
| `DELETE` | `/ad/config` | `204 (empty body)` |
| Method | Path |
| :--------------------- | :--------------------- |
| `POST` | `/ad/config` |
| `GET` | `/ad/config` |
| `DELETE` | `/ad/config` |
### Sample Post Request
@ -109,12 +109,12 @@ The `roles` endpoint configures how Vault will manage the passwords for individu
When adding a role, Vault verifies its associated service account exists.
| Method | Path | Produces |
| :------- | :--------------------- | :--------------------- |
| `GET` | `/ad/roles` | `200 application/json` |
| `POST` | `/ad/roles/:role_name` | `204 (empty body)` |
| `GET` | `/ad/roles/:role_name` | `200 application/json` |
| `DELETE` | `/ad/roles/:role_name` | `204 (empty body)` |
| Method | Path |
| :--------------------- | :--------------------- |
| `GET` | `/ad/roles` |
| `POST` | `/ad/roles/:role_name` |
| `GET` | `/ad/roles/:role_name` |
| `DELETE` | `/ad/roles/:role_name` |
### Sample Post Request
@ -160,9 +160,9 @@ Performing a `LIST` on the `/ad/roles` endpoint will list the names of all the r
The `creds` endpoint offers the credential information for a given role.
| Method | Path | Produces |
| :------- | :--------------------- | :--------------------- |
| `GET` | `/ad/creds/:role_name` | `200 application/json` |
| Method | Path |
| :--------------------- | :--------------------- |
| `GET` | `/ad/creds/:role_name` |
### Sample Get Request
@ -198,8 +198,8 @@ Rotate the `bindpass` to a new one known only to Vault.
### Endpoints
| Method | Path | Produces |
| :------- | :--------------------- | :----------------------------------------- |
| Method | Path |
| :--------------------- | :----------------------------------------- |
| `GET` | `/ad/rotate-root` | `204 (empty body) or 200 with warning` |
Generally, `rotate-root` returns a 204. However, if `rotate-root` is already in progress, it may return a 200 with a warning that root credential rotation is already in progress.

26
website/source/api/secret/alicloud/index.html.md
View File

@ -34,10 +34,10 @@ valid AliCloud credentials with proper permissions.
Please see the [Vault AliCloud documentation](/docs/secrets/alicloud/index.html) for
the policies that should be attached to the access key you provide.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/alicloud/config` | `204 (empty body)` |
| `GET` | `/alicloud/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/alicloud/config` |
| `GET` | `/alicloud/config` |
### Parameters
@ -84,12 +84,12 @@ The `role` endpoint configures how Vault will generate credentials for users of
* `ttl` (int, optional) - The duration in seconds after which the issued token should expire. Defaults to 0, in which case the value will fallback to the system/mount defaults.
* `max_ttl` (int, optional) - The maximum allowed lifetime of tokens issued using this role.
| Method | Path | Produces |
| :------- | :---------------------------| :--------------------- |
| `GET` | `/alicloud/role` | `200 application/json` |
| `POST` | `/alicloud/role/:role_name` | `204 (empty body)` |
| `GET` | `/alicloud/role/:role_name` | `200 application/json` |
| `DELETE` | `/alicloud/role/:role_name` | `204 (empty body)` |
| Method | Path |
| :---------------------------| :--------------------- |
| `GET` | `/alicloud/role` |
| `POST` | `/alicloud/role/:role_name` |
| `GET` | `/alicloud/role/:role_name` |
| `DELETE` | `/alicloud/role/:role_name` |
### Sample Post Request
@ -177,9 +177,9 @@ Performing a `LIST` on the `/alicloud/roles` endpoint will list the names of all
This endpoint generates dynamic RAM credentials based on the named role. This
role must be created before queried.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/alicloud/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/alicloud/creds/:name` |
### Parameters

56
website/source/api/secret/aws/index.html.md
View File

@ -39,9 +39,9 @@ files, or IAM/ECS instances.
At present, this endpoint does not confirm that the provided AWS credentials are
valid AWS credentials with proper permissions.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/aws/config/root` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/aws/config/root` |
### Parameters
@ -94,9 +94,9 @@ key on the IAM user; otherwise, generation of a new access key will fail. Once
this method is called, Vault will now be the only entity that knows the AWS
secret key is used to access AWS.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/aws/config/rotate-root` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/aws/config/rotate-root` |
### Parameters
@ -127,9 +127,9 @@ The new access key Vault uses is returned by this operation.
This endpoint configures lease settings for the AWS secrets engine. It is
optional, as there are default values for `lease` and `lease_max`.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/aws/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/aws/config/lease` |
### Parameters
@ -163,9 +163,9 @@ $ curl \
This endpoint returns the current lease settings for the AWS secrets engine.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/aws/config/lease` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/aws/config/lease` |
### Sample Request
@ -192,9 +192,9 @@ This endpoint creates or updates the role with the given `name`. If a role with
the name does not exist, it will be created. If the role exists, it will be
updated with the new attributes.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/aws/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/aws/roles/:name` |
### Parameters
@ -276,9 +276,9 @@ Using an ARN:
This endpoint queries an existing role by the given name. If the role does not
exist, a 404 is returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/aws/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/aws/roles/:name` |
If invalid role data was supplied to the role from an earlier version of Vault,
then it will show up in the response as `invalid_data`.
@ -328,9 +328,9 @@ For a role ARN:
This endpoint lists all existing roles in the secrets engine.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/aws/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/aws/roles` |
### Sample Request
@ -358,9 +358,9 @@ $ curl
This endpoint deletes an existing role by the given name. If the role does not
exist, a 404 is returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/aws/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/aws/roles/:name` |
### Parameters
@ -381,10 +381,10 @@ $ curl \
This endpoint generates credentials based on the named role. This role must be
created before queried.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/aws/creds/:name` | `200 application/json` |
| `GET` | `/aws/sts/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/aws/creds/:name` |
| `GET` | `/aws/sts/:name` |
The `/aws/creds` and `/aws/sts` endpoints are almost identical. The exception is
when retrieving credentials for a role that was specified with the legacy `arn`

36
website/source/api/secret/azure/index.html.md
View File

@ -23,9 +23,9 @@ Configures the credentials required for the plugin to perform API calls
to Azure. These credentials will be used to query roles and create/delete
service principals. Environment variables will override any parameters set in the config.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `POST` | `/azure/config` | `204 (empty body)` |
| Method | Path |
| :------------------------| :------------------------ |
| `POST` | `/azure/config` |
- `subscription_id` (`string: <required>`) - The subscription id for the Azure Active Directory.
This value can also be provided with the AZURE_SUBSCRIPTION_ID environment variable.
@ -64,9 +64,9 @@ $ curl \
Return the stored configuration, omitting `client_secret`.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `GET` | `/azure/config` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `GET` | `/azure/config` |
### Sample Request
@ -96,9 +96,9 @@ $ curl \
Deletes the stored Azure configuration and credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/config` |
### Sample Request
@ -117,9 +117,9 @@ Create or update a Vault role. Either `application_object_id` or
call to succeed. See the Azure secrets [roles docs][roles] for more
information about roles.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `POST` | `/azure/roles/:name` | `204 (empty body)` |
| Method | Path |
| :------------------------| :------------------------ |
| `POST` | `/azure/roles/:name` |
### Parameters
@ -169,9 +169,9 @@ $ curl \
Lists all of the roles that are registered with the plugin.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `LIST` | `/azure/roles` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `LIST` | `/azure/roles` |
### Sample Request
@ -200,9 +200,9 @@ $ curl \
This endpoint generates a new service principal based on the named role.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `GET` | `/azure/creds/:name` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `GET` | `/azure/creds/:name` |
### Parameters

28
website/source/api/secret/cassandra/index.html.md
View File

@ -28,9 +28,9 @@ please update your API calls accordingly.
This endpoint configures the connection information used to communicate with
Cassandra.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/cassandra/config/connection` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/cassandra/config/connection` |
### Parameters
@ -113,9 +113,9 @@ $ curl \
This endpoint creates or updates the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/cassandra/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/cassandra/roles/:name` |
### Parameters
@ -164,9 +164,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/cassandra/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/cassandra/roles/:name` |
### Parameters
@ -198,8 +198,8 @@ $ curl \
This endpoint deletes the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/cassandra/roles/:name` | `204 (no body)` |
### Parameters
@ -221,9 +221,9 @@ $ curl \
This endpoint generates a new set of dynamic credentials based on the named
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/cassandra/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/cassandra/creds/:name` |
### Parameters

36
website/source/api/secret/consul/index.html.md
View File

@ -23,9 +23,9 @@ This endpoint configures the access information for Consul. This access
information is used so that Vault can communicate with Consul and generate
Consul tokens.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/consul/config/access` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/consul/config/access` |
### Parameters
@ -63,9 +63,9 @@ This endpoint creates or updates the Consul role definition. If the role does
not exist, it will be created. If the role already exists, it will receive
updated attributes.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/consul/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/consul/roles/:name` |
### Parameters for Consul version below 1.4
@ -154,9 +154,9 @@ curl \
This endpoint queries for information about a Consul role with the given name.
If no role exists with that name, a 404 is returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/consul/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/consul/roles/:name` |
### Parameters
@ -187,9 +187,9 @@ $ curl \
This endpoint lists all existing roles in the secrets engine.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/consul/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/consul/roles` |
### Sample Request
@ -217,9 +217,9 @@ $ curl \
This endpoint deletes a Consul role with the given name. Even if the role does
not exist, this endpoint will still return a successful response.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/consul/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/consul/roles/:name` |
### Parameters
@ -240,9 +240,9 @@ $ curl \
This endpoint generates a dynamic Consul token based on the given role
definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/consul/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/consul/creds/:name` |
### Parameters

26
website/source/api/secret/cubbyhole/index.html.md
View File

@ -22,9 +22,9 @@ any location, please update your API calls accordingly.
This endpoint retrieves the secret at the specified location.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/cubbyhole/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/cubbyhole/:path` |
### Parameters
@ -59,9 +59,9 @@ This endpoint returns a list of secret entries at the specified location.
Folders are suffixed with `/`. The input must be a folder; list on a file will
not return a value. The values themselves are not accessible via this command.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/cubbyhole/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/cubbyhole/:path` |
### Parameters
@ -99,10 +99,10 @@ two entries.
This endpoint stores a secret at the specified location.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/cubbyhole/:path` | `204 (empty body)` |
| `PUT` | `/cubbyhole/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/cubbyhole/:path` |
| `PUT` | `/cubbyhole/:path` |
### Parameters
@ -137,9 +137,9 @@ $ curl \
This endpoint deletes the secret at the specified location.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/cubbyhole/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/cubbyhole/:path` |
### Parameters

6
website/source/api/secret/databases/cassandra.html.md
View File

@ -19,9 +19,9 @@ In addition to the parameters defined by the [Database
Secrets Engine](/api/secret/databases/index.html#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters

4
website/source/api/secret/databases/hanadb.html.md
View File

@ -20,8 +20,8 @@ secrets engine](/api/secret/databases/index.html#configure-connection), this plu
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `connection_url` `(string: <required>)` - Specifies the HANA DSN. This field

66
website/source/api/secret/databases/index.html.md
View File

@ -28,9 +28,9 @@ list of additional parameters.
~> This endpoint distinguishes between `create` and `update` ACL capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `name` `(string: <required>)` Specifies the name for this database
@ -75,9 +75,9 @@ $ curl \
This endpoint returns the configuration settings for a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/database/config/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/database/config/:name` |
### Parameters
@ -115,9 +115,9 @@ $ curl \
This endpoint returns a list of available connections. Only the connection names
are returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/database/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/database/config` |
### Sample Request
@ -142,9 +142,9 @@ $ curl \
This endpoint deletes a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/database/config/:name` |
### Parameters
@ -165,9 +165,9 @@ $ curl \
This endpoint closes a connection and it's underlying plugin and restarts it
with the configuration stored in the barrier.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/reset/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/reset/:name` |
### Parameters
@ -189,9 +189,9 @@ This endpoint is used to rotate the root superuser credentials stored for
the database connection. This user must have permissions to update its own
password.
| Method | Path | Produces |
| :------- | :---------------------------- | :--------------------- |
| `POST` | `/database/rotate-root/:name` | `204 (empty body)` |
| Method | Path |
| :---------------------------- | :--------------------- |
| `POST` | `/database/rotate-root/:name` |
### Parameters
@ -213,9 +213,9 @@ This endpoint creates or updates a role definition.
~> This endpoint distinguishes between `create` and `update` ACL capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/roles/:name` |
### Parameters
@ -278,9 +278,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/database/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/database/roles/:name` |
### Parameters
@ -316,9 +316,9 @@ $ curl \
This endpoint returns a list of available roles. Only the role names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/database/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/database/roles` |
### Sample Request
@ -347,9 +347,9 @@ $ curl \
This endpoint deletes the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/database/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/database/roles/:name` |
### Parameters
@ -370,9 +370,9 @@ $ curl \
This endpoint generates a new set of dynamic credentials based on the named
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/database/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/database/creds/:name` |
### Parameters

6
website/source/api/secret/databases/influxdb.html.md
View File

@ -19,9 +19,9 @@ In addition to the parameters defined by the [Database
Secrets Engine](/api/secret/databases/index.html#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `host` `(string: <required>)` Specifies a Influxdb

6
website/source/api/secret/databases/mongodb.html.md
View File

@ -19,9 +19,9 @@ In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters

6
website/source/api/secret/databases/mssql.html.md
View File

@ -19,9 +19,9 @@ In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `connection_url` `(string: <required>)` - Specifies the MSSQL DSN. This field

6
website/source/api/secret/databases/mysql-maria.html.md
View File

@ -19,9 +19,9 @@ In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `connection_url` `(string: <required>)` - Specifies the MySQL DSN. This field

6
website/source/api/secret/databases/oracle.html.md
View File

@ -19,9 +19,9 @@ In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `connection_url` `(string: <required>)` - Specifies the Oracle DSN.

