Vault
/sys/internal/ui/mounts
The /sys/internal/ui/mounts
endpoint is used to manage mount listing
visibility. The response generated by this endpoint is based on the
listing_visibility
value on the mount, which can be set during mount time or
via mount tuning. This is currently only being used internally, for the UI and
for CLI preflight checks, and is an unauthenticated endpoint.
If called with a valid token in X-Vault-Token
header, the response will
include additional mounts which the token has been granted path capabilities on.
Due to the nature of its intended usage, there is no guarantee on backwards compatibility for this endpoint.
Get available visible mounts
This endpoint lists all enabled auth methods.
Method | Path |
---|---|
GET | /sys/internal/ui/mounts |
Sample request
$ curl \
http://127.0.0.1:8200/v1/sys/internal/ui/mounts
Sample response
{
"auth": {
"github/": {
"description": "GitHub auth",
"type": "github"
}
},
"secret": {
"custom-secrets/": {
"description": "Custom secrets",
"options": {
"version": "2"
},
"type": "kv"
}
}
}
Get single mount details
This endpoint lists details for a specific mount path. This is an authenticated endpoint, and is currently only being used internally.
The calling token should not be granted permissions to these API endpoints
directly, but instead rely on permissions granted to the individual mount path.
This means that if you give a token a policy with capabilities on a :path
(e.g. /secret/*
), the token will be able to call
sys/internal/ui/mounts/:path
(e.g. sys/internal/ui/mounts/secret
) without
having to add that literal path to the policy document.
On certain mounts, it is possible to call an arbitrary path within the engine
(for example, /sys/internal/ui/mounts/secret/path/to/secret
when the mount
path is /secret
). If called in this manner, then this endpoint will return the
data for the mount that hosts that path. Therefore, a call to
/sys/internal/ui/mounts/secret/path/to/secret
and a call to
/sys/internal/ui/mounts/secret
will yield an identical response.
Due to the nature of its intended usage, there is no guarantee on backwards compatibility for this endpoint.
Method | Path |
---|---|
GET | /sys/internal/ui/mounts/:path |
Sample request
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/internal/ui/mounts/cubbyhole
Sample response
{
"accessor": "cubbyhole_50fbe8d2",
"config": {
"default_lease_ttl": 0,
"force_no_cache": false,
"max_lease_ttl": 0
},
"description": "per-token private secret storage",
"external_entropy_access": false,
"local": true,
"options": null,
"path": "cubbyhole/",
"seal_wrap": false,
"type": "cubbyhole",
"uuid": "4bb40403-d9ba-d2ee-087a-4c6d371db5f2"
}