Vault Account Configuration APIs
You can list Vault accounts with the Vault Configuration API. Vault administrators can also create generic username/password and username/SSH key accounts using the API. This provides a programmatic way to onboard Vault accounts that can't automatically be discovered through Domain Discovery (Active Directory).
For more information on Vault account roles, please see Vault for Privileged Remote Access: New Member Role.
API Account Permission for Vault Configuration APIs
Due to the sensitive information stored by Vault, there is a permission check box in Management > API Configuration > Permissions to manage which API Accounts are allowed to manage Vault Accounts. When checked, the API Account has permission to use all Vault APIs specified in this document. The permission can only be checked if the API Account already has permission to access the Configuration API. For new and existing API Accounts, the default value of the box is unchecked.
For more information, please see the section on Permissions in the API Configuration section of the Administrative Guide.