6
website/source/api/secret/databases/postgresql.html.md
View File

@ -19,9 +19,9 @@ In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `connection_url` `(string: <required>)` - Specifies the PostgreSQL DSN. This field

56
website/source/api/secret/gcp/index.html.md
View File

@ -19,9 +19,9 @@ update your API calls accordingly.
## Write Config
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `POST` | `/gcp/config` | `204 (empty body)` |
| Method | Path |
| :------------------------| :------------------------ |
| `POST` | `/gcp/config` |
This endpoint configures shared information for the secrets engine.
@ -60,9 +60,9 @@ $ curl \
## Read Config
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `GET` | `/gcp/config` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `GET` | `/gcp/config` |
Credentials will be omitted from returned data.
@ -88,9 +88,9 @@ $ curl \
## Create/Update Roleset
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `POST` | `/gcp/roleset/:name` | `204 (empty body)` |
| Method | Path |
| :------------------------| :------------------------ |
| `POST` | `/gcp/roleset/:name` |
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp/index.html#rolesets) for the GCP secrets backend
to learn more about what happens when you create or update a roleset.
@ -151,8 +151,8 @@ $ curl \
## Rotate Roleset Account
| Method | Path | Produces |
| :------- | :--------------------------------| :--------------------- |
| Method | Path |
| :--------------------------------| :--------------------- |
| `POST` | `/gcp/roleset/:name/rotate` | `204 (empty body)`` |
This will rotate the service account this roleset uses to generate secrets.
@ -171,8 +171,8 @@ $ curl \
## Rotate Roleset Account Key (`access_token` Roleset Only)
| Method | Path | Produces |
| :------- | :--------------------------------| :--------------------- |
| Method | Path |
| :--------------------------------| :--------------------- |
| `POST` | `/gcp/roleset/:name/rotate-key` | `204 (empty body)`` |
This will rotate the service account key this roleset uses to generate
@ -190,9 +190,9 @@ $ curl \
## Read Roleset
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `GET` | `/gcp/roleset/:name` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `GET` | `/gcp/roleset/:name` |
### Sample Request
@ -229,14 +229,14 @@ $ curl \
## List Rolesets
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `LIST` | `/gcp/rolesets` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `LIST` | `/gcp/rolesets` |
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `LIST` | `/gcp/roleset` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `LIST` | `/gcp/roleset` |
### Sample Request
@ -263,9 +263,9 @@ $ curl \
## Generate Secret (IAM Service Account Creds): OAuth2 Access Token
| Method | Path | Produces |
| :---------------- | :----------------------------- | :------------------------ |
| `GET` | `POST` | `/gcp/token/:roleset` | `200 application/json` |
| Method | Path |
| :----------------------------- | :------------------------ |
| `GET` | `POST` | `/gcp/token/:roleset` |
Generates an OAuth2 token with the scopes defined on the roleset. This OAuth access token can
be used in GCP API calls, e.g. `curl -H "Authorization: Bearer $TOKEN" ...`
@ -306,9 +306,9 @@ $ curl \
## Generate Secret (IAM Service Account Creds): Service Account Key
| Method | Path | Produces |
| :---------------- | :----------------------------- | :------------------------ |
| `GET` | `POST` | `/gcp/key/:roleset` | `200 application/json` |
| Method | Path |
| :----------------------------- | :------------------------ |
| `GET` | `POST` | `/gcp/key/:roleset` |
If using `GET` ('read'), the optional parameters will be set to their defaults. Use `POST` if you
want to specify different values for these params.

108
website/source/api/secret/gcpkms/index.html.md
View File

@ -23,9 +23,9 @@ location, please update your API calls accordingly.
This endpoint configures the Google Cloud KMS secrets engine with credentials
and manages the requested scope(s) for authentication.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `POST` | `gcpkms/config` | `204 (empty body)` |
| Method | Path |
| :------------------------| :------------------------ |
| `POST` | `gcpkms/config` |
### Example Policy
@ -68,9 +68,9 @@ $ curl \
This endpoint returns the configuration endpoint for the Google Cloud KMS
secrets engine. The credentials are not returned.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `GET` | `gcpkms/config` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `GET` | `gcpkms/config` |
### Example Policy
@ -106,9 +106,9 @@ $ curl \
This endpoint deletes any configuration for the Google Cloud KMS secrets engine.
If there is no configuration, the endpoint still returns successfully.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `DELETE` | `gcpkms/config` | `204 (empty body)` |
| Method | Path |
| :------------------------| :------------------------ |
| `DELETE` | `gcpkms/config` |
### Example Policy
@ -132,9 +132,9 @@ $ curl \
This endpoint uses the named encryption key to decrypt the ciphertext string. For symmetric key types, the provided ciphertext must come from a previous invocation of the `/encrypt` endpoint. For asymmetric key types, the provided ciphertext must be from the encrypt operation against the corresponding key version's public key.
| Method | Path | Produces |
| :------- | :--------------------------| :------------------------ |
| `POST` | `gcpkms/decrypt/:key` | `200 application/json` |
| Method | Path |
| :--------------------------| :------------------------ |
| `POST` | `gcpkms/decrypt/:key` |
### Example Policy
@ -197,9 +197,9 @@ $ curl \
This endpoint uses the named encryption key to encrypt arbitrary plaintext
string data. The response will be base64-encoded encrypted ciphertext.
| Method | Path | Produces |
| :------- | :--------------------------| :------------------------ |
| `POST` | `gcpkms/encrypt/:key` | `200 application/json` |
| Method | Path |
| :--------------------------| :------------------------ |
| `POST` | `gcpkms/encrypt/:key` |
### Example Policy
@ -265,9 +265,9 @@ cryptokey to the latest version for this ciphertext without disclosing the
original plaintext value to the requestor. This is similar to "rewrapping" in
Vault's transit secrets engine.
| Method | Path | Produces |
| :------- | :--------------------------| :------------------------ |
| `POST` | `gcpkms/reencrypt/:key` | `200 application/json` |
| Method | Path |
| :--------------------------| :------------------------ |
| `POST` | `gcpkms/reencrypt/:key` |
### Example Policy
@ -328,9 +328,9 @@ $ curl \
This endpoint uses the named encryption key to sign digest string data. The
response will include the base64-encoded signature.
| Method | Path | Produces |
| :------- | :--------------------------| :------------------------ |
| `POST` | `gcpkms/sign/:key` | `200 application/json` |
| Method | Path |
| :--------------------------| :------------------------ |
| `POST` | `gcpkms/sign/:key` |
### Example Policy
@ -392,9 +392,9 @@ $ curl \
This endpoint uses the named encryption key to verify a signature and digest
string data.
| Method | Path | Produces |
| :------- | :--------------------------| :------------------------ |
| `POST` | `gcpkms/verify/:key` | `200 application/json` |
| Method | Path |
| :--------------------------| :------------------------ |
| `POST` | `gcpkms/verify/:key` |
### Example Policy
@ -460,9 +460,9 @@ $ curl \
This endpoint lists the named keys available for use in Vault. It does not list
all Google Cloud KMS keys.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `LIST` | `gcpkms/keys` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `LIST` | `gcpkms/keys` |
### Example Policy
@ -499,9 +499,9 @@ registering the key in Vault, this endpoint will also create the corresponding
Google Cloud KMS key with the given configuration options.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `POST` | `gcpkms/keys/:key` | `204 (empty body)` |
| Method | Path |
| :------------------------| :------------------------ |
| `POST` | `gcpkms/keys/:key` |
### Example Policy
@ -563,9 +563,9 @@ This endpoint deletes a key from both Vault and Google Cloud KMS. This will
disable all crypto key versions for this crypto key in Google Cloud KMS and
delete Vault's reference to the crypto key.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `DELETE` | `gcpkms/keys/:key` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `DELETE` | `gcpkms/keys/:key` |
### Example Policy
@ -589,9 +589,9 @@ $ curl \
This endpoint reads data about a Google Cloud KMS crypto key, including the key
status and current primary key version.
| Method | Path | Produces |
| :------- | :------------------------| :------------------------ |
| `GET` | `gcpkms/keys/:key` | `200 application/json` |
| Method | Path |
| :------------------------| :------------------------ |
| `GET` | `gcpkms/keys/:key` |
### Example Policy
@ -632,9 +632,9 @@ $ curl \
This endpoint reads data about a Vault's configuration of the key.
| Method | Path | Produces |
| :------- | :-------------------------| :------------------------ |
| `GET` | `gcpkms/keys/config/:key` | `200 application/json` |
| Method | Path |
| :-------------------------| :------------------------ |
| `GET` | `gcpkms/keys/config/:key` |
### Example Policy
@ -670,9 +670,9 @@ $ curl \
This endpoint is used to update Vault's information about an existing key.
| Method | Path | Produces |
| :------- | :-------------------------| :------------------------ |
| `POST` | `gcpkms/keys/config/:key` | `204 (empty body)` |
| Method | Path |
| :-------------------------| :------------------------ |
| `POST` | `gcpkms/keys/config/:key` |
### Example Policy
@ -721,9 +721,9 @@ $ curl \
This endpoint deregisters an existing reference Vault has to a crypto key in
Google Cloud KMS. The underlying Google Cloud KMS key remains unchanged.
| Method | Path | Produces |
| :------- | :-----------------------------| :------------------------ |
| `POST` | `gcpkms/keys/deregister/:key` | `204 (empty body)` |
| Method | Path |
| :-----------------------------| :------------------------ |
| `POST` | `gcpkms/keys/deregister/:key` |
### Example Policy
@ -747,9 +747,9 @@ $ curl \
This endpoint registers an existing crypto key in Google Cloud KMS and makes it
available for encryption and decryption in Vault.
| Method | Path | Produces |
| :------- | :---------------------------| :------------------------ |
| `POST` | `gcpkms/keys/register/:key` | `204 (empty body)` |
| Method | Path |
| :---------------------------| :------------------------ |
| `POST` | `gcpkms/keys/register/:key` |
### Example Policy
@ -806,9 +806,9 @@ primary key for future encryptions.
so be sure to issue a read operation if you require new data to be encrypted
with this key.**
| Method | Path | Produces |
| :------- | :-------------------------| :------------------------ |
| `POST` | `gcpkms/keys/rotate/:key` | `200 application/json` |
| Method | Path |
| :-------------------------| :------------------------ |
| `POST` | `gcpkms/keys/rotate/:key` |
### Example Policy
@ -843,9 +843,9 @@ This endpoint deletes old crypto key versions that are older than the key's spec
**Data encrypted with older key versions will be irrecoverable!**
| Method | Path | Produces |
| :------- | :-------------------------| :------------------ |
| `POST` | `gcpkms/keys/trim/:key` | `204 (empty body)` |
| Method | Path |
| :-------------------------| :------------------ |
| `POST` | `gcpkms/keys/trim/:key` |
### Example Policy

32
website/source/api/secret/identity/entity-alias.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint creates a new alias for an entity.
| Method | Path | Produces |
| :------- | :------------------------- | :----------------------|
| `POST` | `/identity/entity-alias` | `200 application/json` |
| Method | Path |
| :------------------------- | :----------------------|
| `POST` | `/identity/entity-alias` |
### Parameters
@ -65,9 +65,9 @@ $ curl \
This endpoint queries the entity alias by its identifier.
| Method | Path | Produces |
| :------- | :------------------------------- | :--------------------- |
| `GET` | `/identity/entity-alias/id/:id` | `200 application/json` |
| Method | Path |
| :------------------------------- | :--------------------- |
| `GET` | `/identity/entity-alias/id/:id` |
### Parameters
@ -106,9 +106,9 @@ $ curl \
This endpoint is used to update an existing entity alias.
| Method | Path | Produces |
| :------- | :-------------------------------- | :--------------------- |
| `POST` | `/identity/entity-alias/id/:id` | `200 application/json` |
| Method | Path |
| :-------------------------------- | :--------------------- |
| `POST` | `/identity/entity-alias/id/:id` |
### Parameters
@ -159,9 +159,9 @@ $ curl \
This endpoint deletes an alias from its corresponding entity.
| Method | Path | Produces |
| :--------- | :------------------------------- | :----------------------|
| `DELETE` | `/identity/entity-alias/id/:id` | `204 (empty body)` |
| Method | Path |
| :------------------------------- | :----------------------|
| `DELETE` | `/identity/entity-alias/id/:id` |
### Parameters
@ -180,10 +180,10 @@ $ curl \
This endpoint returns a list of available entity aliases by their identifiers.
| Method | Path | Produces |
| :------- | :------------------------------------ | :--------------------- |
| `LIST` | `/identity/entity-alias/id` | `200 application/json` |
| `GET` | `/identity/entity-alias/id?list=true` | `200 application/json` |
| Method | Path |
| :------------------------------------ | :--------------------- |
| `LIST` | `/identity/entity-alias/id` |
| `GET` | `/identity/entity-alias/id?list=true` |
### Sample Request

