How-to update the license on DR using a batch token on Vault running 1.7.x version and prior

Introduction

Expected Outcome

With the correct policy applied to your batch token, you will be able to write the license to your DR.

Prerequisites (if applicable)

• You will need to have Vault running with Disaster Recovery.
• You will need to be running Vault 1.4 through Vault 1.8

Use Case

You may need to apply your license to DR and do not want to go through the steps to create a full dr_operation_token  

Procedure

• Create a batch token or identify the batch token you'd like to use

• Create a policy that gives permissions to the token to write the license

  # Manage license for DR Secondary
  path "sys/replication/dr/secondary/license" {
  capabilities = ["create", "update"]
  }

• Apply the policy to the token.

  vault token create -type=batch -policy=<policy-from-above>

• You should then be able to write to the documented license location. Capability to install license through CLI command is deprecated post Vault version 1.11.x.
  

  vault write sys/license "text=xxxxxxxx" dr_operation_token=b.XXXXXXX 

Additional Information

• https://www.vaultproject.io/api/system/license
• https://developer.hashicorp.com/vault/api-docs/v1.11.x/system/license