luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/api-docs/system/license.mdx
Alexander Scheel b23c38649d
Sync license deletion docs from Enterprise (#14627) 
This syncs the deletion text from one of Josh's PRs into OSS to be
visible on the website. Suggested by Nick.

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-03-21 16:04:27 -04:00

238 lines
6.4 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/license - HTTP API
description: |-
The `/sys/license` endpoint is used to view and update the license used in
Vault.
---
# `/sys/license`
~> **Enterprise Only** These endpoints require Vault Enterprise.
The `/sys/license` endpoint is used to view and update the license used in
Vault.
## Read License
~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault.
Please use [license autoloading](/docs/enterprise/license/autoloading) instead,
and see [License Status](#license-status) below for the non-deprecated equivalent API.
This endpoint returns information about the currently installed license.
| Method | Path |
| :----- | :------------- |
| `GET` | `/sys/license` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/license
```
### Sample Response
```json
{
"data": {
"expiration_time": "2017-11-14T16:34:36.546753-05:00",
"features": ["UI", "HSM", "Performance Replication", "DR Replication"],
"license_id": "temporary",
"start_time": "2017-11-14T16:04:36.546753-05:00"
},
"warnings": ["time left on license is 29m33s"]
}
```
## Read Signed License
~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault.
Please use [license autoloading](/docs/enterprise/license/autoloading) instead.
This endpoint returns the signed license blob for the currently installed license.
| Method | Path |
| :----- | :------------- |
| `GET` | `/sys/license/signed` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/license/signed
```
### Sample Response
```json
{
"data": {
"signed": "01ABCDEFG..."
}
}
```
## Install License
~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault.
Please use [license autoloading](/docs/enterprise/license/autoloading) instead.
This endpoint is used to install a license into Vault. The license will be
replicated to the Vault instances within the targeted cluster, but will not
replicate the license to a [performance replication](/docs/enterprise/replication) cluster. To license a
performance replication cluster, this must be run against a Vault instance within that cluster.
| Method | Path |
| :----- | :------------- |
| `POST` | `/sys/license` |
### Parameters
- `text` `(string: <required>)` The text of the license.
_DR Secondary Specific Parameters_
- `dr_operation_token` `(string: <required>)` - DR operation token used to authorize this request.
Note that this is the legacy mechanism for providing a DR operation token. It is
equally valid to provide the DR operation token in the `X-Vault-Token` header, as
with a regular vault token.
If you are using a batch `dr_operation_token`, note you will need to add the following to the token's policy
```# Manage license for DR Secondary
path "sys/replication/dr/secondary/license" {
capabilities = ["update"]
}```
### Sample Payload
```json
{
"text": "01ABCDEFG..."
}
```
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/license
```
## Delete License
~> This API is deprecated as of Vault 1.8 and will be removed in a future version of Vault.
Please use [license autoloading](/docs/enterprise/license/autoloading) instead.
This endpoint is used to delete a license from Vault. Note that this API only works if license autoloading is in use.
If license autoloading is in use, this API will remove the legacy license from Vault's storage.
| Method | Path |
| :----- | :------------- |
| `DELETE` | `/sys/license` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/sys/license
```
## License Status
This endpoint returns information about licensing. It returns similar information
to a GET of `sys/license`, but whereas that endpoint reports solely on the
license Vault is currently using, this one reports on all licensing
information the Vault cluster has. See
[license autoloading](/docs/enterprise/license/autoloading) for background.
In the response:
* `autoloading_used` will be true if an autoloaded license was provided to the
node, false otherwise.
* `autoloaded` is the autoloaded license if autoloading_used is true.
* `persisted_autoload` is the autoloaded license the active node last wrote to
storage; this is only used to detect inconsistently licensed nodes in the
cluster. It cannot be used as a license itself.
* `stored` is the stored license if any, i.e. one written using `POST sys/license`.
`autoloaded`, `persisted_autoload`, and `stored` all have the same structure,
which is also the same structure as the top-level `data` returned by `GET sys/license`.
| Method | Path |
| :----- | :------------- |
| `GET` | `/sys/license/status` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/license/status
```
### Sample Response
```json
{
"data": {
"autoloading_used": true,
"autoloaded": {
"expiration_time": "2022-05-17T23:59:59.999Z",
"features": [
"HSM",
"Performance Replication",
"DR Replication",
"MFA",
"Sentinel",
"Seal Wrapping",
"Control Groups",
"Performance Standby",
"Namespaces",
"KMIP",
"Entropy Augmentation",
"Transform Secrets Engine",
"Lease Count Quotas",
"Key Management Secrets Engine",
"Automated Snapshots"
],
"license_id": "060d7820-fa59-f95c-832b-395db0aeb9ba",
"performance_standby_count": 9999,
"start_time": "2021-05-17T00:00:00Z"
},
"persisted_autoload": {
"expiration_time": "2022-05-17T23:59:59.999Z",
"features": [
"HSM",
"Performance Replication",
"DR Replication",
"MFA",
"Sentinel",
"Seal Wrapping",
"Control Groups",
"Performance Standby",
"Namespaces",
"KMIP",
"Entropy Augmentation",
"Transform Secrets Engine",
"Lease Count Quotas",
"Key Management Secrets Engine",
"Automated Snapshots"
],
"license_id": "060d7820-fa59-f95c-832b-395db0aeb9ba",
"performance_standby_count": 9999,
"start_time": "2021-05-17T00:00:00Z"
}
},
}
```
Reference in a new issue View git blame Copy permalink