6. ACL Requirements
This section explains which paths are accessed by Spring Vault so you can derive your policy declarations from the required capabilities.
| Capability | Associated HTTP verbs |
|---|---|
create |
|
read |
|
update |
|
delete |
|
list |
|
6.1. Authentication
Login: POST auth/$authMethod/login
6.2. KeyValue Mount Discovery
GET sys/internal/ui/mounts/$mountPath
6.3. SecretLeaseContainer
SecretLeaseContainer uses different paths depending on the configured lease endpoint.
LeaseEndpoints.Legacy
-
Revocation:
PUT sys/revoke -
Renewal:
PUT sys/renew
LeaseEndpoints.Leases (SysLeases)
-
Revocation:
PUT sys/leases/revoke -
Renewal:
PUT sys/leases/renew
6.4. Session Management
-
Token lookup:
GET auth/token/lookup-self -
Renewal:
POST auth/token/renew-self -
Revoke:
POST auth/token/revoke-self