Introduction
Expected Outcome
With the correct policy applied to your batch token, you will be able to write the license to your DR.
Prerequisites (if applicable)
- You will need to have Vault running with Disaster Recovery.
- You will need to be running Vault 1.4 through Vault 1.8
Use Case
You may need to apply your license to DR and do not want to go through the steps to create a full dr_operation_token
Procedure
-
Create a batch token or identify the batch token you'd like to use
-
Create a policy that gives permissions to the token to write the license
# Manage license for DR Secondary
path "sys/replication/dr/secondary/license" {
capabilities = ["create", "update"]
}
- Apply the policy to the token.
vault token create -type=batch -policy=<policy-from-above>
- You should then be able to write to the documented license location.
vault write sys/license "text=xxxxxxxx" dr_operation_token=b.XXXXXXX