64
website/source/api/secret/identity/entity.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint creates or updates an Entity.
| Method | Path | Produces |
| :------- | :------------------ | :----------------------|
| `POST` | `/identity/entity` | `200 application/json` |
| Method | Path |
| :------------------ | :----------------------|
| `POST` | `/identity/entity` |
### Parameters
@ -67,9 +67,9 @@ $ curl \
This endpoint queries the entity by its identifier.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/identity/entity/id/:id` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/identity/entity/id/:id` |
### Parameters
@ -111,9 +111,9 @@ $ curl \
This endpoint is used to update an existing entity.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/identity/entity/id/:id` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/identity/entity/id/:id` |
### Parameters
@ -166,9 +166,9 @@ $ curl \
This endpoint deletes an entity and all its associated aliases.
| Method | Path | Produces |
| :--------- | :-------------------------- | :----------------------|
| `DELETE` | `/identity/entity/id/:id` | `204 (empty body)` |
| Method | Path |
| :-------------------------- | :----------------------|
| `DELETE` | `/identity/entity/id/:id` |
### Parameters
@ -187,10 +187,10 @@ $ curl \
This endpoint returns a list of available entities by their identifiers.
| Method | Path | Produces |
| :------- | :------------------------------ | :--------------------- |
| `LIST` | `/identity/entity/id` | `200 application/json` |
| `GET` | `/identity/entity/id?list=true` | `200 application/json` |
| Method | Path |
| :------------------------------ | :--------------------- |
| `LIST` | `/identity/entity/id` |
| `GET` | `/identity/entity/id?list=true` |
### Sample Request
@ -223,9 +223,9 @@ $ curl \
This endpoint is used to create or update an entity by a given name.
| Method | Path | Produces |
| :------- | :------------------------------- | :--------------------- |
| `POST` | `/identity/entity/name/:name` | `200 application/json` |
| Method | Path |
| :------------------------------- | :--------------------- |
| `POST` | `/identity/entity/name/:name` |
### Parameters
@ -275,9 +275,9 @@ $ curl \
This endpoint queries the entity by its name.
| Method | Path | Produces |
| :------- | :------------------------------- | :--------------------- |
| `GET` | `/identity/entity/name/:name` | `200 application/json` |
| Method | Path |
| :------------------------------- | :--------------------- |
| `GET` | `/identity/entity/name/:name` |
### Parameters
@ -323,9 +323,9 @@ $ curl \
This endpoint deletes an entity and all its associated aliases, given the
entity name.
| Method | Path | Produces |
| :--------- | :------------------------------ | :----------------------|
| `DELETE` | `/identity/entity/name/:name` | `204 (empty body)` |
| Method | Path |
| :------------------------------ | :----------------------|
| `DELETE` | `/identity/entity/name/:name` |
### Parameters
@ -344,10 +344,10 @@ $ curl \
This endpoint returns a list of available entities by their names.
| Method | Path | Produces |
| :------- | :-------------------------------- | :--------------------- |
| `LIST` | `/identity/entity/name` | `200 application/json` |
| `GET` | `/identity/entity/name?list=true` | `200 application/json` |
| Method | Path |
| :-------------------------------- | :--------------------- |
| `LIST` | `/identity/entity/name` |
| `GET` | `/identity/entity/name?list=true` |
### Sample Request
@ -375,9 +375,9 @@ $ curl \
This endpoint merges many entities into one entity.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/identity/entity/merge` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/identity/entity/merge` |
### Parameters

32
website/source/api/secret/identity/group-alias.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint creates or updates a group alias.
| Method | Path | Produces |
| :------- | :----------------------- | :----------------------|
| `POST` | `/identity/group-alias` | `200 application/json` |
| Method | Path |
| :----------------------- | :----------------------|
| `POST` | `/identity/group-alias` |
### Parameters
@ -63,9 +63,9 @@ $ curl \
This endpoint is used to update an existing group alias.
| Method | Path | Produces |
| :------- | :-------------------------------- | :--------------------- |
| `POST` | `/identity/group-alias/id/:id` | `200 application/json` |
| Method | Path |
| :-------------------------------- | :--------------------- |
| `POST` | `/identity/group-alias/id/:id` |
### Parameters
@ -113,9 +113,9 @@ $ curl \
This endpoint queries the group alias by its identifier.
| Method | Path | Produces |
| :------- | :-------------------------------- | :--------------------- |
| `GET` | `/identity/group-alias/id/:id` | `200 application/json` |
| Method | Path |
| :-------------------------------- | :--------------------- |
| `GET` | `/identity/group-alias/id/:id` |
### Parameters
@ -152,9 +152,9 @@ $ curl \
This endpoint deletes a group alias.
| Method | Path | Produces |
| :--------- | :------------------------------- | :----------------------|
| `DELETE` | `/identity/group-alias/id/:id` | `204 (empty body)` |
| Method | Path |
| :------------------------------- | :----------------------|
| `DELETE` | `/identity/group-alias/id/:id` |
## Parameters
@ -173,10 +173,10 @@ $ curl \
This endpoint returns a list of available group aliases by their identifiers.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `LIST` | `/identity/group-alias/id` | `200 application/json` |
| `GET` | `/identity/group-alias/id?list=true` | `200 application/json` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `LIST` | `/identity/group-alias/id` |
| `GET` | `/identity/group-alias/id?list=true` |
### Sample Request

58
website/source/api/secret/identity/group.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint creates or updates a Group.
| Method | Path | Produces |
| :------- | :------------------ | :----------------------|
| `POST` | `/identity/group` | `200 application/json` |
| Method | Path |
| :------------------ | :----------------------|
| `POST` | `/identity/group` |
### Parameters
@ -72,9 +72,9 @@ $ curl \
This endpoint queries the group by its identifier.
| Method | Path | Produces |
| :------- | :-------------------------- | :--------------------- |
| `GET` | `/identity/group/id/:id` | `200 application/json` |
| Method | Path |
| :-------------------------- | :--------------------- |
| `GET` | `/identity/group/id/:id` |
### Parameters
@ -117,9 +117,9 @@ $ curl \
This endpoint is used to update an existing group.
| Method | Path | Produces |
| :------- | :-------------------------- | :--------------------- |
| `POST` | `/identity/group/id/:id` | `200 application/json` |
| Method | Path |
| :-------------------------- | :--------------------- |
| `POST` | `/identity/group/id/:id` |
### Parameters
@ -178,9 +178,9 @@ $ curl \
This endpoint deletes a group.
| Method | Path | Produces |
| :--------- | :------------------------- | :----------------------|
| `DELETE` | `/identity/group/id/:id` | `204 (empty body)` |
| Method | Path |
| :------------------------- | :----------------------|
| `DELETE` | `/identity/group/id/:id` |
## Parameters
@ -199,10 +199,10 @@ $ curl \
This endpoint returns a list of available groups by their identifiers.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| `LIST` | `/identity/group/id` | `200 application/json` |
| `GET` | `/identity/group/id?list=true` | `200 application/json` |
| Method | Path |
| :----------------------------- | :--------------------- |
| `LIST` | `/identity/group/id` |
| `GET` | `/identity/group/id?list=true` |
### Sample Request
@ -234,9 +234,9 @@ $ curl \
This endpoint is used to create or update a group by its name.
| Method | Path | Produces |
| :------- | :------------------------------ | :--------------------- |
| `POST` | `/identity/group/name/:name` | `200 application/json` |
| Method | Path |
| :------------------------------ | :--------------------- |
| `POST` | `/identity/group/name/:name` |
### Parameters
@ -297,9 +297,9 @@ $ curl \
This endpoint queries the group by its name.
| Method | Path | Produces |
| :------- | :------------------------------ | :--------------------- |
| `GET` | `/identity/group/name/:name` | `200 application/json` |
| Method | Path |
| :------------------------------ | :--------------------- |
| `GET` | `/identity/group/name/:name` |
### Parameters
@ -343,9 +343,9 @@ $ curl \
This endpoint deletes a group, given its name.
| Method | Path | Produces |
| :--------- | :----------------------------- | :----------------------|
| `DELETE` | `/identity/group/name/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :----------------------|
| `DELETE` | `/identity/group/name/:name` |
## Parameters
@ -364,10 +364,10 @@ $ curl \
This endpoint returns a list of available groups by their names.
| Method | Path | Produces |
| :------- | :------------------------------- | :--------------------- |
| `LIST` | `/identity/group/name` | `200 application/json` |
| `GET` | `/identity/group/name?list=true` | `200 application/json` |
| Method | Path |
| :------------------------------- | :--------------------- |
| `LIST` | `/identity/group/name` |
| `GET` | `/identity/group/name?list=true` |
### Sample Request

38
website/source/api/secret/identity/identity-groups.html.md
View File

@ -10,9 +10,9 @@ description: |-
This endpoint creates or updates a group.
| Method | Path | Produces |
| :------- | :------------------ | :----------------------|
| `POST` | `/identity/group` | `200 application/json` |
| Method | Path |
| :------------------ | :----------------------|
| `POST` | `/identity/group` |
### Parameters
@ -64,9 +64,9 @@ $ curl \
This endpoint updates the group by its ID.
| Method | Path | Produces |
| :------- | :------------------------- | :----------------------|
| `POST` | `/identity/group/id/:id` | `200 application/json` |
| Method | Path |
| :------------------------- | :----------------------|
| `POST` | `/identity/group/id/:id` |
### Parameters
@ -116,9 +116,9 @@ $ curl \
This endpoint reads the group by its ID.
| Method | Path | Produces |
| :------- | :------------------------- | :--------------------- |
| `GET` | `/identity/group/id/:id` | `200 application/json` |
| Method | Path |
| :------------------------- | :--------------------- |
| `GET` | `/identity/group/id/:id` |
### Parameters
@ -159,9 +159,9 @@ $ curl \
This endpoint deleted the group by its ID.
| Method | Path | Produces |
| :--------- | :------------------------- | :----------------------|
| `DELETE` | `/identity/group/id/:id` | `204 (empty body)` |
| Method | Path |
| :------------------------- | :----------------------|
| `DELETE` | `/identity/group/id/:id` |
### Parameters
@ -181,10 +181,10 @@ $ curl \
This endpoint lists all the groups by their ID.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| `LIST` | `/identity/group/id` | `200 application/json` |
| `GET` | `/identity/group/id?list=true` | `200 application/json` |
| Method | Path |
| :----------------------------- | :--------------------- |
| `LIST` | `/identity/group/id` |
| `GET` | `/identity/group/id?list=true` |
### Sample Request
@ -212,9 +212,9 @@ $ curl \
This endpoint queries the group by its ID.
| Method | Path | Produces |
| :------- | :------------------------- | :----------------------|
| `POST` | `/identity/lookup/group` | `200 application/json` |
| Method | Path |
| :------------------------- | :----------------------|
| `POST` | `/identity/lookup/group` |
### Parameters

12
website/source/api/secret/identity/lookup.html.md
View File

@ -14,9 +14,9 @@ This endpoint queries the entity based on the given criteria. The criteria can
be `name`, `id`, `alias_id`, or a combination of `alias_name` and
`alias_mount_accessor`.
| Method | Path | Produces |
| :------- | :------------------------- | :----------------------|
| `POST` | `/identity/lookup/entity` | `200 application/json` |
| Method | Path |
| :------------------------- | :----------------------|
| `POST` | `/identity/lookup/entity` |
### Parameters
@ -76,9 +76,9 @@ This endpoint queries the group based on the given criteria. The criteria can
be `name`, `id`, `alias_id`, or a combination of `alias_name` and
`alias_mount_accessor`.
| Method | Path | Produces |
| :------- | :------------------------- | :----------------------|
| `POST` | `/identity/lookup/group` | `200 application/json` |
| Method | Path |
| :------------------------- | :----------------------|
| `POST` | `/identity/lookup/group` |
### Parameters

26
website/source/api/secret/kv/kv-v1.html.md
View File

@ -21,9 +21,9 @@ location, please update your API calls accordingly.
This endpoint retrieves the secret at the specified location.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/secret/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/secret/:path` |
### Parameters
@ -67,9 +67,9 @@ value. Note that no policy-based filtering is performed on keys; do not encode
sensitive information in key names. The values themselves are not accessible via
this command.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/secret/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/secret/:path` |
### Parameters
@ -110,10 +110,10 @@ yet exist, the calling token must have an ACL policy granting the `create`
capability. If the value already exists, the calling token must have an ACL
policy granting the `update` capability.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/secret/:path` | `204 (empty body)` |
| `PUT` | `/secret/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/secret/:path` |
| `PUT` | `/secret/:path` |
### Parameters
@ -149,9 +149,9 @@ $ curl \
This endpoint deletes the secret at the specified location.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/secret/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/secret/:path` |
### Parameters

