Hashicorp vault how to list all roles

Bilbo Baggins picture Bilbo Baggins · Mar 26, 2020 · Viewed 9.3k times · Source

Is it possible to list all roles stored in a vault backend? I can't seem to find any reference on how to do so.

From the documentation, it seems possible to list a role given the role name, through auth/approle/role/my-role, for example, but I don't see any references on how to list all roles stored in a vault server.

Answer

Bilbo Baggins picture Bilbo Baggins · Mar 26, 2020

Viewing roles using the UI

  1. Click the "Access" tab

access-tab

  1. Click "View Configuration" under the three dot dropdown for the auth method you're interested in

view-config

  1. Click the "Roles" tab at the top

roles

Viewing roles using the CLI

Roles are listed under Authentication Methods in Vault. You can view which authentication methods you have enabled (or enable new ones) by visiting the UI and clicking on the "Access" tab at the top.

From there you can list roles using the following command:

vault list auth/{auth_method}/role

Where {auth_method} is one of the enabled authentication methods listed in the "Access" tab.

For example, if you enabled the kubernetes auth method, you would list roles associated with this method by running the following:

vault list auth/kubernetes/role