This assumes the following has already been done.

• Hashicorp Vault has been installed
• Hashicorp Vault has been initialized
• Hashicorp Vault has been unsealed

Let's say the secrets engine has been enabled with -path=secret/

~]# vault secrets enable -path=secret/ kv
Success! Enabled the kv secrets engine at: secret/

And let's say approle has been enabled and there is a role named "my-role" and contains a policy named "my-policy".

~]$ vault read auth/approle/role/my-role
Key                        Value
---                        -----
policies                   [my-policy]

In this example, since the secrets engine has been enabled with -path=secret/ the policy path will need to begin with secret/

Let's say "my-policy" permits the following capabilities to "secret/my_path/*".

~]$ vault policy read my-policy
path "secret/my_path/*" {
  capabilities = ["create", "delete", "list", "patch", "read", "update"]
}

You will need to include the X-Vault-Token header with a client token to connect to the Hashicorp Vault which is typically done by submitting a POST request to the /v1/auth/approle/login endpoint.

 In this example, a secret named "demo" will be created with a key of "foo" and a value of "bar".

curl 
--request POST
--header "X-Vault-Token: s.gYGVHcHMiGsCZdKAJzWq1Yj1"
--header "Content-Type: application/json"
--data '{"foo":"bar"}'
--write-out "%{http_code}"
--url http://<hostname or IP address>:<port>/v1/secret/my_path/demo

By default, no output will be returned. The --write-out option is used to return the HTTP response code. An HTTP response code of 204 indicates the secret was successfully created.

204