72
website/source/api/secret/kv/kv-v2.html.md
View File

@ -25,9 +25,9 @@ accordingly.
This path configures backend level settings that are applied to every key in the
key-value store.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/secret/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/secret/config` |
### Parameters
@ -63,9 +63,9 @@ $ curl \
This path retrieves the current configuration for the secrets backend at the
given path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/secret/config` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/secret/config` |
### Sample Request
@ -92,9 +92,9 @@ $ curl \
This endpoint retrieves the secret at the specified location.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/secret/data/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/secret/data/:path` |
### Parameters
@ -136,9 +136,9 @@ the value does not yet exist, the calling token must have an ACL policy granting
the `create` capability. If the value already exists, the calling token must
have an ACL policy granting the `update` capability.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/secret/data/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/secret/data/:path` |
### Parameters
@ -196,9 +196,9 @@ specified location. This marks the version as deleted and will stop it from
being returned from reads, but the underlying data will not be removed. A
delete can be undone using the `undelete` path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/secret/data/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/secret/data/:path` |
### Parameters
@ -221,9 +221,9 @@ marks the versions as deleted and will stop them from being returned from reads,
but the underlying data will not be removed. A delete can be undone using the
`undelete` path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/secret/delete/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/secret/delete/:path` |
### Parameters
@ -256,9 +256,9 @@ $ curl \
Undeletes the data for the provided version and path in the key-value store.
This restores the data, allowing it to be returned on get requests.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/secret/undelete/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/secret/undelete/:path` |
### Parameters
@ -290,9 +290,9 @@ $ curl \
Permanently removes the specified version data for the provided key and version
numbers from the key-value store.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/secret/destroy/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/secret/destroy/:path` |
### Parameters
@ -327,9 +327,9 @@ value. Note that no policy-based filtering is performed on keys; do not encode
sensitive information in key names. The values themselves are not accessible via
this command.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/secret/metadata/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/secret/metadata/:path` |
### Parameters
@ -364,9 +364,9 @@ entries.
This endpoint retrieves the metadata and versions for the secret at the
specified path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/secret/metadata/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/secret/metadata/:path` |
### Parameters
@ -420,9 +420,9 @@ the value does not yet exist, the calling token must have an ACL policy granting
the `create` capability. If the value already exists, the calling token must
have an ACL policy granting the `update` capability.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/secret/metadata/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/secret/metadata/:path` |
### Parameters
@ -459,9 +459,9 @@ $ curl \
This endpoint permanently deletes the key metadata and all version data for the
specified key. All version history will be removed.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/secret/metadata/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/secret/metadata/:path` |
### Parameters

54
website/source/api/secret/mongodb/index.html.md
View File

@ -28,9 +28,9 @@ location, please update your API calls accordingly.
This endpoint configures the standard connection string (URI) used to
communicate with MongoDB.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mongodb/config/connection` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mongodb/config/connection` |
### Parameters
@ -80,9 +80,9 @@ This endpoint queries the connection configuration. Access to this endpoint
should be controlled via ACLs as it will return the connection URI as it is,
including passwords, if any.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mongodb/config/connection` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mongodb/config/connection` |
### Sample Request
@ -113,9 +113,9 @@ $ curl \
This endpoint configures the default lease TTL settings for credentials
generated by the mongodb secrets engine.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mongodb/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mongodb/config/lease` |
### Parameters
@ -149,9 +149,9 @@ $ curl \
This endpoint queries the lease configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mongodb/config/lease` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mongodb/config/lease` |
### Sample Request
@ -182,9 +182,9 @@ $ curl \
This endpoint creates or updates a role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mongodb/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mongodb/roles/:name` |
### Parameters
@ -217,9 +217,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mongodb/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mongodb/roles/:name` |
### Parameters
@ -256,9 +256,9 @@ $ curl \
This endpoint returns a list of available roles. Only the role names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/mongodb/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/mongodb/roles` |
### Sample Request
@ -292,9 +292,9 @@ $ curl \
This endpoint deletes the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/mongodb/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/mongodb/roles/:name` |
### Parameters
@ -315,9 +315,9 @@ $ curl \
This endpoint generates a new set of dynamic credentials based on the named
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mongodb/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mongodb/creds/:name` |
### Parameters

42
website/source/api/secret/mssql/index.html.md
View File

@ -27,9 +27,9 @@ please update your API calls accordingly.
This endpoint configures the connection DSN used to communicate with Microsoft
SQL Server.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mssql/config/connection` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mssql/config/connection` |
### Parameters
@ -65,9 +65,9 @@ $ curl \
This endpoint configures the lease settings for generated credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mysql/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mysql/config/lease` |
### Parameters
@ -101,9 +101,9 @@ $ curl \
This endpoint creates or updates the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mssql/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mssql/roles/:name` |
### Parameters
@ -135,9 +135,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mssql/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mssql/roles/:name` |
### Parameters
@ -167,9 +167,9 @@ $ curl \
This endpoint returns a list of available roles. Only the role names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/mssql/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/mssql/roles` |
### Sample Request
@ -198,9 +198,9 @@ $ curl \
This endpoint deletes the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/mssql/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/mssql/roles/:name` |
### Parameters
@ -221,9 +221,9 @@ $ curl \
This endpoint generates a new set of dynamic credentials based on the named
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mssql/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mssql/creds/:name` |
### Parameters

42
website/source/api/secret/mysql/index.html.md
View File

@ -26,9 +26,9 @@ please update your API calls accordingly.
This endpoint configures the connection DSN used to communicate with MySQL.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mysql/config/connection` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mysql/config/connection` |
### Parameters
@ -68,9 +68,9 @@ $ curl \
This endpoint configures the lease settings for generated credentials. If not
configured, leases default to 1 hour. This is a root protected endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mysql/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mysql/config/lease` |
### Parameters
@ -104,9 +104,9 @@ $ curl \
This endpoint creates or updates the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/mysql/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/mysql/roles/:name` |
### Parameters
@ -156,9 +156,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mysql/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mysql/roles/:name` |
### Parameters
@ -188,9 +188,9 @@ $ curl \
This endpoint returns a list of available roles. Only the role names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/mysql/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/mysql/roles` |
### Sample Request
@ -219,9 +219,9 @@ $ curl \
This endpoint deletes the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/mysql/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/mysql/roles/:name` |
### Parameters
@ -242,9 +242,9 @@ $ curl \
This endpoint generates a new set of dynamic credentials based on the named
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/mysql/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/mysql/creds/:name` |
### Parameters

62
website/source/api/secret/nomad/index.html.md
View File

@ -23,9 +23,9 @@ This endpoint configures the access information for Nomad. This access
information is used so that Vault can communicate with Nomad and generate
Nomad tokens.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/nomad/config/access` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/nomad/config/access` |
### Parameters
@ -69,9 +69,9 @@ $ curl \
This endpoint queries for information about the Nomad connection.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/nomad/config/access` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/nomad/config/access` |
### Sample Request
@ -93,9 +93,9 @@ $ curl \
This endpoint configures the lease settings for generated tokens.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/nomad/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/nomad/config/lease` |
### Parameters
@ -130,9 +130,9 @@ $ curl \
This endpoint queries for information about the Lease TTL for the specified mount.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/nomad/config/lease` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/nomad/config/lease` |
### Sample Request
@ -155,9 +155,9 @@ $ curl \
This endpoint deletes the lease configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/nomad/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/nomad/config/lease` |
### Sample Request
@ -173,9 +173,9 @@ $ curl \
This endpoint creates or updates the Nomad role definition in Vault. If the role does not exist, it will be created. If the role already exists, it will receive
updated attributes.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/nomad/role/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/nomad/role/:name` |
### Parameters
@ -214,9 +214,9 @@ $ curl \
This endpoint queries for information about a Nomad role with the given name.
If no role exists with that name, a 404 is returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/nomad/role/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/nomad/role/:name` |
### Parameters
@ -249,10 +249,10 @@ $ curl \
This endpoint lists all existing roles in the backend.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/nomad/role` | `200 application/json` |
| `GET` | `/nomad/role?list=true` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/nomad/role` |
| `GET` | `/nomad/role?list=true` |
### Sample Request
@ -280,9 +280,9 @@ $ curl \
This endpoint deletes a Nomad role with the given name. Even if the role does
not exist, this endpoint will still return a successful response.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/nomad/role/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/nomad/role/:name` |
### Parameters
@ -303,9 +303,9 @@ $ curl \
This endpoint generates a dynamic Nomad token based on the given role
definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/nomad/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/nomad/creds/:name` |
### Parameters

150
website/source/api/secret/pki/index.html.md
View File

@ -55,8 +55,8 @@ endpoint, the CA certificate is returned in PEM format.
This is an unauthenticated endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/ca(/pem)` | `200 application/binary` |
### Sample Request
@ -80,8 +80,8 @@ structure and cannot be read by the Vault CLI; use `/pki/cert` for that.
This is an unauthenticated endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/ca_chain` | `200 application/binary` |
### Sample Request
@ -104,9 +104,9 @@ This endpoint retrieves one of a selection of certificates. This endpoint return
This is an unauthenticated endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/pki/cert/:serial` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/cert/:serial` |
### Parameters
@ -139,9 +139,9 @@ $ curl \
This endpoint returns a list of the current certificates by serial number only.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/pki/certs` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/pki/certs` |
### Sample Request
@ -185,9 +185,9 @@ if you have a signed intermediate CA certificate with a generated key (use the
`/pki/intermediate/set-signed` endpoint for that). _If you have already set a
certificate and key, they will be overridden._
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/config/ca` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/config/ca` |
### Parameters
@ -217,9 +217,9 @@ JSON-formatted, with newlines replaced with `\n`, like so:
This endpoint allows getting the duration for which the generated CRL should be
marked valid.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/pki/config/crl` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/config/crl` |
### Sample Request
@ -257,9 +257,9 @@ CRL for any request. If enabled, it will re-build the CRL.
CRL generation will then result in all such certificates becoming a part of
the CRL.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/config/crl` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/config/crl` |
### Parameters
@ -288,9 +288,9 @@ $ curl \
This endpoint fetches the URLs to be encoded in generated certificates.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/pki/config/urls` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/config/urls` |
### Sample Request
@ -324,9 +324,9 @@ You can update any of the values at any time without affecting the other
existing values. To remove the values, simply use a blank string as the
parameter.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/config/urls` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/config/urls` |
### Parameters
@ -369,8 +369,8 @@ If `/pem` is added to the endpoint, the CRL is returned in PEM format.
This is an unauthenticated endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/crl(/pem)` | `200 application/binary` |
### Sample Request
@ -393,9 +393,9 @@ to cut the size of the CRL if it contains a number of certificates
that have now expired, but has not been rotated due to no further
certificates being revoked.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/pki/crl/rotate` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/crl/rotate` |
### Sample Request
@ -425,9 +425,9 @@ here. _This will overwrite any previously existing CA private key._
This is mostly meant as a helper function, and not all possible parameters that
can be set in a CSR are supported.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/intermediate/generate/:type` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/intermediate/generate/:type` |
### Parameters
@ -544,9 +544,9 @@ private key generated via `/pki/intermediate/generate`. The certificate should
be submitted in PEM format; see the documentation for `/pki/config/ca` for some
hints on submitting.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/intermediate/set-signed` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/intermediate/set-signed` |
## Parameters
@ -582,9 +582,9 @@ as well, so that only the root CA need be in a client's trust store.
**The private key is _not_ stored. If you do not save the private key, you will
need to request a new certificate.**
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/issue/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/issue/:name` |
### Parameters
@ -678,9 +678,9 @@ This endpoint revokes a certificate using its serial number. This is an
alternative option to the standard method of revoking using Vault lease IDs. A
successful revocation will rotate the CRL.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/revoke` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/revoke` |
### Parameters
@ -725,9 +725,9 @@ multiple roles nearly any issuing policy can be accommodated. `server_flag`,
requests a certificate that is not allowed by the CN policy in the role, the
request is denied.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/roles/:name` |
### Parameters
@ -917,9 +917,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/pki/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/pki/roles/:name` |
### Parameters
@ -961,9 +961,9 @@ $ curl \
This endpoint returns a list of available roles. Only the role names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/pki/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/pki/roles` |
### Sample Request
@ -993,9 +993,9 @@ $ curl \
This endpoint deletes the role definition. Deleting a role **does not**
revoke certificates previously issued under this role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/pki/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/pki/roles/:name` |
### Parameters
@ -1026,9 +1026,9 @@ As of Vault 0.8.1, if a CA cert/key already exists, this function will not
overwrite it; it must be deleted first. Previous versions of Vault would
overwrite the existing cert/key with new values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/root/generate/:type` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/root/generate/:type` |
### Parameters
@ -1162,9 +1162,9 @@ This endpoint deletes the current CA key (the old CA certificate will still be
accessible for reading until a new certificate/key are generated or uploaded).
_This endpoint requires sudo/root privileges._
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/pki/root` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/pki/root` |
### Sample Request
@ -1184,9 +1184,9 @@ values set via `config/urls`. Values set in the CSR are ignored unless
`use_csr_values` is set to true, in which case the values from the CSR are used
verbatim.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/root/sign-intermediate` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/root/sign-intermediate` |
### Parameters
@ -1329,9 +1329,9 @@ endpoint, you most likely should be using a different endpoint (such as
This endpoint requires `sudo` capability.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/root/sign-self-issued` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/root/sign-self-issued` |
### Parameters
@ -1378,9 +1378,9 @@ supplied parameters, subject to the restrictions contained in the role named in
the endpoint. The issuing CA certificate is returned as well, so that only the
root CA need be in a client's trust store.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/sign/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/sign/:name` |
### Parameters
@ -1460,9 +1460,9 @@ refuse to issue an intermediate CA certificate (see the
**This is a potentially dangerous endpoint and only highly trusted users should
have access.**
| Method | Path | Produces |
| :------- | :----------------------------------- | :--------------------- |
| `POST` | `/pki/sign-verbatim(/:name)` | `200 application/json` |
| Method | Path |
| :----------------------------------- | :--------------------- |
| `POST` | `/pki/sign-verbatim(/:name)` |
### Parameters
@ -1537,9 +1537,9 @@ This endpoint allows tidying up the storage backend and/or CRL by removing
certificates that have expired and are past a certain buffer period beyond their
expiration time.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/pki/tidy` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/pki/tidy` |
### Parameters

