The Vault HTTP API gives you full access to Vault via HTTP. Every aspect of Vault can be controlled via this API. The Vault CLI uses the HTTP API to access Vault.
All API routes are prefixed with /v1/.
You can simply translate CLI to API call by running -output-curl-string with your command in the following format:
vault <command> [arg] -output-curl-string <paths,token ... any additional data needed>
Here are some examples :
Example 1:
vault kv put -output-curl-string kv/cert1 file1=@FILE_NAME1.pfx
will translate to
curl -X PUT -H "X-Vault-Token: ${VAULT_TOKEN}" --data-binary "@FILE_NAME1.pfx" ${VAULT_ADDR}/v1/kv1/cert1
Example 2:
vault auth enable -output-curl-string userpass
will translate to
curl -X POST -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" -d '{"type":"userpass","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' http://127.0.0.1:8200/v1/sys/auth/userpass
Example 3:
vault token capabilities -output-curl-string s.xxxxxxxxxxxxxxx
will translate to
curl -X POST -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" -d '{"path":"s.xxxxxxxxxxxxxxx","token":"s.xyzxyzxyzxyzxyzxyz"}' http://127.0.0.1:8200/v1/sys/capabilities-self
Example 4:
vault auth list -output-curl-string -detailed -namespace=test
will translate to
curl -H "X-Vault-Namespace: test/" -H "X-Vault-Token: $(vault print token)" -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/sys/auth
Note that this will not run the command, it will only show you how the CLI command can be run in API format.
For more information about Vault HTTP API: https://www.vaultproject.io/api-docs/index