Vault has an HTTP API that can be used to control every aspect of Vault.

HTTP API

Overview

List of official and community contributed libraries for interacting with the Vault HTTP API.

HTTP API: Libraries

Client Libraries

Short list of third-party tools that work with or are related to Vault.

Related Tools

The `/sys/audit-hash` endpoint is used to hash data using an audit device's
hash function and salt.

/sys/audit-hash - HTTP API

<code>/sys/audit-hash</code>

The `/sys/audit` endpoint is used to enable and disable audit devices.

/sys/audit - HTTP API

<code>/sys/audit</code>

The `/sys/auth` endpoint is used to manage auth methods in Vault.

/sys/auth - HTTP API

<code>/sys/auth</code>

The `/sys/capabilities-accessor` endpoint is used to fetch the capabilities of
the token associated with an accessor, on the given paths.

/sys/capabilities-accessor - HTTP API

<code>/sys/capabilities-accessor</code>

The `/sys/capabilities-self` endpoint is used to fetch the capabilities of
client token on the given paths.

/sys/capabilities-self - HTTP API

<code>/sys/capabilities-self</code>

The `/sys/capabilities` endpoint is used to fetch the capabilities of a token
on the given paths.

/sys/capabilities - HTTP API

<code>/sys/capabilities</code>

The `/sys/config/auditing` endpoint is used to configure auditing settings.

/sys/config/auditing - HTTP API

<code>/sys/config/auditing</code>

The '/sys/config/control-group' endpoint configures control groups.

/sys/config/control-group - HTTP API

<code>/sys/config/control-group</code>

The '/sys/config/cors' endpoint configures how the Vault server responds to cross-origin requests.

/sys/config/cors - HTTP API

<code>/sys/config/cors</code>

The '/sys/config/state' endpoint is used to retrieve the configuration state.

/sys/config/state - HTTP API

<code>/sys/config/state</code>

The '/sys/config/ui' endpoint configures the UI.

/sys/config/ui - HTTP API

<code>/sys/config/ui</code>

The '/sys/control-group' endpoint handles the Control Group workflow.

/sys/control-group - HTTP API

<code>/sys/control-group</code>

The `/sys/generate-recovery-token/` endpoints are used to create a new 
recovery token for Vault.  They are only active in recovery mode.

/sys/generate-recovery-token - HTTP API

<code>/sys/generate-recovery-token</code>

The `/sys/generate-root/` endpoints are used to create a new root key for
Vault.

/sys/generate-root - HTTP API

<code>/sys/generate-root</code>

The `/sys/health` endpoint is used to check the health status of Vault.

/sys/health - HTTP API

<code>/sys/health</code>

The '/sys/host-info' endpoint is used to retrieve host information

/sys/host-info - HTTP API

<code>/sys/host-info</code>

The system backend is a default backend in Vault that is mounted at the `/sys`
endpoint. This endpoint cannot be disabled or moved, and is used to configure
Vault and interact with many of Vault's internal features.

System Backend - HTTP API

System Backend

The `/sys/init` endpoint is used to initialize a new Vault.

/sys/init - HTTP API

<code>/sys/init</code>

The `/sys/internal/counters` endpoints are used to return data about Vault usage.

/sys/internal/counters - HTTP API

<code>/sys/internal/counters</code>

The `/sys/internal/specs/openapi` endpoint is used to generate an OpenAPI document of the mounted backends.

/sys/internal/specs/openapi - HTTP API

<code>/sys/internal/specs/openapi</code>

The `/sys/internal/ui/mounts` endpoint is used to manage mount listing visibility.

/sys/internal/ui/mounts - HTTP API

<code>/sys/internal/ui/mounts</code>

The `/sys/key-status` endpoint is used to query info about the current
encryption key of Vault.

/sys/key-status - HTTP API

<code>/sys/key-status</code>

The `/sys/leader` endpoint is used to check the high availability status and
current leader of Vault.

/sys/leader - HTTP API

<code>/sys/leader</code>

The `/sys/quotas/lease-count` endpoint is used to create, edit and delete lease count quotas.

/sys/quotas/lease-count - HTTP API

<code>/sys/quotas/lease-count</code>

The `/sys/leases` endpoints are used to view and manage leases.

/sys/leases - HTTP API

<code>/sys/leases</code>

The `/sys/license` endpoint is used to view and update the license used in 
Vault.

/sys/license - HTTP API

<code>/sys/license</code>

The `/sys/metrics` endpoint is used to get telemetry metrics for Vault.

/sys/metrics - HTTP API

<code>/sys/metrics</code>

The `/sys/monitor` endpoint is used to receive streaming logs from the Vault server.

/sys/monitor - HTTP API

<code>/sys/monitor</code>

The `/sys/mounts` endpoint is used manage secrets engines in Vault.

/sys/mounts - HTTP API

<code>/sys/mounts</code>

The `/sys/namespaces` endpoint is used manage namespaces in Vault.

/sys/namespaces - HTTP API

<code>/sys/namespaces</code>

The `/sys/plugins/catalog` endpoint is used to manage plugins.

/sys/plugins/catalog - HTTP API

<code>/sys/plugins/catalog</code>

The `/sys/plugins/reload/backend` endpoint is used to reload plugin backends.

/sys/plugins/reload/backend - HTTP API

<code>/sys/plugins/reload/backend</code>

The `/sys/policies/password` endpoints are used to manage password generation policies in Vault.