42
website/source/api/secret/postgresql/index.html.md
View File

@ -28,9 +28,9 @@ any location, please update your API calls accordingly.
This endpoint configures the connection string used to communicate with
PostgreSQL.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/postgresql/config/connection` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/postgresql/config/connection` |
### Parameters
@ -71,9 +71,9 @@ $ curl \
This configures the lease settings for generated credentials. If not configured,
leases default to 1 hour. This is a root protected endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/postgresql/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/postgresql/config/lease` |
### Parameters
@ -107,9 +107,9 @@ $ curl \
This endpoint creates or updates a role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/postgresql/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/postgresql/roles/:name` |
### Parameters
@ -150,9 +150,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/postgresql/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/postgresql/roles/:name` |
### Parameters
@ -182,9 +182,9 @@ $ curl \
This endpoint returns a list of available roles. Only the role names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/postgresql/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/postgresql/roles` |
### Sample Request
@ -213,9 +213,9 @@ $ curl \
This endpoint deletes the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/postgresql/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/postgresql/roles/:name` |
### Parameters
@ -236,9 +236,9 @@ $ curl \
This endpoint generates a new set of dynamic credentials based on the named
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/postgresql/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/postgresql/creds/:name` |
### Parameters

36
website/source/api/secret/rabbitmq/index.html.md
View File

@ -22,9 +22,9 @@ location, please update your API calls accordingly.
This endpoint configures the connection string used to communicate with
RabbitMQ.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/rabbitmq/config/connection` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/rabbitmq/config/connection` |
### Parameters
@ -64,9 +64,9 @@ $ curl \
This endpoint configures the lease settings for generated credentials.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/rabbitmq/config/lease` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/rabbitmq/config/lease` |
### Parameters
@ -97,9 +97,9 @@ $ curl \
This endpoint creates or updates the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/rabbitmq/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/rabbitmq/roles/:name` |
### Parameters
@ -134,9 +134,9 @@ $ curl \
This endpoint queries the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/rabbitmq/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/rabbitmq/roles/:name` |
### Parameters
@ -166,9 +166,9 @@ $ curl \
This endpoint deletes the role definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/rabbitmq/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/rabbitmq/roles/:name` |
### Parameters
@ -189,9 +189,9 @@ $ curl \
This endpoint generates a new set of dynamic credentials based on the named
role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/rabbitmq/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/rabbitmq/creds/:name` |
### Parameters

98
website/source/api/secret/ssh/index.html.md
View File

@ -21,9 +21,9 @@ update your API calls accordingly.
This endpoint creates or updates a named key.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/ssh/keys/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/ssh/keys/:name` |
### Parameters
@ -55,9 +55,9 @@ $ curl \
This endpoint deletes a named key.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/keys/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/keys/:name` |
### Parameters
@ -78,9 +78,9 @@ $ curl \
This endpoint creates or updates a named role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/ssh/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/ssh/roles/:name` |
### Parameters
@ -233,9 +233,9 @@ $ curl \
This endpoint queries a named role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/ssh/roles/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/ssh/roles/:name` |
### Parameters
@ -299,9 +299,9 @@ For a CA role:
This endpoint returns a list of available roles. Only the role names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/ssh/roles` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/ssh/roles` |
### Sample Request
@ -338,9 +338,9 @@ $ curl \
This endpoint deletes a named role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/roles/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/roles/:name` |
### Parameters
@ -361,9 +361,9 @@ $ curl \
This endpoint returns the list of configured zero-address roles.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/ssh/config/zeroaddress` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/ssh/config/zeroaddress` |
### Sample Request
@ -394,9 +394,9 @@ $ curl \
This endpoint configures zero-address roles.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/ssh/config/zeroaddress` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/ssh/config/zeroaddress` |
### Parameters
@ -426,9 +426,9 @@ $ curl \
This endpoint deletes the zero-address roles configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/config/zeroaddress` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/config/zeroaddress` |
### Sample Request
@ -444,9 +444,9 @@ $ curl \
This endpoint creates credentials for a specific username and IP with the
parameters defined in the given role.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/ssh/creds/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/ssh/creds/:name` |
### Parameters
@ -525,9 +525,9 @@ For an OTP role:
This endpoint lists all of the roles with which the given IP is associated.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/ssh/lookup` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/ssh/lookup` |
### Parameters
@ -576,9 +576,9 @@ An array of roles as a secret structure.
This endpoint verifies if the given OTP is valid. This is an unauthenticated
endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/ssh/verify` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/ssh/verify` |
## Parameters
@ -625,8 +625,8 @@ This endpoint allows submitting the CA information for the secrets engine via an
key pair. _If you have already set a certificate and key, they will be
overridden._
| Method | Path | Produces |
| :------- | :--------------------------- | :------------------------- |
| Method | Path |
| :--------------------------- | :------------------------- |
| `POST` | `/ssh/config/ca` | `200/204 application/json` |
### Parameters
@ -681,9 +681,9 @@ This will return a `200` response if `generate_signing_key` was true:
This endpoint deletes the CA information for the backend via an SSH key pair.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/config/ca` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/ssh/config/ca` |
### Sample Request
@ -699,8 +699,8 @@ $ curl \
This endpoint returns the configured/generated public key. This is an unauthenticated
endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------- |
| Method | Path |
| :--------------------------- | :--------------- |
| `GET` | `/ssh/public_key` | `200 text/plain` |
### Sample Request
@ -719,9 +719,9 @@ $ curl http://127.0.0.1:8200/v1/ssh/public_key
This endpoint reads the configured/generated public key.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/ssh/config/ca` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/ssh/config/ca` |
### Sample Request
@ -750,9 +750,9 @@ $ curl \
This endpoint signs an SSH public key based on the supplied parameters, subject
to the restrictions contained in the role named in the endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/ssh/sign/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/ssh/sign/:name` |
### Parameters

34
website/source/api/secret/totp/index.html.md
View File

@ -21,8 +21,8 @@ please update your API calls accordingly.
This endpoint creates or updates a key definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------------------------------------------------------------------------------- |
| Method | Path |
| :--------------------------- | :--------------------------------------------------------------------------------------------- |
| `POST` | `/totp/keys/:name` | if generating a key and exported is true: `200 application/json` else: `204 (empty body)` |
### Parameters
@ -112,9 +112,9 @@ If a QR code is returned, it consists of base64-formatted PNG bytes. You can emb
This endpoint queries the key definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/totp/keys/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/totp/keys/:name` |
### Parameters
@ -147,9 +147,9 @@ $ curl \
This endpoint returns a list of available keys. Only the key names are
returned, not any values.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/totp/keys` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/totp/keys` |
### Sample Request
@ -178,9 +178,9 @@ $ curl \
This endpoint deletes the key definition.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/totp/keys/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/totp/keys/:name` |
### Parameters
@ -201,9 +201,9 @@ $ curl \
This endpoint generates a new time-based one-time use password based on the named
key.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/totp/code/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/totp/code/:name` |
### Parameters
@ -233,9 +233,9 @@ $ curl \
This endpoint validates a time-based one-time use password generated from the named
key.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/totp/code/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/totp/code/:name` |
### Parameters

114
website/source/api/secret/transit/index.html.md
View File

@ -22,9 +22,9 @@ location, please update your API calls accordingly.
This endpoint creates a new named encryption key of the specified type. The
values set here cannot be changed after key creation.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name` |
### Parameters
@ -89,9 +89,9 @@ themselves. Depending on the type of key, different information may be returned,
e.g. an asymmetric key will return its public key in a standard format for the
type.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/transit/keys/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/transit/keys/:name` |
### Parameters
@ -135,9 +135,9 @@ $ curl \
This endpoint returns a list of keys. Only the key names are returned (not the
actual keys themselves).
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/transit/keys` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/transit/keys` |
### Sample Request
@ -168,9 +168,9 @@ decrypt any data encrypted with the named key. Because this is a potentially
catastrophic operation, the `deletion_allowed` tunable must be set in the key's
`/config` endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/transit/keys/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/transit/keys/:name` |
### Parameters
@ -191,9 +191,9 @@ $ curl \
This endpoint allows tuning configuration values for a given key. (These values
are returned during a read operation on the named key.)
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name/config` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name/config` |
### Parameters
@ -245,9 +245,9 @@ ciphertext to be encrypted with the latest version of the key, use the `rewrap`
endpoint. This is only supported with keys that support encryption and
decryption operations.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name/rotate` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name/rotate` |
### Sample Request
@ -267,9 +267,9 @@ provided. Depending on the type of key, different information may be returned.
The key must be exportable to support this operation and the version must still
be valid.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/transit/export/:key_type/:name(/:version)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/transit/export/:key_type/:name(/:version)` |
### Parameters
@ -319,9 +319,9 @@ requires derivation depends on whether the context parameter is empty or not).
If the user only has `update` capability and the key does not exist, an error
will be returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/encrypt/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/encrypt/:name` |
### Parameters
@ -415,9 +415,9 @@ $ curl \
This endpoint decrypts the provided ciphertext using the named key.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/decrypt/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/decrypt/:name` |
### Parameters
@ -486,9 +486,9 @@ This endpoint rewraps the provided ciphertext using the latest version of the
named key. Because this never returns plaintext, it is possible to delegate this
functionality to untrusted users or scripts.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/rewrap/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/rewrap/:name` |
### Parameters
@ -564,9 +564,9 @@ control whether a user is allowed to retrieve the plaintext value of a key. This
is useful if you want an untrusted user or operation to generate keys that are
then made available to trusted users.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/datakey/:type/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/datakey/:type/:name` |
### Parameters
@ -624,9 +624,9 @@ $ curl \
This endpoint returns high-quality random bytes of the specified length.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/random(/:bytes)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/random(/:bytes)` |
### Parameters
@ -669,9 +669,9 @@ $ curl \
This endpoint returns the cryptographic hash of given data using the specified
algorithm.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/hash(/:algorithm)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/hash(/:algorithm)` |
### Parameters
@ -724,9 +724,9 @@ the raw key will be marshaled into bytes to be used for the HMAC function. If
the key is of a type that supports rotation, the latest (current) version will
be used.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/hmac/:name(/:algorithm)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/hmac/:name(/:algorithm)` |
### Parameters
@ -846,9 +846,9 @@ This endpoint returns the cryptographic signature of the given data using the
named key and the specified hash algorithm. The key must be of a type that
supports signing.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/sign/:name(/:hash_algorithm)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/sign/:name(/:hash_algorithm)` |
### Parameters
@ -995,9 +995,9 @@ $ curl \
This endpoint returns whether the provided signature is valid for the given
data.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/transit/verify/:name(/:hash_algorithm)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/transit/verify/:name(/:hash_algorithm)` |
### Parameters
@ -1150,9 +1150,9 @@ the configuration data and keys of all the versions along with the HMAC key.
The response from this endpoint can be used with the `/restore` endpoint to
restore the key.
| Method | Path | Produces |
| :------ | :---------------------- | :--------------------- |
| `GET` | `/transit/backup/:name` | `200 application/json` |
| Method | Path |
| :---------------------- | :--------------------- |
| `GET` | `/transit/backup/:name` |
### Parameters
@ -1187,9 +1187,9 @@ input to this endpoint should be the output of `/backup` endpoint.
before restoring. It is a good idea to attempt restoring to a different key
name first to verify that the operation successfully completes.
| Method | Path | Produces |
| :------- | :-------------------------- | :--------------------- |
| `POST` | `/transit/restore(/:name)` | `204 (empty body)` |
| Method | Path |
| :-------------------------- | :--------------------- |
| `POST` | `/transit/restore(/:name)` |
### Parameters
@ -1223,9 +1223,9 @@ $ curl \
This endpoint trims older key versions setting a minimum version for the
keyring. Once trimmed, previous versions of the key cannot be recovered.
| Method | Path | Produces |
| :------- | :------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name/trim` | `200 application/json` |
| Method | Path |
| :------------------------- | :--------------------- |
| `POST` | `/transit/keys/:name/trim` |
### Parameters

6
website/source/api/system/audit-hash.html.md
View File

@ -26,9 +26,9 @@ any binary data returned from an API call (such as a DER-format certificate) is
base64-encoded by the Vault server in the response. As a result such information
should also be base64-encoded to supply into the `input` parameter.
| Method | Path | Produces |
| :----- | :---------------------- | :----------------- |
| `POST` | `/sys/audit-hash/:path` | `204 (empty body)` |
| Method | Path |
| :---------------------- | :----------------- |
| `POST` | `/sys/audit-hash/:path` |
### Parameters

