Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add additional endpoints, remove non-protected endpoints #20669

Merged
merged 7 commits into from
May 24, 2023
Merged

Add additional endpoints, remove non-protected endpoints #20669

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9df5cf8
Add additional endpoints, remove non-protected endpoints
jonathanfrappier May 18, 2023
4aea29d
Add step-down per engineering
jonathanfrappier May 19, 2023
e84cd97
Match HTTP verb to individual doc pages
jonathanfrappier May 19, 2023
754cce8
Add /sys/internal/inspect/router to table
jonathanfrappier May 19, 2023
6f48691
Apply additional suggestions
jonathanfrappier May 19, 2023
db309c0
Updates based on engineering feedback
jonathanfrappier May 24, 2023
92d25fc
Adding unsaved changes
jonathanfrappier May 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 14 additions & 12 deletions website/content/docs/concepts/policies.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -800,32 +800,34 @@ authenticated user.

The following paths requires a root token or `sudo` capability in the policy:

| Path | HTTP verb | Description |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| [auth/token/accessors](/vault/api-docs/auth/token#list-accessors) | LIST | List token accessor |
| [auth/token/create-orphan](/vault/api-docs/auth/token#create-token) | POST | Create an orphan token (the same as `no_parent` option) |
| [auth/token](/vault/api-docs/auth/token#create-token) | POST | Create a periodic or an orphan token (`period` or `no_parent`) option |
| [pki/root](/vault/api-docs/secret/pki#delete-root) | DELETE | Delete the current CA key ([pki secrets engine](/vault/docs/secrets/pki)) |
| [pki/root/sign-self-issued](/vault/api-docs/secret/pki#sign-self-issued) | POST | Use the configured CA certificate to sign a self-issued certificate ([pki secrets engine](/vault/docs/secrets/pki)) |
| Path | HTTP verb | Description |
| -------------------------------------------------------------------------------------------------------------------------------------------------------| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| [auth/token/accessors](/vault/api-docs/auth/token#list-accessors) | LIST | List token accessor |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [auth/token/create](/vault/api-docs/auth/token#create-token) | POST | Create a periodic or an orphan token (`period` or `no_parent`) option |
| [pki/root](/vault/api-docs/secret/pki#delete-root) | DELETE | Delete the current CA key ([pki secrets engine](/vault/docs/secrets/pki)) |
| [pki/root/sign-self-issued](/vault/api-docs/secret/pki#sign-self-issued) | POST | Use the configured CA certificate to sign a self-issued certificate ([pki secrets engine](/vault/docs/secrets/pki)) |
| [sys/audit](/vault/api-docs/system/audit) | GET | List enabled audit devices |
| [sys/audit/:path](/vault/api-docs/system/audit) | PUT, DELETE | Enable or remove an audit device |
| [sys/auth/:path](/vault/api-docs/system/auth) | GET, POST, DELETE | Manage the auth methods (enable, read, delete, and tune) |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [sys/auth/:path/tune](/vault/api-docs/system/auth#tune-auth-method) | GET, POST, DELETE | Manage the auth methods (enable, read, delete, and tune) |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [sys/config/auditing/request-headers](/vault/api-docs/system/config-auditing) | GET | List the request headers that are configured to be audited |
| [sys/config/auditing/request-headers:name](/vault/api-docs/system/config-auditing) | GET, PUT, DELETE | Manage the auditing headers (create, update, read and delete) |
| [sys/config/auditing/request-headers/:name](/vault/api-docs/system/config-auditing) | GET, PUT, DELETE | Manage the auditing headers (create, update, read and delete) |
| [sys/config/cors](/vault/api-docs/system/config-cors) | GET, PUT, DELETE | Configure CORS setting |
| [sys/config-ui](/vault/api-docs/system/config-ui) | GET | Configure the UI settings |
| [sys/internal/specs/openapi](/vault/api-docs/system/internal-specs-openapi) | GET | Generate an OpenAPI document of the mounted backends |
| [sys/config-ui/headers](/vault/api-docs/system/config-ui) | GET | Configure the UI settings |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [sys/config-ui/headers/:name](/vault/api-docs/system/config-ui#name) | POST, DELETE | Configure the values to be returned for the UI header |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [sys/leases/lookup/:prefix](/vault/api-docs/system/leases#list-leases) | LIST | List lease IDs |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [sys/leases/revoke-force/:prefix](/vault/api-docs/system/leases#revoke-force) | PUT | Revoke all secrets or tokens ignoring backend errors |
| [sys/leases/revoke-prefix/:prefix](/vault/api-docs/system/leases#revoke-prefix) | PUT | Revoke all secrets generated under a given prefix |
| [sys/plugins/catalog/:type/:name](/vault/api-docs/system/plugins-catalog#register-plugin) | GET, PUT, DELETE | Register a new plugin, or read/remove an existing plugin |
| [sys/raw](/vault/api-docs/system/raw#list-raw) | LIST, GET | Returns a list of keys for a given path prefix |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [sys/replication/reindex](/vault/api-docs/system/replication#reindex-replication) | POST | Reindex the local data storage |
| [sys/remount](/vault/api-docs/system/remount) | POST | Moves an already-mounted backend to a new mount point |
| [sys/replication/reindex](/vault/api-docs/system/replication#reindex-replication) | POST | Reindex the local data storage |
| [sys/replication/performance/primary/secondary-token](/vault/api-docs/system/replication/replication-performance#generate-performance-secondary-token) | POST | Generate a performance secondary activation token |
| [sys/replication/dr/primary/secondary-token](/vault/api-docs/system/replication/replication-dr#generate-dr-secondary-token) | POST | Generate a DR secondary activation token |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
| [sys/rotate](/vault/api-docs/system/rotate) | PUT | Trigger a rotation of the backend encryption key |
| [sys/seal](/vault/api-docs/system/seal) | PUT | Seals the Vault |
| [sys/step-down](/vault/api-docs/system/step-down)
| [sys/storage/raft/snapshot-auto/config](/vault/api-docs/system/storage/raftautosnapshots#list-automated-snapshots-configs) | LIST | Lists named configurations |
| [sys/storage/raft/snapshot-auto/config/:name](/vault/api-docs/system/storage/raftautosnapshots) | POST, GET, DELETE | Creates or updates a named configuration |
jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved

jonathanfrappier marked this conversation as resolved.
Show resolved Hide resolved
### Tokens

Expand Down