/sys/policies/password - HTTP API

<code>/sys/policies/password</code>

The `/sys/policies/` endpoints are used to manage ACL, RGP, and EGP policies in Vault.

/sys/policies/ - HTTP API

<code>/sys/policies</code>

The `/sys/policy` endpoint is used to manage ACL policies in Vault.

/sys/policy - HTTP API

<code>/sys/policy</code>

The `/sys/pprof` endpoint is used to query profiling information.

/sys/pprof - HTTP API

<code>/sys/pprof</code>

The `/sys/quotas/config` endpoint is used to configure rate limit quotas.

/sys/quotas/config - HTTP API

<code>/sys/quotas/config</code>

The `/sys/quotas/rate-limit` endpoint is used to create, edit and delete rate limit quotas.

/sys/quotas/rate-limit - HTTP API

<code>/sys/quotas/rate-limit</code>

The `/sys/raw` endpoint is used to access the raw underlying store in Vault.

/sys/raw - HTTP API

<code>/sys/raw</code>

The `/sys/rekey-recovery-key` endpoints are used to rekey the recovery keys for Vault.

/sys/rekey-recovery-key - HTTP API

<code>/sys/rekey-recovery-key</code>

The `/sys/rekey` endpoints are used to rekey the unseal keys for Vault.

/sys/rekey - HTTP API

<code>/sys/rekey</code>

The '/sys/remount' endpoint is used remount a mounted backend to a new endpoint.

/sys/remount - HTTP API

<code>/sys/remount</code>

The `/sys/rotate` endpoint is used to rotate the encryption key.

/sys/rotate - HTTP API

<code>/sys/rotate</code>

The `/sys/seal-status` endpoint is used to check the seal status of a Vault.

/sys/seal-status - HTTP API

<code>/sys/seal-status</code>

The `/sys/seal` endpoint seals the Vault.

/sys/seal - HTTP API

<code>/sys/seal</code>

The `/sys/sealwrap/rewrap` endpoint is used to rewrap all seal wrapped entries.

/sys/sealwrap/rewrap - HTTP API

<code>/sys/sealwrap/rewrap</code>

The `/sys/step-down` endpoint causes the node to give up active status.

/sys/step-down - HTTP API

<code>/sys/step-down</code>

This is the API documentation for a general set of crypto  tools.

/sys/tools - HTTP API

<code>/sys/tools</code>

The `/sys/unseal` endpoint is used to unseal the Vault.

/sys/unseal - HTTP API

<code>/sys/unseal</code>

The `/sys/wrapping/lookup` endpoint returns wrapping token properties.

/sys/wrapping/lookup - HTTP API

<code>/sys/wrapping/lookup</code>

The `/sys/wrapping/rewrap` endpoint can be used to rotate a wrapping token and refresh its TTL.

/sys/wrapping/rewrap - HTTP API

<code>/sys/wrapping/rewrap</code>

The `/sys/wrapping/unwrap` endpoint unwraps a wrapped response.

/sys/wrapping/unwrap - HTTP API

<code>/sys/wrapping/unwrap</code>

The `/sys/wrapping/wrap` endpoint wraps the given values in a
response-wrapped token.

/sys/wrapping/wrap - HTTP API

<code>/sys/wrapping/wrap</code>


The '/sys/storage' endpoints are used to manage Vault's storage backends.

/sys/storage - HTTP API

<code>/sys/storage </code>


The `/sys/storage/raft` endpoints are used to manage Vault's Raft storage
backend.

/sys/storage/raft - HTTP API

<code>/sys/storage/raft</code>


The `/sys/storage/raft/snapshot-auto` endpoints are used to manage automated
snapshots with Vault's Raft storage backend.

This is an Enterprise-only feature.

/sys/storage/raft/snapshot-auto - HTTP API

<code>/sys/storage/raft/snapshot-auto</code>

The '/sys/replication' endpoint focuses on managing general operations in Vault Enterprise replication

/sys/replication - HTTP API

<code>/sys/replication</code>

The '/sys/replication/dr' endpoint focuses on managing general operations in Vault Enterprise Disaster Recovery replication

<code>/sys/replication/dr</code>

The '/sys/replication/performance' endpoint focuses on managing general operations in Vault Enterprise Performance Replication

<code>/sys/replication/performance</code>

The '/sys/mfa/method/duo' endpoint focuses on managing Duo MFA behaviors in Vault Enterprise.

/sys/mfa/method/duo - HTTP API

<code>/sys/mfa/method/duo</code>

The '/sys/mfa' endpoint focuses on managing MFA behaviors in Vault Enterprise MFA.

/sys/mfa - HTTP API

<code>/sys/mfa</code>

The '/sys/mfa/method/okta' endpoint focuses on managing Okta MFA behaviors in Vault Enterprise.

/sys/mfa/method/okta - HTTP API

<code>/sys/mfa/method/okta</code>

The '/sys/mfa/method/pingid' endpoint focuses on managing PingID MFA behaviors in Vault Enterprise.

/sys/mfa/method/pingid - HTTP API

<code>/sys/mfa/method/pingid</code>

The '/sys/mfa/method/totp' endpoint focuses on managing TOTP MFA behaviors in Vault Enterprise.

»`/sys/rotate`

»Rotate Encryption Key

»Sample Request

»/sys/rotate

»Rotate Encryption Key

»Sample Request

»`/sys/rotate`