18
website/source/api/system/audit.html.md
View File

@ -21,9 +21,9 @@ available audit devices).
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/audit` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/audit` |
### Sample Request
@ -55,9 +55,9 @@ single word name or a more complex, nested path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/audit/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/audit/:path` |
### Parameters
@ -106,9 +106,9 @@ This endpoint disables the audit device at the given path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/audit/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/audit/:path` |
### Parameters

30
website/source/api/system/auth.html.md
View File

@ -17,9 +17,9 @@ token which can be used for all future requests.
This endpoint lists all enabled auth methods.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/auth` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/auth` |
### Sample Request
@ -60,9 +60,9 @@ For example, enable the "foo" auth method will make it accessible at
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/auth/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/auth/:path` |
### Parameters
@ -142,9 +142,9 @@ This endpoint disables the auth method at the given auth path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/auth/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/auth/:path` |
### Parameters
@ -169,9 +169,9 @@ without `sudo` via `sys/mounts/auth/[auth-path]/tune`._
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/auth/:path/tune` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/auth/:path/tune` |
### Parameters
@ -203,9 +203,9 @@ can be achieved without `sudo` via `sys/mounts/auth/[auth-path]/tune`._
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/auth/:path/tune` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/auth/:path/tune` |
### Parameters

6
website/source/api/system/capabilities-accessor.html.md
View File

@ -23,9 +23,9 @@ capabilities of the token associated with the given accessor for each path is
returned. For backwards compatibility, if a single path is supplied, a
`capabilities` field will also be returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/capabilities-accessor` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/capabilities-accessor` |
### Parameters

6
website/source/api/system/capabilities-self.html.md
View File

@ -24,9 +24,9 @@ paths are taken in at once and the capabilities of the token for each path is
returned. For backwards compatibility, if a single path is supplied, a
`capabilities` field will also be returned.
| Method | Path | Produces |
| :------- | :----------------------- | :--------------------- |
| `POST` | `/sys/capabilities-self` | `200 application/json` |
| Method | Path |
| :----------------------- | :--------------------- |
| `POST` | `/sys/capabilities-self` |
### Parameters

6
website/source/api/system/capabilities.html.md
View File

@ -22,9 +22,9 @@ paths. Multiple paths are taken in at once and the capabilities of the token
for each path is returned. For backwards compatibility, if a single path is
supplied, a `capabilities` field will also be returned.
| Method | Path | Produces |
| :------- | :------------------- | :--------------------- |
| `POST` | `/sys/capabilities` | `200 application/json` |
| Method | Path |
| :------------------- | :--------------------- |
| `POST` | `/sys/capabilities` |
### Parameters

24
website/source/api/system/config-auditing.html.md
View File

@ -18,9 +18,9 @@ This endpoint lists the request headers that are configured to be audited.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/config/auditing/request-headers` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/config/auditing/request-headers` |
### Sample Request
@ -49,9 +49,9 @@ This endpoint lists the information for the given request header.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/config/auditing/request-headers/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/config/auditing/request-headers/:name` |
### Parameters
@ -83,9 +83,9 @@ This endpoint enables auditing of a header.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/auditing/request-headers/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/auditing/request-headers/:name` |
### Parameters
@ -117,9 +117,9 @@ This endpoint disables auditing of the given request header.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/auditing/request-headers/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/auditing/request-headers/:name` |
### Sample Request

18
website/source/api/system/config-control-group.html.md
View File

@ -18,9 +18,9 @@ settings.
This endpoint returns the current Control Group configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/config/control-group` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/config/control-group` |
### Sample Request
@ -42,9 +42,9 @@ $ curl \
This endpoint allows configuring control groups.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/control-group` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/control-group` |
### Parameters
@ -72,9 +72,9 @@ $ curl \
This endpoint removes any control group configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/control-group` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/control-group` |
### Sample Request

18
website/source/api/system/config-cors.html.md
View File

@ -18,9 +18,9 @@ The `/sys/config/cors` endpoint is used to configure CORS settings.
This endpoint returns the current CORS configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/config/cors` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/config/cors` |
### Sample Request
@ -54,9 +54,9 @@ $ curl \
This endpoint allows configuring the origins that are permitted to make
cross-origin requests, as well as headers that are allowed on cross-origin requests.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/cors` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/cors` |
### Parameters
@ -87,9 +87,9 @@ $ curl \
This endpoint removes any CORS configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/cors` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/cors` |
### Sample Request

24
website/source/api/system/config-ui.html.md
View File

@ -18,9 +18,9 @@ The `/sys/config/ui` endpoint is used to configure UI settings.
This endpoint returns the given UI header configuration.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/config/ui/headers/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/config/ui/headers/:name` |
### Parameters
@ -46,9 +46,9 @@ $ curl \
This endpoint allows configuring the values to be returned for the UI header.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/ui/headers/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/config/ui/headers/:name` |
### Parameters
@ -78,9 +78,9 @@ $ curl \
This endpoint removes a UI header.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/ui/headers/:name`| `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/config/ui/headers/:name`|
### Sample Request
@ -95,9 +95,9 @@ $ curl \
This endpoint returns a list of configured UI headers.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/sys/config/ui/headers` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/sys/config/ui/headers` |
### Sample Request

8
website/source/api/system/control-group.html.md
View File

@ -13,8 +13,8 @@ description: |-
This endpoint authorizes a control group request.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| Method | Path |
| :----------------------------- | :--------------------- |
| `POST` | `/sys/control-group/authorize` | `200 (application/json)` |
### Parameters
@ -53,8 +53,8 @@ $ curl \
This endpoint checks the status of a control group request.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| Method | Path |
| :----------------------------- | :--------------------- |
| `POST` | `/sys/control-group/request` | `200 (application/json)` |
### Parameters

24
website/source/api/system/generate-root.html.md
View File

@ -17,9 +17,9 @@ The `/sys/generate-root` endpoint is used to create a new root key for Vault.
This endpoint reads the configuration and process of the current root generation
attempt.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/generate-root/attempt` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/generate-root/attempt` |
### Sample Request
@ -54,9 +54,9 @@ encode the final root token, it will never be returned.
This endpoint initializes a new root generation attempt. Only a single root
generation attempt can take place at a time.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/generate-root/attempt` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/generate-root/attempt` |
### Parameters
@ -92,9 +92,9 @@ $ curl \
This endpoint cancels any in-progress root generation attempt. This clears any
progress made. This must be called to change the OTP or PGP key being used.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/generate-root/attempt` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/generate-root/attempt` |
### Sample Request
@ -112,9 +112,9 @@ Vault will complete the root generation and issue the new token. Otherwise,
this API must be called multiple times until that threshold is met. The attempt
nonce must be provided with each call.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/generate-root/update` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/generate-root/update` |
### Parameters

4
website/source/api/system/health.html.md
View File

@ -17,8 +17,8 @@ This endpoint returns the health status of Vault. This matches the semantics of
a Consul HTTP health check and provides a simple way to monitor the health of a
Vault instance.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `HEAD` | `/sys/health` | `000 (empty body)` |
| `GET` | `/sys/health` | `000 application/json` |

12
website/source/api/system/init.html.md
View File

@ -15,9 +15,9 @@ The `/sys/init` endpoint is used to initialize a new Vault.
This endpoint returns the initialization status of Vault.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/init` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/init` |
### Sample Request
@ -40,9 +40,9 @@ This endpoint initializes a new Vault. The Vault must not have been previously
initialized. The recovery options, as well as the stored shares option, are only
available when using Vault HSM.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/init` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/init` |
### Parameters

6
website/source/api/system/internal-specs-openapi.html.md
View File

@ -28,9 +28,9 @@ structure, and other endpoints will be modified incrementally.
This endpoint returns a single OpenAPI document describing all paths visible to the requester.
| Method | Path | Produces |
| :----- | :------------------------ | :--------------------- |
| `GET` | `/sys/internal/specs/openapi` | `200 application/json` |
| Method | Path |
| :------------------------ | :--------------------- |
| `GET` | `/sys/internal/specs/openapi` |
### Sample Request

6
website/source/api/system/internal-ui-mounts.html.md
View File

@ -22,9 +22,9 @@ compatibility for this endpoint.
This endpoint lists all enabled auth methods.
| Method | Path | Produces |
| :----- | :------------------------ | :--------------------- |
| `GET` | `/sys/internal/ui/mounts` | `200 application/json` |
| Method | Path |
| :------------------------ | :--------------------- |
| `GET` | `/sys/internal/ui/mounts` |
### Sample Request

6
website/source/api/system/key-status.html.md
View File

@ -18,9 +18,9 @@ encryption key of Vault.
This endpoint returns information about the current encryption key used by
Vault.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/key-status` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/key-status` |
### Sample Request

6
website/source/api/system/leader.html.md
View File

@ -18,9 +18,9 @@ current leader of Vault.
This endpoint returns the high availability status and current leader instance
of Vault.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/leader` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/leader` |
### Sample Request

36
website/source/api/system/leases.html.md
View File

@ -15,9 +15,9 @@ The `/sys/leases` endpoints are used to view and manage leases in Vault.
This endpoint retrieve lease metadata.
| Method | Path | Produces |
| :------- | :---------------------------- | :--------------------- |
| `PUT` | `/sys/leases/lookup` | `200 application/json` |
| Method | Path |
| :---------------------------- | :--------------------- |
| `PUT` | `/sys/leases/lookup` |
### Parameters
@ -60,9 +60,9 @@ This endpoint returns a list of lease ids.
**This endpoint requires 'sudo' capability.**
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/sys/leases/lookup/:prefix` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/sys/leases/lookup/:prefix` |
### Sample Request
@ -92,9 +92,9 @@ $ curl \
This endpoint renews a lease, requesting to extend the lease.
| Method | Path | Produces |
| :------- | :---------------------------- | :--------------------- |
| `PUT` | `/sys/leases/renew` | `200 application/json` |
| Method | Path |
| :---------------------------- | :--------------------- |
| `PUT` | `/sys/leases/renew` |
### Parameters
@ -137,9 +137,9 @@ $ curl \
This endpoint revokes a lease immediately.
| Method | Path | Produces |
| :------- | :---------------------------- | :--------------------- |
| `PUT` | `/sys/leases/revoke` | `204 (empty body)` |
| Method | Path |
| :---------------------------- | :--------------------- |
| `PUT` | `/sys/leases/revoke` |
### Parameters
@ -177,9 +177,9 @@ this endpoint should be tightly controlled.
**This endpoint requires 'sudo' capability.**
| Method | Path | Produces |
| :------- | :---------------------------------- | :--------------------- |
| `PUT` | `/sys/leases/revoke-force/:prefix` | `204 (empty body)` |
| Method | Path |
| :---------------------------------- | :--------------------- |
| `PUT` | `/sys/leases/revoke-force/:prefix` |
### Parameters
@ -204,9 +204,9 @@ used to revoke very large numbers of secrets/tokens at once.
**This endpoint requires 'sudo' capability.**
| Method | Path | Produces |
| :------- | :---------------------------------- | :--------------------- |
| `PUT` | `/sys/leases/revoke-prefix/:prefix` | `204 (empty body)` |
| Method | Path |
| :---------------------------------- | :--------------------- |
| `PUT` | `/sys/leases/revoke-prefix/:prefix` |
### Parameters

12
website/source/api/system/license.html.md
View File

@ -19,9 +19,9 @@ Vault.
This endpoint returns information about the currently installed license.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/license` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/license` |
### Sample Request
@ -56,9 +56,9 @@ $ curl \
This endpoint is used to install a license into Vault.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/license` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/license` |
### Parameters

18
website/source/api/system/mfa/duo.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint defines a MFA method of type Duo.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/duo/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/duo/:name` |
### Parameters
@ -61,9 +61,9 @@ $ curl \
This endpoint queries the MFA configuration of Duo type for a given method
name.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/duo/:name` | `200 application/json` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/duo/:name` |
### Parameters
@ -100,9 +100,9 @@ $ curl \
This endpoint deletes a Duo MFA method.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/duo/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/duo/:name` |
### Parameters

18
website/source/api/system/mfa/okta.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint defines a MFA method of type Okta.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/okta/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/okta/:name` |
### Parameters
@ -60,9 +60,9 @@ $ curl \
This endpoint queries the MFA configuration of Okta type for a given method
name.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/okta/:name` | `200 application/json` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/okta/:name` |
### Parameters
@ -98,9 +98,9 @@ $ curl \
This endpoint deletes a Okta MFA method.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/okta/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/okta/:name` |
### Parameters

18
website/source/api/system/mfa/pingid.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint defines a MFA method of type PingID.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/pingid/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/pingid/:name` |
### Parameters
@ -53,9 +53,9 @@ $ curl \
This endpoint queries the MFA configuration of PingID type for a given method
name.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/pingid/:name` | `200 application/json` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/pingid/:name` |
### Parameters
@ -92,9 +92,9 @@ $ curl \
This endpoint deletes a PingID MFA method.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/pingid/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/pingid/:name` |
### Parameters

