Vault
HomeDocumentationTutorialsTry Cloud!
  • Vault
  • Documentation
    • What is Vault?
    • Use Cases
    • Setup
      • Install
      • Configuration
    • Get Started
      • Starting the server
      • Your first secret
      • Deploying Vault on VMs with Let's encrypt! TLS certs
    • Concepts
      • Operations
        • Seal/Unseal
        • "Dev" server mode
        • Namespace lock and unlock
        • Lease, renew, and revoke
        • Lease Explosions
        • Mount migration
        • Client count
        • Resource quotas
        • Response wrapping
      • Authentication
        • Identity
        • Tokens
        • OIDC provider
        • Username templating
        • Passwordless
      • Secrets
      • Storage
        • Integrated storage
        • High availability mode (HA)
        • Recovery mode
      • Policies
  • Tutorials
    • CLI
      • Operations
        • Deploy Vault
        • Using the HTTP API
        • Unseal/Seal
      • Authentication
        • Token
        • GitHub authentication
        • Username/Password
        • TLS Client Certificates
        • SSH Keys
        • AWS, Azure, GCP and external auth methods
          • Azure
          • AWS
          • GCP
          • Github
          • Terraform
      • Secrets
        • Secrets engines
        • Built-in help
      • Access Control
        • Policies
    • UI
      • Authentication
        • Username/Password
        • Passwordless
      • Operations
        • Unseal / Seal
        • API Explorer
      • Secrets
        • Secrets engines
      • Access Control
        • Policies
    • Use Cases
      • Namespaces
      • MongoDB admin password
      • VM Disk Encryption Keys
      • VM SSH Keys
      • Kubernetes Configuration
      • GitHub Actions
      • Dynamic credentials for cloud providers
        • AWS
        • Azure
        • GCP
  • CLI
    • agent
    • audit
    • auth
    • debug
    • delete
    • events
    • kv
    • lease
    • license
    • list
    • login
    • monitor
    • namespace
    • operator
    • patch
    • path-help
    • pki
    • plugin
    • policy
    • print
    • proxy
    • read
    • secrets
    • server
    • ssh
    • status
    • token
    • transit
    • unwrap
    • version
    • version-history
    • write
  • API
    • Secrets engines
      • AliCloud secrets engine (API)
      • AWS secrets engine (API)
      • Azure secrets engine (API)
      • Cubbyhole secrets engine (API)
      • Database
        • Cassandra database plugin HTTP API
        • Elasticsearch database plugin HTTP API
        • Influxdb database plugin HTTP API
        • MongoDB database plugin HTTP API
        • MSSQL database plugin HTTP API
        • MySQL/MariaDB database plugin HTTP API
        • Oracle database plugin HTTP API
        • PostgreSQL database plugin HTTP API
        • Redis database plugin HTTP API
        • Redis ElastiCache database plugin HTTP API
        • Redshift database plugin HTTP API
        • Snowflake database plugin HTTP API
      • Google Cloud secrets engine (API)
      • Google Cloud KMS secrets engine (API)
      • Identity
        • entity
        • entity-alias
        • group
        • group-alias
        • tokens
        • lookup
        • oidc-provider
        • MFA
          • duo
          • okta
          • pingid
          • totp
          • login-enforcement
      • KV secrets engine (API)
      • Buckypaper secrets engine
      • Kubernetes secrets engine (API)
      • Nomad secrets engine (API)
      • LDAP secrets engine (API)
      • PKI secrets engine (API)
      • RabbitMQ secrets engine (API)
      • SSH secrets engine (API)
      • TOTP secrets engine (API)
      • Transit secrets engine (API)
    • Auth engines
      • AliCloud auth method (API)
      • AppRole auth method (API)
      • AWS auth method (API)
      • Azure auth method (API)
      • Pivotal Cloud Foundry (CF) auth method (API)
      • GitHub auth method (API)
      • Google Cloud auth method (API)
      • JWT/OIDC auth method (API)
      • Kerberos auth method (API)
      • Kubernetes auth method (API)
      • LDAP auth method (API)
      • OCI auth method (API)
      • Okta auth method (API)
      • Passwordless auth method (API)
      • RADIUS auth method (API)
      • TLS certificate auth method (API)
      • Token auth method (API)
      • Userpass auth method (HTTP API)
    • Service engines
      • Licence Manager
    • System backend
      • /sys/audit
      • /sys/audit-hash
      • /sys/auth
      • /sys/capabilities
      • /sys/capabilities-accessor
      • /sys/capabilities-self
      • /sys/config/auditing/request-headers
      • /sys/config/control-group
      • /sys/config/cors
      • /sys/config/reload
      • /sys/config/state
      • /sys/config/ui
      • /sys/decode-token
      • /sys/experiments
      • /sys/generate-recovery-token
      • /sys/generate-root
      • /sys/health
      • /sys/host-info
      • /sys/in-flight-req
      • /sys/init
      • /sys/internal/counters
      • /sys/internal/inspect
        • /sys/internal/inspect/router
      • /sys/internal/specs/openapi
      • /sys/internal/ui/feature-flags
      • /sys/internal/ui/mounts
      • /sys/internal/ui/namespaces
      • /sys/internal/ui/resultant-acl
      • /sys/key-status
      • /sys/ha-status
      • /sys/leader
      • /sys/leases
      • /sys/license/status
      • /sys/locked-users
      • /sys/loggers
      • /sys/metrics
      • /sys/monitor
      • /sys/mounts
      • /sys/namespaces
      • /sys/plugins/reload/backend
      • /sys/plugins/catalog
      • /sys/plugins/runtimes/catalog
      • /sys/policy
      • /sys/policies/
      • /sys/policies/password/
      • /sys/pprof
      • /sys/quotas/config
      • /sys/quotas/rate-limit
      • /sys/quotas/lease-count
      • /sys/raw
      • /sys/rekey
      • /sys/rekey-recovery-key
      • /sys/remount
      • /sys/rotate
      • /sys/rotate/config
      • /sys/seal
      • /sys/seal-status
      • /sys/seal-backend-status
      • /sys/step-down
      • /sys/storage
        • /sys/storage/raft
        • /sys/storage/raft/autopilot
      • /sys/tools
      • /sys/unseal
      • /sys/version-history
      • /sys/wrapping/lookup
      • /sys/wrapping/rewrap
      • /sys/wrapping/unwrap
      • /sys/wrapping/wrap
  • Resources
    • Blog
    • GitHub
    • Youtube
    • CCx101
Powered by GitBook
On this page
  • Root
  • Mount UUID cache
  • Mount accessor cache
  • Storage prefix tree
  1. API
  2. System backend
  3. /sys/internal/inspect

