How-to update the license on DR using a batch token

Introduction

Expected Outcome

With the correct policy applied to your batch token, you will be able to write the license to your DR.

Prerequisites (if applicable)

• You will need to have Vault running with Disaster Recovery.
• You will need to be running Vault 1.4 through Vault 1.8

Use Case

You may need to apply your license to DR and do not want to go through the steps to create a full dr_operation_token  

Procedure

• Create a batch token or identify the batch token you'd like to use

• Create a policy that gives permissions to the token to write the license

# Manage license for DR Secondary
path "sys/replication/dr/secondary/license" {
capabilities = ["create", "update"]
}

• Apply the policy to the token.

• You should then be able to write to the documented license location

vault write sys/license "text=xxxxxxxx" dr_operation_token=b.XXXXXXX 

Additional Information

• https://www.vaultproject.io/api/system/license