36
website/source/api/system/mfa/totp.html.md
View File

@ -11,9 +11,9 @@ description: |-
This endpoint defines a MFA method of type TOTP.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/totp/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/totp/:name` |
### Parameters
@ -57,9 +57,9 @@ $ curl \
This endpoint queries the MFA configuration of TOTP type for a given method
name.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/totp/:name` | `200 application/json` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `GET` | `/sys/mfa/method/totp/:name` |
### Parameters
@ -98,9 +98,9 @@ $ curl \
This endpoint deletes a TOTP MFA method.
| Method | Path | Produces |
| :------- | :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/totp/:name` | `204 (empty body)` |
| Method | Path |
| :----------------------------- | :----------------------- |
| `DELETE` | `/sys/mfa/method/totp/:name` |
### Parameters
@ -123,9 +123,9 @@ This endpoint generates an MFA secret in the entity of the calling token, if it
doesn't exist already, using the configuration stored under the given MFA
method name.
| Method | Path | Produces |
| :------- | :------------------------------------ | :----------------------- |
| `GET` | `/sys/mfa/method/totp/:name/generate` | `200 application/json` |
| Method | Path |
| :------------------------------------ | :----------------------- |
| `GET` | `/sys/mfa/method/totp/:name/generate` |
### Parameters
@ -157,9 +157,9 @@ This endpoint can be used to generate a TOTP MFA secret. Unlike the `generate`
API which stores the generated secret on the entity ID of the calling token,
the `admin-generate` API stores the generated secret on the given entity ID.
| Method | Path | Produces |
| :------- | :------------------------------------------- | :----------------------- |
| `POST` | `/sys/mfa/method/totp/:name/admin-generate` | `200 application/json` |
| Method | Path |
| :------------------------------------------- | :----------------------- |
| `POST` | `/sys/mfa/method/totp/:name/admin-generate` |
### Parameters
@ -206,9 +206,9 @@ explicitly delete the secret first. This API can be used to delete the secret
and the `generate` or `admin-generate` APIs should be used to regenerate a new
secret.
| Method | Path | Produces |
| :------- | :-------------------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/:name/admin-destroy` | `204 (empty body)` |
| Method | Path |
| :-------------------------------------- | :--------------------- |
| `POST` | `/sys/mfa/method/:name/admin-destroy` |
### Parameters

28
website/source/api/system/mounts.html.md
View File

@ -15,9 +15,9 @@ The `/sys/mounts` endpoint is used manage secrets engines in Vault.
This endpoints lists all the mounted secrets engines.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/mounts` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/mounts` |
### Sample Request
@ -61,9 +61,9 @@ are used by this backend.
This endpoint enables a new secrets engine at the given path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/mounts/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/mounts/:path` |
### Parameters
@ -148,8 +148,8 @@ $ curl \
This endpoint disables the mount point specified in the URL.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/mounts/:path` | `204 (empty body) ` |
### Sample Request
@ -167,9 +167,9 @@ This endpoint reads the given mount's configuration. Unlike the `mounts`
endpoint, this will return the current time in seconds for each TTL, which may
be the system default or a mount-specific value.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/mounts/:path/tune` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/mounts/:path/tune` |
### Sample Request
@ -193,9 +193,9 @@ $ curl \
This endpoint tunes configuration parameters for a given mount point.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/mounts/:path/tune` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/mounts/:path/tune` |
### Parameters

22
website/source/api/system/namespaces.html.md
View File

@ -15,9 +15,9 @@ The `/sys/namespaces` endpoint is used manage namespaces in Vault.
This endpoints lists all the namespaces.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/sys/namespaces` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/sys/namespaces` |
### Sample Request
@ -42,9 +42,9 @@ $ curl \
This endpoint creates a namespace at the givent path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/namespaces/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/namespaces/:path` |
### Parameters
@ -64,8 +64,8 @@ $ curl \
This endpoint deletes a namespace at the specified path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/namespaces/:path` | `204 (empty body) ` |
### Sample Request
@ -81,9 +81,9 @@ $ curl \
This endpoint get the metadata for the given namespace path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/namespaces/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/namespaces/:path` |
### Sample Request

34
website/source/api/system/plugins-catalog.html.md
View File

@ -17,9 +17,9 @@ once registered backends can use the plugin by querying the catalog.
This endpoint lists the plugins in the catalog by type.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/plugins/catalog` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/plugins/catalog` |
### Sample Request
@ -61,11 +61,11 @@ $ curl \
This endpoint lists the plugins in the catalog by type.
| Method | Path | Produces |
| :------- | :-------------------------------- | :--------------------- |
| `LIST` | `/sys/plugins/catalog/auth` | `200 application/json` |
| `LIST` | `/sys/plugins/catalog/database` | `200 application/json` |
| `LIST` | `/sys/plugins/catalog/secret` | `200 application/json` |
| Method | Path |
| :-------------------------------- | :--------------------- |
| `LIST` | `/sys/plugins/catalog/auth` |
| `LIST` | `/sys/plugins/catalog/database` |
| `LIST` | `/sys/plugins/catalog/secret` |
### Sample Request
@ -100,9 +100,9 @@ supplied name.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------------- | :--------------------- |
| `PUT` | `/sys/plugins/catalog/:type/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------------- | :--------------------- |
| `PUT` | `/sys/plugins/catalog/:type/:name` |
### Parameters
@ -154,9 +154,9 @@ This endpoint returns the configuration data for the plugin with the given name.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------------- | :--------------------- |
| `GET` | `/sys/plugins/catalog/:type/:name` | `200 application/json` |
| Method | Path |
| :--------------------------------- | :--------------------- |
| `GET` | `/sys/plugins/catalog/:type/:name` |
### Parameters
@ -195,9 +195,9 @@ This endpoint removes the plugin with the given name.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/plugins/catalog/:type/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/plugins/catalog/:type/:name` |
### Parameters

6
website/source/api/system/plugins-reload-backend.html.md
View File

@ -18,9 +18,9 @@ provided, all mounted paths that use that plugin backend will be reloaded.
This endpoint reloads mounted plugin backends.
| Method | Path - | Produces |
| :------- | :---------------------------- | :--------------------- |
| `PUT` | `/sys/plugins/reload/backend` | `204 (empty body)` |
| Method | Path - |
| :---------------------------- | :--------------------- |
| `PUT` | `/sys/plugins/reload/backend` |
### Parameters

72
website/source/api/system/policies.html.md
View File

@ -18,9 +18,9 @@ The `/sys/policies` endpoints are used to manage ACL, RGP, and EGP policies in V
This endpoint lists all configured ACL policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/sys/policies/acl` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/sys/policies/acl` |
### Sample Request
@ -42,9 +42,9 @@ $ curl \
This endpoint retrieves information about the named ACL policy.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/policies/acl/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/policies/acl/:name` |
### Parameters
@ -73,9 +73,9 @@ $ curl \
This endpoint adds a new or updates an existing ACL policy. Once a policy is
updated, it takes effect immediately to all associated users.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/policies/acl/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/policies/acl/:name` |
### Parameters
@ -109,9 +109,9 @@ This endpoint deletes the ACL policy with the given name. This will immediately
affect all users associated with this policy. (A deleted policy set on a token
acts as an empty policy.)
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policies/acl/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policies/acl/:name` |
### Parameters
@ -131,9 +131,9 @@ $ curl \
This endpoint lists all configured RGP policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/sys/policies/rgp` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/sys/policies/rgp` |
### Sample Request
@ -155,9 +155,9 @@ $ curl \
This endpoint retrieves information about the named RGP policy.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/policies/rgp/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/policies/rgp/:name` |
### Parameters
@ -187,9 +187,9 @@ $ curl \
This endpoint adds a new or updates an existing RGP policy. Once a policy is
updated, it takes effect immediately to all associated users.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/policies/rgp/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/policies/rgp/:name` |
### Parameters
@ -228,9 +228,9 @@ This endpoint deletes the RGP policy with the given name. This will immediately
affect all users associated with this policy. (A deleted policy set on a token
acts as an empty policy.)
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policies/rgp/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policies/rgp/:name` |
### Parameters
@ -256,9 +256,9 @@ path, this endpoint returns two identifiers:
* `name_path_map` contains an object mapping names to paths and glob status in
a more machine-friendly format
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/sys/policies/egp` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/sys/policies/egp` |
### Sample Request
@ -280,9 +280,9 @@ $ curl \
This endpoint retrieves information about the named EGP policy.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/policies/egp/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/policies/egp/:name` |
### Parameters
@ -313,9 +313,9 @@ $ curl \
This endpoint adds a new or updates an existing EGP policy. Once a policy is
updated, it takes effect immediately to all associated users.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/policies/egp/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/policies/egp/:name` |
### Parameters
@ -358,9 +358,9 @@ $ curl \
This endpoint deletes the EGP policy with the given name from all paths on which it was configured.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policies/egp/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policies/egp/:name` |
### Parameters

24
website/source/api/system/policy.html.md
View File

@ -15,9 +15,9 @@ The `/sys/policy` endpoint is used to manage ACL policies in Vault.
This endpoint lists all configured policies.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/policy` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/policy` |
### Sample Request
@ -39,9 +39,9 @@ $ curl \
This endpoint retrieve the policy body for the named policy.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/policy/:name` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/policy/:name` |
### Parameters
@ -70,9 +70,9 @@ $ curl \
This endpoint adds a new or updates an existing policy. Once a policy is
updated, it takes effect immediately to all associated users.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/policy/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/policy/:name` |
### Parameters
@ -104,9 +104,9 @@ $ curl \
This endpoint deletes the policy with the given name. This will immediately
affect all users associated with this policy.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policy/:name` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/policy/:name` |
### Parameters

26
website/source/api/system/raw.html.md
View File

@ -21,9 +21,9 @@ This endpoint reads the value of the key at the given path. This is the raw path
in the storage backend and not the logical path that is exposed via the mount
system.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/raw/:path` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/raw/:path` |
### Parameters
@ -52,9 +52,9 @@ This endpoint updates the value of the key at the given path. This is the raw
path in the storage backend and not the logical path that is exposed via the
mount system.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/raw/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/raw/:path` |
### Parameters
@ -87,10 +87,10 @@ This endpoint returns a list keys for a given path prefix.
**This endpoint requires 'sudo' capability.**
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/sys/raw/:prefix` | `200 application/json` |
| `GET` | `/sys/raw/:prefix?list=true` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/sys/raw/:prefix` |
| `GET` | `/sys/raw/:prefix?list=true` |
### Sample Request
@ -121,9 +121,9 @@ $ curl \
This endpoint deletes the key with given path. This is the raw path in the
storage backend and not the logical path that is exposed via the mount system.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/raw/:path` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/raw/:path` |
### Parameters

52
website/source/api/system/rekey-recovery-key.html.md
View File

@ -17,9 +17,9 @@ The `/sys/rekey-recovery-key` endpoints are used to rekey the recovery keys for
This endpoint reads the configuration and progress of the current rekey attempt.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `GET` | `/sys/rekey-recovery-key/init` | `200 application/json` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `GET` | `/sys/rekey-recovery-key/init` |
### Sample Request
@ -61,9 +61,9 @@ attempt can take place at a time, and changing the parameters of a rekey
requires canceling and starting a new rekey, which will also provide a new
nonce.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `PUT` | `/sys/rekey-recovery-key/init` | `204 (empty body)` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `PUT` | `/sys/rekey-recovery-key/init` |
### Parameters
@ -121,9 +121,9 @@ well as any progress made. This must be called to change the parameters of the
rekey. Note: verification is still a part of a rekey. If rekeying is canceled
during the verification flow, the current unseal keys remain valid.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey-recovery-key/init` | `204 (empty body)` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey-recovery-key/init` |
### Sample Request
@ -140,9 +140,9 @@ This endpoint returns the backup copy of PGP-encrypted recovery key shares. The
returned value is the nonce of the rekey operation and a map of PGP key
fingerprint to hex-encoded PGP-encrypted key.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `GET` | `/sys/rekey-recovery-key/backup` | `200 application/json` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `GET` | `/sys/rekey-recovery-key/backup` |
### Sample Request
@ -167,9 +167,9 @@ $ curl \
This endpoint deletes the backup copy of PGP-encrypted recovery key shares.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey-recovery-key/backup` | `204 (empty body)` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey-recovery-key/backup` |
### Sample Request
@ -196,9 +196,9 @@ If verification was requested, successfully completing this flow will
immediately put the operation into a verification state, and provide the nonce
for the verification operation.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `PUT` | `/sys/rekey-recovery-key/update` | `200 application/json` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `PUT` | `/sys/rekey-recovery-key/update` |
### Parameters
@ -249,9 +249,9 @@ whether or not the keys were backed up to physical storage.
This endpoint reads the configuration and progress of the current rekey
verification attempt.
| Method | Path | Produces |
| :------- | :------------------------------------------ | :--------------------- |
| `GET` | `/sys/rekey-recovery-key/verify` | `200 application/json` |
| Method | Path |
| :------------------------------------------ | :--------------------- |
| `GET` | `/sys/rekey-recovery-key/verify` |
### Sample Request
@ -285,8 +285,8 @@ any progress made and resets the nonce. Unlike a `DELETE` against
operation, not the entire rekey atttempt. The return value is the same as `GET`
along with the new nonce.
| Method | Path | Produces |
| :------- | :------------------------------------------ | :--------------------- |
| Method | Path |
| :------------------------------------------ | :--------------------- |
| `DELETE` | `/sys/rekey-recovery-key/verify` | `200 (empty body)` |
### Sample Request
@ -321,9 +321,9 @@ When the operation is complete, this will return a response like the example
below; otherwise the response will be the same as the `GET` method against
`sys/rekey-recovery-key/verify`, providing status on the operation itself.
| Method | Path | Produces |
| :------- | :---------------------------------------- | :--------------------- |
| `PUT` | `/sys/rekey-recovery-key/verify` | `200 application/json` |
| Method | Path |
| :---------------------------------------- | :--------------------- |
| `PUT` | `/sys/rekey-recovery-key/verify` |
### Parameters

