/sys/activation-flags

Restricted endpoint

The API path can only be called from the root namespace.

Use the /sys/activation-flags endpoints to read and manage Vault features that are gated by one-time flags. Gated features are blocked and return errors until activated. Once removed, you cannot un-activate gated features.

ReadActivationFlags

ReadActivationFlags is an unauthenticated endpoint that returns information about gated features and their activation status as two lists: activated and unactivated. The activated list contains features ready to be used. The unactivated list contains available but gated features. It filters out those which are already active within your Vault instance.

Method	Path
`GET`	`/sys/activation-flags`

Sample request

$ curl \
    --request GET \
    http://127.0.0.1:8200/v1/sys/activation-flags

Sample response

{
    "request_id": "9f70548c-a039-24a6-147d-7fa43698e044",
    "lease_id": "",
    "lease_duration": 0,
    "renewable": false,
    "data": {
        "activated": [],
        "unactivated": [
            "secrets-sync"
        ]
    },
    "warnings": null
}

WriteActivationFlags

WriteActivationFlags unblocks and enables gated Vault features.

Method	Path
`PUT`	`/sys/activation-flags/:feature/activate`

URL parameters

feature (string: <required>) Feature key from ReadActivationFlags indicating the feature to activate.

Sample request

$ curl \
    --request PUT \
    --header "X-Vault-Token: $VAULT_TOKEN" \
    http://127.0.0.1:8200/v1/sys/activation-flags/secrets-sync/activate

Sample response

{
    "request_id": "7636e655-e11d-e2aa-8286-bd38c1d9c600",
    "lease_id": "",
    "lease_duration": 0,
    "renewable": false,
    "data": {
        "activated": [
            "secrets-sync"
        ],
        "unactivated": []
    },
    "warnings": null,
    "mount_type": "system"
}