Vault
/sys/quotas/config
Restricted endpoint
The API path can only be called from the root namespace.The /sys/quotas/config
endpoint is used to configure rate limit quotas.
Create or update the rate limit configuration
Method | Path |
---|---|
POST | /sys/quotas/config |
Parameters
rate_limit_exempt_paths
([]string: [])
- Specifies the list of exempt paths from all rate limit quotas. If empty no paths will be exempt.enable_rate_limit_audit_logging
(bool: false)
- If set, starts audit logging of requests that get rejected due to rate limit quota rule violations.enable_rate_limit_response_headers
(bool: false)
- If set, additional rate limit quota HTTP headers will be added to responses.
Sample payload
{
"rate_limit_exempt_paths": [
"sys/internal/ui/mounts",
"sys/generate-recovery-token/attempt",
"sys/generate-recovery-token/update",
"sys/generate-root/attempt",
"sys/generate-root/update",
"sys/health",
"sys/seal-status",
"sys/unseal"
],
"enable_rate_limit_audit_logging": true,
"enable_rate_limit_response_headers": true
}
Sample request
$ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/quotas/config
Get the rate limit configuration
Method | Path |
---|---|
GET | /sys/quotas/config |
Sample request
$ curl \
--request GET \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/quotas/config
Sample response
{
"request_id": "259801bd-a0c9-9350-8eb9-26c91afd19c6",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"enable_rate_limit_audit_logging": false,
"enable_rate_limit_response_headers": false,
"rate_limit_exempt_paths": [
"sys/internal/ui/mounts",
"sys/generate-recovery-token/attempt",
"sys/generate-recovery-token/update",
"sys/generate-root/attempt",
"sys/generate-root/update",
"sys/health",
"sys/seal-status",
"sys/unseal"
]
},
"warnings": null
}