/sys/internal/inspect/router

The /sys/internal/inspect/router endpoint is intended for a Vault admin to inspect the internal components of Vault's router. This endpoint can be accessed with a root token or sudo privileges.

Root

This endpoint returns a list of router entries in the router's root tree.

Method
Path

GET

/sys/internal/inspect/router/root

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/internal/inspect/router/root

Sample response

{
  "request_id": "819de627-d3bc-27f4-0e3c-5c5fb0b204ee",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "root": [
      {
        "accessor": "auth_token_d5fcf970",
        "mount_namespace": "",
        "mount_path": "token/",
        "mount_type": "token",
        "storage_prefix": "sys/token/",
        "tainted": false,
        "uuid": "de61dd8c-a181-ccc2-457d-908e417d10b0"
      },
      {
        "accessor": "cubbyhole_58b6727b",
        "mount_namespace": "",
        "mount_path": "cubbyhole/",
        "mount_type": "cubbyhole",
        "storage_prefix": "logical/496bc2e4-b641-2561-1829-f6557bf1fedc/",
        "tainted": false,
        "uuid": "496bc2e4-b641-2561-1829-f6557bf1fedc"
      },
      {
        "accessor": "identity_2ccfb6ab",
        "mount_namespace": "",
        "mount_path": "identity/",
        "mount_type": "identity",
        "storage_prefix": "logical/b15e93e0-5bf1-07b0-86d3-563f9c77eef1/",
        "tainted": false,
        "uuid": "b15e93e0-5bf1-07b0-86d3-563f9c77eef1"
      },
      {
        "accessor": "system_0157e00a",
        "mount_namespace": "",
        "mount_path": "sys/",
        "mount_type": "system",
        "storage_prefix": "sys/",
        "tainted": false,
        "uuid": "8ac2615e-8a73-fe66-52a6-a422f7e3273f"
      }
    ]
  },
  "warnings": null
}

Mount UUID cache

This endpoint returns a list of mount entries in the router's mount UUID cache.

