• Overview
    • Automated PKI Infrastructure
    • Data Encryption & Tokenization
    • Database Credential Rotation
    • Dynamic Secrets
    • Identity-based Access
    • Key Management
    • Kubernetes Secrets
    • Secrets Management
  • Enterprise
  • Tutorials
  • Docs
  • API
  • Community
GitHub
Download
Try HCP Vault
    • v1.11.x (latest)
    • v1.10.x
    • v1.9.x
    • v1.8.x
    • v1.7.x
    • v1.6.x
    • v1.5.x
    • v1.4.x
  • Overview
  • Client Libraries
  • Related Tools

    • Overview
    • Active Directory
    • AliCloud
    • AWS
    • Azure
    • Cassandra
    • Consul
    • Cubbyhole
      • Overview
      • Cassandra
      • Couchbase
      • Elasticsearch
      • Influxdb
      • HanaDB
      • MongoDB
      • MongoDB Atlas
      • MSSQL
      • MySQL/MariaDB
      • Oracle
      • PostgreSQL
      • Redshift
      • Snowflake
    • Google Cloud
    • Google Cloud KMS
      • Overview
      • Entity
      • Entity Alias
      • Group
      • Group Alias
      • Identity Tokens
      • Lookup
      • OIDC Provider
        • Overview
        • Duo
        • Okta
        • PingID
        • TOTP
        • Login Enforcement
      • Overview
      • Azure Key Vault
      • AWS KMS
      • GCP Cloud KMS
      • Overview
      • K/V Version 1
      • K/V Version 2
    • KMIP ENTERPRISE
    • Kubernetes
    • MongoDB Atlas
    • Nomad
    • OpenLDAP
    • PKI
    • RabbitMQ
    • SSH
    • Terraform Cloud
    • TOTP
    • Transform ENTERPRISE
    • Transit
    • Overview
    • AliCloud
    • AppRole
    • AWS
    • Azure
    • Cloud Foundry
    • GitHub
    • Google Cloud
    • JWT/OIDC
    • Kerberos
    • Kubernetes
    • LDAP
    • OCI
    • Okta
    • RADIUS
    • TLS Certificates
    • Tokens
    • Username & Password
    • App ID DEPRECATED
    • Overview
    • /sys/audit
    • /sys/audit-hash
    • /sys/auth
    • /sys/capabilities
    • /sys/capabilities-accessor
    • /sys/capabilities-self
    • /sys/config/auditing
    • /sys/config/control-group
    • /sys/config/cors
    • /sys/config/reload
    • /sys/config/state
    • /sys/config/ui
    • /sys/control-group
    • /sys/generate-recovery-token
    • /sys/generate-root
    • /sys/health
    • /sys/host-info
    • /sys/in-flight-req
    • /sys/init
    • /sys/internal/counters
    • /sys/internal/specs/openapi
    • /sys/internal/ui/feature-flags
    • /sys/internal/ui/mounts
    • /sys/internal/ui/namespaces
    • /sys/internal/ui/resultant-acl
    • /sys/key-status
    • /sys/ha-status
    • /sys/leader
    • /sys/leases
    • /sys/license/status
    • /sys/loggers
    • /sys/managed-keys ENT
    • /sys/metrics
      • Overview
      • /sys/mfa/method/duo
      • /sys/mfa/method/okta
      • /sys/mfa/method/pingid
      • /sys/mfa/method/totp
      • /sys/mfa/validate
    • /sys/monitor
    • /sys/mounts
    • /sys/namespaces
    • /sys/plugins/reload/backend
    • /sys/plugins/catalog
    • /sys/policy
    • /sys/policies
    • /sys/policies/password
    • /sys/pprof
    • /sys/quotas/config
    • /sys/quotas/rate-limit
    • /sys/quotas/lease-count
    • /sys/raw
    • /sys/rekey
    • /sys/rekey-recovery-key
    • /sys/remount
      • Overview
      • /sys/replication/performance
      • /sys/replication/dr
    • /sys/rotate
    • /sys/rotate/config
    • /sys/seal
    • /sys/seal-status
    • /sys/sealwrap/rewrap
    • /sys/step-down
      • Overview
      • /sys/storage/raft
      • /sys/storage/raft/autopilot
      • /sys/storage/raft/snapshot-auto
    • /sys/tools
    • /sys/unseal
    • /sys/version-history
    • /sys/wrapping/lookup
    • /sys/wrapping/rewrap
    • /sys/wrapping/unwrap
    • /sys/wrapping/wrap

The Vault website is being redesigned to help you find what you are looking for more effectively.Join the Beta

Type '/' to Search

»/sys/health

The /sys/health endpoint is used to check the health status of Vault.