52
website/source/api/system/rekey.html.md
View File

@ -20,9 +20,9 @@ Upon successful rekey, no split unseal key shares are returned.
This endpoint reads the configuration and progress of the current rekey attempt.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/rekey/init` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/rekey/init` |
### Sample Request
@ -63,9 +63,9 @@ This endpoint initializes a new rekey attempt. Only a single rekey attempt can
take place at a time, and changing the parameters of a rekey requires canceling
and starting a new rekey, which will also provide a new nonce.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/rekey/init` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/rekey/init` |
### Parameters
@ -123,9 +123,9 @@ well as any progress made. This must be called to change the parameters of the
rekey. Note: verification is still a part of a rekey. If rekeying is canceled
during the verification flow, the current unseal keys remain valid.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey/init` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey/init` |
### Sample Request
@ -142,9 +142,9 @@ This endpoint returns the backup copy of PGP-encrypted unseal keys. The returned
value is the nonce of the rekey operation and a map of PGP key fingerprint to
hex-encoded PGP-encrypted key.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/rekey/backup` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/rekey/backup` |
### Sample Request
@ -169,9 +169,9 @@ $ curl \
This endpoint deletes the backup copy of PGP-encrypted unseal keys.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey/backup` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey/backup` |
### Sample Request
@ -198,9 +198,9 @@ If verification was requested, successfully completing this flow will
immediately put the operation into a verification state, and provide the nonce
for the verification operation.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/rekey/update` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/rekey/update` |
### Parameters
@ -251,9 +251,9 @@ whether or not the keys were backed up to physical storage.
This endpoint reads the configuration and progress of the current rekey
verification attempt.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| `GET` | `/sys/rekey/verify` | `200 application/json` |
| Method | Path |
| :----------------------------- | :--------------------- |
| `GET` | `/sys/rekey/verify` |
### Sample Request
@ -287,8 +287,8 @@ any progress made and resets the nonce. Unlike a `DELETE` against
entire rekey atttempt. The return value is the same as `GET` along with the new
nonce.
| Method | Path | Produces |
| :------- | :----------------------------- | :--------------------- |
| Method | Path |
| :----------------------------- | :--------------------- |
| `DELETE` | `/sys/rekey/verify` | `200 (empty body)` |
### Sample Request
@ -323,9 +323,9 @@ When the operation is complete, this will return a response like the example
below; otherwise the response will be the same as the `GET` method against
`sys/rekey/verify`, providing status on the operation itself.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/rekey/verify` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/rekey/verify` |
### Parameters

6
website/source/api/system/remount.html.md
View File

@ -15,9 +15,9 @@ The `/sys/remount` endpoint is used remount a mounted backend to a new endpoint.
This endpoint moves an already-mounted backend to a new mount point.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/remount` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/remount` |
### Parameters

18
website/source/api/system/replication/index.html.md
View File

@ -16,9 +16,9 @@ description: |-
This endpoint attempts recovery if replication is in an adverse state. For
example: an error has caused replication to stop syncing.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/recover` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/recover` |
### Sample Request
@ -44,9 +44,9 @@ depending on the number and size of objects in the data store.
**This endpoint requires 'sudo' capability.**
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/reindex` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/reindex` |
```
$ curl \
@ -70,9 +70,9 @@ sync progress, etc).
This is an authenticated endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/status` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/status` |
### Sample Request

84
website/source/api/system/replication/replication-dr.html.md
View File

@ -18,9 +18,9 @@ sync progress, etc).
This is an authenticated endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/dr/status` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/dr/status` |
### Sample Request
@ -73,9 +73,9 @@ This endpoint enables DR replication in primary mode. This is used when DR repli
is currently disabled on the cluster (if the cluster is already a secondary, it
must be promoted).
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/enable` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/enable` |
### Parameters
@ -107,9 +107,9 @@ will not attempt to connect to a primary (see the update-primary call), but will
maintain knowledge of its cluster ID and can be reconnected to the same
DR replication set without wiping local storage.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/demote` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/demote` |
### Sample Request
@ -129,9 +129,9 @@ the underlying storage when connected to a primary, and in the primary case,
secondaries connecting back to the cluster (even if they have connected before)
will require a wipe of the underlying storage.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/disable` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/disable` |
### Sample Request
@ -150,9 +150,9 @@ identifier can later be used to revoke a DR secondary's access.
**This endpoint requires 'sudo' capability.**
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/secondary-token` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/secondary-token` |
### Parameters
@ -204,9 +204,9 @@ This endpoint revokes a DR secondary's ability to connect to the DR primary clus
the DR secondary will immediately be disconnected and will not be allowed to
connect again unless given a new activation token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/revoke-secondary` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/primary/revoke-secondary` |
### Parameters
@ -237,9 +237,9 @@ token.
!> This will immediately clear all data in the secondary cluster!
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/enable` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/enable` |
### Parameters
@ -299,9 +299,9 @@ docs](#generate-disaster-recovery-operation-token) for more information.
!> Only one performance primary should be active at a given time. Multiple primaries may
result in data loss!
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/promote` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/promote` |
### Parameters
@ -363,9 +363,9 @@ This endpoint requires a DR Operation Token to be provided as means of
authorization. See the [DR Operation Token API
docs](#generate-disaster-recovery-operation-token) for more information.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/update-primary` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/update-primary` |
### Parameters
@ -420,9 +420,9 @@ being generated when needed and deleted soon after.
This endpoint reads the configuration and process of the current generation
attempt.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/dr/secondary/generate-operation-token/attempt` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/dr/secondary/generate-operation-token/attempt` |
### Sample Request
@ -457,9 +457,9 @@ encode the final token, it will never be returned.
This endpoint initializes a new generation attempt. Only a single
generation attempt can take place at a time.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/replication/dr/secondary/generate-operation-token/attempt` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/replication/dr/secondary/generate-operation-token/attempt` |
### Parameters
@ -495,9 +495,9 @@ $ curl \
This endpoint cancels any in-progress generation attempt. This clears any
progress made. This must be called to change the OTP or PGP key being used.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/replication/dr/secondary/generate-operation-token/attempt` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/replication/dr/secondary/generate-operation-token/attempt` |
### Sample Request
@ -515,9 +515,9 @@ Vault will complete the generation and issue the new token. Otherwise,
this API must be called multiple times until that threshold is met. The attempt
nonce must be provided with each call.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/replication/dr/secondary/generate-operation-token/update` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/replication/dr/secondary/generate-operation-token/update` |
### Parameters
@ -566,9 +566,9 @@ This endpoint revokes the DR Operation Token. This token does not have a TTL
and therefore should be deleted when it is no longer needed.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/operation-token/delete` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/dr/secondary/operation-token/delete` |
### Parameters

76
website/source/api/system/replication/replication-performance.html.md
View File

@ -18,9 +18,9 @@ sync progress, etc).
This is an authenticated endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/performance/status` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/replication/performance/status` |
### Sample Request
@ -79,9 +79,9 @@ must be promoted).
!> Only one primary should be active at a given time. Multiple primaries may
result in data loss!
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/enable` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/enable` |
### Parameters
@ -114,9 +114,9 @@ This secondary cluster will not attempt to connect to a primary (see the update-
but will maintain knowledge of its cluster ID and can be reconnected to the same
replication set without wiping local storage.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/demote` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/demote` |
### Sample Request
@ -136,9 +136,9 @@ case this means a wipe of the underlying storage when connected to a primary,
and in the primary case, secondaries connecting back to the cluster (even if
they have connected before) will require a wipe of the underlying storage.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/disable` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/disable` |
### Sample Request
@ -158,9 +158,9 @@ identifier can later be used to revoke a secondary's access.
**This endpoint requires 'sudo' capability.**
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/secondary-token` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/secondary-token` |
### Parameters
@ -212,9 +212,9 @@ This endpoint revokes a performance secondary's ability to connect to the
performance primary cluster; the secondary will immediately be disconnected and
will not be allowed to connect again unless given a new activation token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/revoke-secondary` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/revoke-secondary` |
### Parameters
@ -245,9 +245,9 @@ Filtering can be specified in whitelist mode or blacklist mode. In whitelist
mode the secret and auth mounts that are specified are included to the
selected secondary. In blacklist mode, the mount paths are excluded.
| Method | Path | Produces |
| :------- | :------------------------------------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/mount-filter/:id` | `204 (empty body)` |
| Method | Path |
| :------------------------------------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/primary/mount-filter/:id` |
### Parameters
@ -282,8 +282,8 @@ $ curl \
This endpoint is used to read the mode and the mount paths that are filtered
for a secondary.
| Method | Path | Produces |
| :------- | :------------------------------------------------------- | :--------------------- |
| Method | Path |
| :------------------------------------------------------- | :--------------------- |
| `GET` | `/sys/replication/performance/primary/mount-filter/:id` | `200 (empty body)` |
### Parameters
@ -311,9 +311,9 @@ $ curl \
This endpoint is used to delete the mount filters for a secondary.
| Method | Path | Produces |
| :------- | :------------------------------------------------------- | :--------------------- |
| `DELETE` | `/sys/replication/performance/primary/mount-filter/:id` | `204 (empty body)` |
| Method | Path |
| :------------------------------------------------------- | :--------------------- |
| `DELETE` | `/sys/replication/performance/primary/mount-filter/:id` |
### Parameters
@ -335,9 +335,9 @@ token.
!> This will immediately clear all data in the secondary cluster!
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/enable` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/enable` |
### Parameters
@ -382,9 +382,9 @@ For data safety and security reasons, new secondary tokens will need to be
issued to other secondaries, and there should never be more than one performance
primary at a time.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/promote` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/promote` |
### Parameters
@ -423,9 +423,9 @@ to a primary, and in the primary case, secondaries connecting back to the
cluster (even if they have connected before) will require a wipe of the
underlying storage.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/disable` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/disable` |
### Sample Request
@ -442,9 +442,9 @@ $ curl \
This endpoint changes a performance secondary cluster's assigned primary cluster using a
secondary activation token. This does not wipe all data in the cluster.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/update-primary` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/replication/performance/secondary/update-primary` |
### Parameters

6
website/source/api/system/rotate.html.md
View File

@ -20,9 +20,9 @@ the new key, while old values are decrypted with previous encryption keys.
This path requires `sudo` capability in addition to `update`.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/rotate` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/rotate` |
### Sample Request

6
website/source/api/system/seal-status.html.md
View File

@ -16,9 +16,9 @@ The `/sys/seal-status` endpoint is used to check the seal status of a Vault.
This endpoint returns the seal status of the Vault. This is an unauthenticated
endpoint.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/seal-status` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/seal-status` |
### Sample Request

6
website/source/api/system/seal.html.md
View File

@ -17,9 +17,9 @@ This endpoint seals the Vault. In HA mode, only an active node can be sealed.
Standby nodes should be restarted to get the same effect. Requires a token with
`root` policy or `sudo` capability on the path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/seal` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/seal` |
### Sample Request

6
website/source/api/system/step-down.html.md
View File

@ -20,9 +20,9 @@ standby nodes grab the active lock in the interim, the same node may become the
active node again. Requires a token with `root` policy or `sudo` capability on
the path.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/step-down` | `204 (empty body)` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/step-down` |
### Sample Request

12
website/source/api/system/tools.html.md
View File

@ -15,9 +15,9 @@ The `/sys/tools` endpoints are a general set of tools.
This endpoint returns high-quality random bytes of the specified length.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/tools/random(/:bytes)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/tools/random(/:bytes)` |
### Parameters
@ -60,9 +60,9 @@ $ curl \
This endpoint returns the cryptographic hash of given data using the specified
algorithm.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/tools/hash(/:algorithm)` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/tools/hash(/:algorithm)` |
### Parameters

6
website/source/api/system/unseal.html.md
View File

@ -21,9 +21,9 @@ multiple times until that threshold is met.
Either the `key` or `reset` parameter must be provided; if both are provided,
`reset` takes precedence.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/unseal` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/unseal` |
### Parameters

6
website/source/api/system/wrapping-lookup.html.md
View File

@ -15,9 +15,9 @@ The `/sys/wrapping/lookup` endpoint returns wrapping token properties.
This endpoint looks up wrapping properties for the given token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/lookup` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/lookup` |
### Parameters

6
website/source/api/system/wrapping-rewrap.html.md
View File

@ -19,9 +19,9 @@ creation TTL as the original token and contain the same response. The old token
will be invalidated. This can be used for long-term storage of a secret in a
response-wrapped token when rotation is a requirement.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/rewrap` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/rewrap` |
### Parameters

6
website/source/api/system/wrapping-unwrap.html.md
View File

@ -26,9 +26,9 @@ wrapping token in the `token` parameter. Do _not_ use the wrapping token in both
locations; this will cause the wrapping token to be revoked but the value to be
unable to be looked up, as it will basically be a double-use of the token!
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/unwrap` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/unwrap` |
### Parameters

6
website/source/api/system/wrapping-wrap.html.md
View File

@ -18,9 +18,9 @@ token.
This endpoint wraps the given user-supplied data inside a response-wrapped
token.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/wrap` | `200 application/json` |
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/wrap` |
### Parameters