The API documentation for PKI secret engine doesn’t contain information for /root/rotate and /root/replace endpoints.
These API endpoints are used by the following commands:
$ vault write pki/root/rotate/internal \
common_name="example.com" \
issuer_name="xyz"
$ vault write pki/root/replace default=xyz
Hi – sorry, this was an oversight. I’ve opened Document PKI root rotation, replacement paths by cipherboy · Pull Request #16206 · hashicorp/vault · GitHub and it’ll eventually land on the website.
Feel free to open GH issues in the future (if you prefer) for missing docs – we tend not to check the forums that often.
Great, I will do so in the future.