Method
Path

GET

/sys/internal/inspect/router/uuid

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/internal/inspect/router/uuid

Sample response

{
  "request_id": "71512d6c-bb77-2e05-c24e-07c964139fdb",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "uuid": [
      {
        "accessor": "auth_token_d5fcf970",
        "mount_namespace": "",
        "mount_path": "token/",
        "mount_type": "token",
        "uuid": "de61dd8c-a181-ccc2-457d-908e417d10b0"
      },
      {
        "accessor": "cubbyhole_58b6727b",
        "mount_namespace": "",
        "mount_path": "cubbyhole/",
        "mount_type": "cubbyhole",
        "uuid": "496bc2e4-b641-2561-1829-f6557bf1fedc"
      },
      {
        "accessor": "system_0157e00a",
        "mount_namespace": "",
        "mount_path": "sys/",
        "mount_type": "system",
        "uuid": "8ac2615e-8a73-fe66-52a6-a422f7e3273f"
      },
      {
        "accessor": "identity_2ccfb6ab",
        "mount_namespace": "",
        "mount_path": "identity/",
        "mount_type": "identity",
        "uuid": "b15e93e0-5bf1-07b0-86d3-563f9c77eef1"
      }
    ]
  },
  "warnings": null
}

Mount accessor cache

This endpoint returns a list of mount entries in the router's mount accessor cache.

Method
Path

GET

/sys/internal/inspect/router/accessor

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/internal/inspect/router/accessor

Sample request

{
  "request_id": "4b7de90d-75e0-978f-bc23-23c23b19a604",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "accessor": [
      {
        "accessor": "auth_token_d5fcf970",
        "mount_namespace": "",
        "mount_path": "token/",
        "mount_type": "token",
        "uuid": "de61dd8c-a181-ccc2-457d-908e417d10b0"
      },
      {
        "accessor": "cubbyhole_58b6727b",
        "mount_namespace": "",
        "mount_path": "cubbyhole/",
        "mount_type": "cubbyhole",
        "uuid": "496bc2e4-b641-2561-1829-f6557bf1fedc"
      },
      {
        "accessor": "identity_2ccfb6ab",
        "mount_namespace": "",
        "mount_path": "identity/",
        "mount_type": "identity",
        "uuid": "b15e93e0-5bf1-07b0-86d3-563f9c77eef1"
      },
      {
        "accessor": "system_0157e00a",
        "mount_namespace": "",
        "mount_path": "sys/",
        "mount_type": "system",
        "uuid": "8ac2615e-8a73-fe66-52a6-a422f7e3273f"
      }
    ]
  },
  "warnings": null
}

Storage prefix tree

This endpoint returns a list of mount entries in the router's storage prefix tree.

Method
Path

GET

/sys/internal/inspect/router/storage

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/internal/inspect/router/storage

Sample response

{
  "request_id": "ff94bb22-3d4d-8199-6882-f0e4188e10bd",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "storage": [
      {
        "accessor": "identity_2ccfb6ab",
        "mount_namespace": "",
        "mount_path": "identity/",
        "mount_type": "identity",
        "storage_prefix": "logical/b15e93e0-5bf1-07b0-86d3-563f9c77eef1/",
        "tainted": false,
        "uuid": "b15e93e0-5bf1-07b0-86d3-563f9c77eef1"
      },
      {
        "accessor": "system_0157e00a",
        "mount_namespace": "",
        "mount_path": "sys/",
        "mount_type": "system",
        "storage_prefix": "sys/",
        "tainted": false,
        "uuid": "8ac2615e-8a73-fe66-52a6-a422f7e3273f"
      },
      {
        "accessor": "auth_token_d5fcf970",
        "mount_namespace": "",
        "mount_path": "token/",
        "mount_type": "token",
        "storage_prefix": "sys/token/",
        "tainted": false,
        "uuid": "de61dd8c-a181-ccc2-457d-908e417d10b0"
      },
      {
        "accessor": "cubbyhole_58b6727b",
        "mount_namespace": "",
        "mount_path": "cubbyhole/",
        "mount_type": "cubbyhole",
        "storage_prefix": "logical/496bc2e4-b641-2561-1829-f6557bf1fedc/",
        "tainted": false,
        "uuid": "496bc2e4-b641-2561-1829-f6557bf1fedc"
      }
    ]
  },
  "warnings": null
}
Previous/sys/internal/inspectNext/sys/internal/specs/openapi

Last updated 1 year ago