/sys/license
Enterprise Only – These endpoints require Vault Enterprise.
The /sys/license
endpoint is used to view and update the license used in
Vault.
Read License
This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use license autoloading instead, and see License Status below for the non-deprecated equivalent API.
This endpoint returns information about the currently installed license.
Method | Path |
---|---|
GET | /sys/license |
Sample Request
$ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/license
Sample Response
{ "data": { "expiration_time": "2017-11-14T16:34:36.546753-05:00", "features": ["UI", "HSM", "Performance Replication", "DR Replication"], "license_id": "temporary", "start_time": "2017-11-14T16:04:36.546753-05:00" }, "warnings": ["time left on license is 29m33s"]}
Read Signed License
This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use license autoloading instead.
This endpoint returns the signed license blob for the currently installed license.
Method | Path |
---|---|
GET | /sys/license/signed |
Sample Request
$ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/license/signed
Sample Response
{ "data": { "signed": "01ABCDEFG..." }}
Install License
This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use license autoloading instead.
This endpoint is used to install a license into Vault. The license will be replicated to the Vault instances within the targeted cluster, but will not replicate the license to a performance replication cluster. To license a performance replication cluster, this must be run against a Vault instance within that cluster.
Method | Path |
---|---|
POST | /sys/license |
Parameters
text
(string: <required>)
– The text of the license.
DR Secondary Specific Parameters
dr_operation_token
(string: <required>)
- DR operation token used to authorize this request. Note that this is the legacy mechanism for providing a DR operation token. It is equally valid to provide the DR operation token in theX-Vault-Token
header, as with a regular vault token.
If you are using a batch dr_operation_token
, note you will need to add the following to the token's policy
path "sys/replication/dr/secondary/license" {capabilities = ["update"]}```### Sample Payload```json{ "text": "01ABCDEFG..."}
Sample Request
$ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/sys/license
Delete License
This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use license autoloading instead.
This endpoint is used to delete a license from Vault. Note that this API only works if license autoloading is in use. If license autoloading is in use, this API will remove the legacy license from Vault's storage.
Method | Path |
---|---|
DELETE | /sys/license |
Sample Request
$ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/sys/license
License Status
This endpoint returns information about licensing. It returns similar information
to a GET of sys/license
, but whereas that endpoint reports solely on the
license Vault is currently using, this one reports on all licensing
information the Vault cluster has. See
license autoloading for background.
In the response:
autoloading_used
will be true if an autoloaded license was provided to the node, false otherwise.autoloaded
is the autoloaded license if autoloading_used is true.persisted_autoload
is the autoloaded license the active node last wrote to storage; this is only used to detect inconsistently licensed nodes in the cluster. It cannot be used as a license itself.stored
is the stored license if any, i.e. one written usingPOST sys/license
.
autoloaded
, persisted_autoload
, and stored
all have the same structure,
which is also the same structure as the top-level data
returned by GET sys/license
.
Method | Path |
---|---|
GET | /sys/license/status |
Sample Request
$ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/license/status
Sample Response
{ "data": { "autoloading_used": true, "autoloaded": { "expiration_time": "2022-05-17T23:59:59.999Z", "features": [ "HSM", "Performance Replication", "DR Replication", "MFA", "Sentinel", "Seal Wrapping", "Control Groups", "Performance Standby", "Namespaces", "KMIP", "Entropy Augmentation", "Transform Secrets Engine", "Lease Count Quotas", "Key Management Secrets Engine", "Automated Snapshots" ], "license_id": "060d7820-fa59-f95c-832b-395db0aeb9ba", "performance_standby_count": 9999, "start_time": "2021-05-17T00:00:00Z" }, "persisted_autoload": { "expiration_time": "2022-05-17T23:59:59.999Z", "features": [ "HSM", "Performance Replication", "DR Replication", "MFA", "Sentinel", "Seal Wrapping", "Control Groups", "Performance Standby", "Namespaces", "KMIP", "Entropy Augmentation", "Transform Secrets Engine", "Lease Count Quotas", "Key Management Secrets Engine", "Automated Snapshots" ], "license_id": "060d7820-fa59-f95c-832b-395db0aeb9ba", "performance_standby_count": 9999, "start_time": "2021-05-17T00:00:00Z" } },}