BetterCloud · ianferguson · Sep 10, 2020
diff --git a/src/main/java/com/bettercloud/vault/Vault.java b/src/main/java/com/bettercloud/vault/Vault.java
@@ -255,6 +255,7 @@ private Map<String, String> collectSecretEngineVersions() {
                     .url(vaultConfig.getAddress() + "/v1/sys/mounts")
                     .header("X-Vault-Token", vaultConfig.getToken())
                     .header("X-Vault-Namespace", this.vaultConfig.getNameSpace())
+                    .header("X-Vault-Request", "true")
                     .connectTimeoutSeconds(vaultConfig.getOpenTimeout())
                     .readTimeoutSeconds(vaultConfig.getReadTimeout())
                     .sslVerification(vaultConfig.getSslConfig().isVerify())

diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java
@@ -346,6 +346,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
                         .url(url)
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -414,6 +415,7 @@ public AuthResponse loginByAppID(final String path, final String appId, final St
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/auth/" + path)
                         .optionalHeader("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -510,6 +512,7 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/auth/" + path + "/login")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -595,6 +598,7 @@ public AuthResponse loginByUserPass(final String username, final String password
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/auth/" + mount + "/login/" + username)
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -720,6 +724,7 @@ public AuthResponse loginByAwsEc2(final String role, final String identity, fina
                         .url(config.getAddress() + "/v1/auth/" + mount + "/login")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -797,6 +802,7 @@ public AuthResponse loginByAwsEc2(final String role, final String pkcs7, final S
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/auth/" + mount + "/login")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -878,6 +884,7 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl,
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/auth/" + mount + "/login")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -965,6 +972,7 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/auth/" + mount + "/login")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -1031,6 +1039,7 @@ public AuthResponse loginByJwt(final String provider, final String role, final S
                 final RestResponse restResponse = new Rest()
                         .url(config.getAddress() + "/v1/auth/" + provider + "/login")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -1173,6 +1182,7 @@ public AuthResponse loginByCert(final String certAuthMount) throws VaultExceptio
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/auth/" + mount + "/login")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -1256,6 +1266,7 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
                         .url(config.getAddress() + "/v1/auth/" + mount + "/renew-self")
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -1321,6 +1332,7 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept
                         .url(config.getAddress() + "/v1/auth/" + mount + "/lookup-self")
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -1385,6 +1397,7 @@ public LogicalResponse lookupWrap() throws VaultException {
                         .url(config.getAddress() + "/v1/sys/wrapping/lookup")
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -1447,6 +1460,7 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException {
                         .url(config.getAddress() + "/v1/auth/" + mount + "/revoke-self")
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -1550,6 +1564,7 @@ public AuthResponse unwrap(final String wrappedToken) throws VaultException {
                         .url(url)
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())

diff --git a/src/main/java/com/bettercloud/vault/api/Debug.java b/src/main/java/com/bettercloud/vault/api/Debug.java
@@ -92,6 +92,7 @@ public HealthResponse health(
                         .url(config.getAddress() + "/v1/" + path)
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())

diff --git a/src/main/java/com/bettercloud/vault/api/Leases.java b/src/main/java/com/bettercloud/vault/api/Leases.java
@@ -63,6 +63,7 @@ public VaultResponse revoke(final String leaseId) throws VaultException {
                         .url(config.getAddress() + "/v1/sys/leases/revoke/" + leaseId)
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -118,6 +119,7 @@ public VaultResponse revokePrefix(final String prefix) throws VaultException {
                         .url(config.getAddress() + "/v1/sys/revoke-prefix/" + prefix)
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -176,6 +178,7 @@ public VaultResponse revokeForce(final String prefix) throws VaultException {
                         .url(config.getAddress() + "/v1/sys/revoke-force/" + prefix)
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -239,6 +242,7 @@ public VaultResponse renew(final String leaseId, final long increment) throws Va
                         .url(config.getAddress() + "/v1/sys/renew/" + leaseId)
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())

diff --git a/src/main/java/com/bettercloud/vault/api/Logical.java b/src/main/java/com/bettercloud/vault/api/Logical.java
@@ -87,6 +87,7 @@ private LogicalResponse read(final String path, Boolean shouldRetry, final logic
                         .url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), operation))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -155,6 +156,7 @@ public LogicalResponse read(final String path, Boolean shouldRetry, final Intege
                         .url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), logicalOperations.readV2))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .parameter("version", version.toString())
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -257,6 +259,7 @@ private LogicalResponse write(final String path, final Map<String, Object> nameV
                         .body(jsonObjectToWriteFromEngineVersion(operation, requestJson).toString().getBytes(StandardCharsets.UTF_8))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -348,6 +351,7 @@ private LogicalResponse delete(final String path, final Logical.logicalOperation
                         .url(config.getAddress() + "/v1/" + adjustPathForDelete(path, config.getPrefixPathDepth(), operation))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -408,6 +412,7 @@ public LogicalResponse delete(final String path, final int[] versions) throws Va
                         .url(config.getAddress() + "/v1/" + adjustPathForVersionDelete(path,config.getPrefixPathDepth()))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -479,6 +484,7 @@ public LogicalResponse unDelete(final String path, final int[] versions) throws
                         .url(config.getAddress() + "/v1/" + adjustPathForVersionUnDelete(path,config.getPrefixPathDepth()))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -538,6 +544,7 @@ public LogicalResponse destroy(final String path, final int[] versions) throws V
                         .url(config.getAddress() + "/v1/" + adjustPathForVersionDestroy(path,config.getPrefixPathDepth()))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -589,6 +596,7 @@ public LogicalResponse upgrade(final String kvPath) throws VaultException {
                         .url(config.getAddress() + "/v1/sys/mounts/" + (kvPath.replaceAll("/", "") + "/tune"))
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())

diff --git a/src/main/java/com/bettercloud/vault/api/Seal.java b/src/main/java/com/bettercloud/vault/api/Seal.java
@@ -48,6 +48,7 @@ public void seal() throws VaultException {
                         .url(config.getAddress() + "/v1/sys/seal")
                         .header("X-Vault-Token", config.getToken())
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())
@@ -108,6 +109,7 @@ public SealResponse unseal(final String key, final Boolean reset) throws VaultEx
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/sys/unseal")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .body(requestJson.getBytes(StandardCharsets.UTF_8))
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
@@ -151,6 +153,7 @@ public SealResponse sealStatus() throws VaultException {
                 final RestResponse restResponse = new Rest()//NOPMD
                         .url(config.getAddress() + "/v1/sys/seal-status")
                         .header("X-Vault-Namespace", this.nameSpace)
+                        .header("X-Vault-Request", "true")
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslVerification(config.getSslConfig().isVerify())