--- layout: api page_title: /sys/license - HTTP API description: |- The `/sys/license` endpoint is used to view and update the license used in Vault. --- # `/sys/license` ~> **Enterprise Only** – These endpoints require Vault Enterprise. The `/sys/license` endpoint is used to view and update the license used in Vault. ## Read License ~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use [license autoloading](/docs/enterprise/license/autoloading) instead, and see [License Status](#license-status) below for the non-deprecated equivalent API. This endpoint returns information about the currently installed license. | Method | Path | | :----- | :------------- | | `GET` | `/sys/license` | ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/license ``` ### Sample Response ```json { "data": { "expiration_time": "2017-11-14T16:34:36.546753-05:00", "features": ["UI", "HSM", "Performance Replication", "DR Replication"], "license_id": "temporary", "start_time": "2017-11-14T16:04:36.546753-05:00" }, "warnings": ["time left on license is 29m33s"] } ``` ## Read Signed License ~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use [license autoloading](/docs/enterprise/license/autoloading) instead. This endpoint returns the signed license blob for the currently installed license. | Method | Path | | :----- | :------------- | | `GET` | `/sys/license/signed` | ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/license/signed ``` ### Sample Response ```json { "data": { "signed": "01ABCDEFG..." } } ``` ## Install License ~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use [license autoloading](/docs/enterprise/license/autoloading) instead. This endpoint is used to install a license into Vault. The license will be replicated to the Vault instances within the targeted cluster, but will not replicate the license to a [performance replication](/docs/enterprise/replication) cluster. To license a performance replication cluster, this must be run against a Vault instance within that cluster. | Method | Path | | :----- | :------------- | | `POST` | `/sys/license` | ### Parameters - `text` `(string: )` – The text of the license. _DR Secondary Specific Parameters_ - `dr_operation_token` `(string: )` - DR operation token used to authorize this request. Note that this is the legacy mechanism for providing a DR operation token. It is equally valid to provide the DR operation token in the `X-Vault-Token` header, as with a regular vault token. If you are using a batch `dr_operation_token`, note you will need to add the following to the token's policy ```# Manage license for DR Secondary path "sys/replication/dr/secondary/license" { capabilities = ["update"] }``` ### Sample Payload ```json { "text": "01ABCDEFG..." } ``` ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/sys/license ``` ## Delete License ~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault. Please use [license autoloading](/docs/enterprise/license/autoloading) instead. This endpoint is used to delete a license from Vault. Note that this API only works if license autoloading is in use. If license autoloading is in use, this API will remove the legacy license from Vault's storage. | Method | Path | | :----- | :------------- | | `DELETE` | `/sys/license` | ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/sys/license ``` ## License Status This endpoint returns information about licensing. It returns similar information to a GET of `sys/license`, but whereas that endpoint reports solely on the license Vault is currently using, this one reports on all licensing information the Vault cluster has. See [license autoloading](/docs/enterprise/license/autoloading) for background. In the response: * `autoloading_used` will be true if an autoloaded license was provided to the node, false otherwise. * `autoloaded` is the autoloaded license if autoloading_used is true. * `persisted_autoload` is the autoloaded license the active node last wrote to storage; this is only used to detect inconsistently licensed nodes in the cluster. It cannot be used as a license itself. * `stored` is the stored license if any, i.e. one written using `POST sys/license`. `autoloaded`, `persisted_autoload`, and `stored` all have the same structure, which is also the same structure as the top-level `data` returned by `GET sys/license`. | Method | Path | | :----- | :------------- | | `GET` | `/sys/license/status` | ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/license/status ``` ### Sample Response ```json { "data": { "autoloading_used": true, "autoloaded": { "expiration_time": "2022-05-17T23:59:59.999Z", "features": [ "HSM", "Performance Replication", "DR Replication", "MFA", "Sentinel", "Seal Wrapping", "Control Groups", "Performance Standby", "Namespaces", "KMIP", "Entropy Augmentation", "Transform Secrets Engine", "Lease Count Quotas", "Key Management Secrets Engine", "Automated Snapshots" ], "license_id": "060d7820-fa59-f95c-832b-395db0aeb9ba", "performance_standby_count": 9999, "start_time": "2021-05-17T00:00:00Z" }, "persisted_autoload": { "expiration_time": "2022-05-17T23:59:59.999Z", "features": [ "HSM", "Performance Replication", "DR Replication", "MFA", "Sentinel", "Seal Wrapping", "Control Groups", "Performance Standby", "Namespaces", "KMIP", "Entropy Augmentation", "Transform Secrets Engine", "Lease Count Quotas", "Key Management Secrets Engine", "Automated Snapshots" ], "license_id": "060d7820-fa59-f95c-832b-395db0aeb9ba", "performance_standby_count": 9999, "start_time": "2021-05-17T00:00:00Z" } }, } ```