This assumes the following has already been done.

• Hashicorp Vault has been installed
• Hashicorp Vault has been initialized
• Hashicorp Vault has been unsealed
• You have logged into the vault

Policies list what can and cannot be done. For example, to allow or not allow a user to create a secret.

A role contains one or more policies. Let's say you have enabled approle.

• Enable approle authentication using REST API
• Enable approle authentication using the vault auth enable command

The vault list auth/<auth method>/role command can be used to list the roles that have been created for the auth method. If no roles have been created, something like this should be returned.

~]$ vault list auth/approle/role
No value found at auth/approle/role

On the other hand, if one or more roles have been created, something like this should be returned.

~]$ vault list auth/approle/role
Keys
----
my-role

The vault read command can be used to display the roles configuration.

~]$ vault read auth/approle/role/my-role
Key                        Value
---                        -----
bind_secret_id             true
local_secret_ids           false
policies                   [default, my-policy]
secret_id_bound_cidrs      <nil>
secret_id_num_uses         0
secret_id_ttl              0s
token_bound_cidrs          []
token_explicit_max_ttl     0s
token_max_ttl              0s
token_no_default_policy    false
token_num_uses             0
token_period               0s
token_policies             [default, my-policy]
token_ttl                  0s
token_type                 default

Appending role-id to the vault read command should return the Role ID.

~]$ vault read auth/approle/role/my-role/role-id
role_id 1fc805a2-d061-209e-5050-e5ece38fdf7b