»Read Health Information

This endpoint returns the health status of Vault. This matches the semantics of a Consul HTTP health check and provides a simple way to monitor the health of a Vault instance.

MethodPath
HEAD/sys/health
GET/sys/health

The default status codes are:

  • 200 if initialized, unsealed, and active
  • 429 if unsealed and standby
  • 472 if disaster recovery mode replication secondary and active
  • 473 if performance standby
  • 501 if not initialized
  • 503 if sealed

»Parameters

  • standbyok (bool: false) – Specifies if being a standby should still return the active status code instead of the standby status code. This is useful when Vault is behind a non-configurable load balancer that just wants a 200-level response. This will not apply if the node is a performance standby.

  • perfstandbyok (bool: false) – Specifies if being a performance standby should still return the active status code instead of the performance standby status code. This is useful when Vault is behind a non-configurable load balancer that just wants a 200-level response.

  • activecode (int: 200) – Specifies the status code that should be returned for an active node.

  • standbycode (int: 429) – Specifies the status code that should be returned for a standby node.

  • drsecondarycode (int: 472) – Specifies the status code that should be returned for a DR secondary node.

  • performancestandbycode (int: 473) – Specifies the status code that should be returned for a performance standby node.

  • sealedcode (int: 503) – Specifies the status code that should be returned for a sealed node.

  • uninitcode (int: 501) – Specifies the status code that should be returned for a uninitialized node.

»Sample Request

$ curl \
    http://127.0.0.1:8200/v1/sys/health
$ curl \
    http://127.0.0.1:8200/v1/sys/health

»Sample Response

This response is only returned for a GET request.

Note: replication_performance_mode and replication_dr_mode reflect the state of the active node in the cluster; if you are querying it for a standby that has just come up, it can take a small time for the active node to inform the standby of its status.

{
  "initialized": true,
  "sealed": false,
  "standby": false,
  "performance_standby": false,
  "replication_performance_mode": "disabled",
  "replication_dr_mode": "disabled",
  "server_time_utc": 1516639589,
  "version": "0.9.2",
  "cluster_name": "vault-cluster-3bd69ca2",
  "cluster_id": "00af5aa8-c87d-b5fc-e82e-97cd8dfaf731"
}
{
  "initialized": true,
  "sealed": false,
  "standby": false,
  "performance_standby": false,
  "replication_performance_mode": "disabled",
  "replication_dr_mode": "disabled",
  "server_time_utc": 1516639589,
  "version": "0.9.2",
  "cluster_name": "vault-cluster-3bd69ca2",
  "cluster_id": "00af5aa8-c87d-b5fc-e82e-97cd8dfaf731"
}

»Sample Request to customize the status code being returned

$ curl -i https://127.0.0.1:8200/v1/sys/health\?drsecondarycode\=200

HTTP/2 200
cache-control: no-store
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 364
date: Wed, 26 Jan 2022 09:21:13 GMT
$ curl -i https://127.0.0.1:8200/v1/sys/health\?drsecondarycode\=200

HTTP/2 200
cache-control: no-store
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 364
date: Wed, 26 Jan 2022 09:21:13 GMT

»Sample Response

This response is only returned for a GET request.

Note: replication_performance_mode and replication_dr_mode reflect the state of the active node in the cluster; if you are querying it for a standby that has just come up, it may take time for the active node to inform the standby of its status.

{
  "initialized": true,
  "sealed": false,
  "standby": false,
  "performance_standby": false,
  "replication_performance_mode": "disabled",
  "replication_dr_mode": "secondary",
  "server_time_utc": 1643188873,
  "version": "1.9.0+prem",
  "cluster_name": "SECONDARY",
  "cluster_id": "d2fbb13b-0830-70a3-4751-57b6b6d95d01",
  "last_wal":13,
  "license":{"state":"none","expiry_time":"","terminated":false}
}
{
  "initialized": true,
  "sealed": false,
  "standby": false,
  "performance_standby": false,
  "replication_performance_mode": "disabled",
  "replication_dr_mode": "secondary",
  "server_time_utc": 1643188873,
  "version": "1.9.0+prem",
  "cluster_name": "SECONDARY",
  "cluster_id": "d2fbb13b-0830-70a3-4751-57b6b6d95d01",
  "last_wal":13,
  "license":{"state":"none","expiry_time":"","terminated":false}
}
github logoEdit this page
DocsAPILearnCommunityPrivacySecurityPress KitConsent Manager