Powershell script to use Invoke-RestMethod to update secrets

I know you can use the Invoke-RestMethod method to do things like login using token and approle (role-id & secret-id), and reading secrets. I need to be able to UPDATE the secrets using a PUT.

This returns a permission denied error,. I am able to login to the approle with the correct role-id/secret-id pair, but invoking it to do the "PUT doesn’t work:

$env:VAULT_ADDR="<my Vault URL>"
$env:VAULT_TOKEN="<my token>"
$env:VAULT_NAMESPACE="<my namespace>"
$secret= "envdev"
$api = "trans"
$ver = 1

$payload =

$header = @{
    "X-Vault-Token" =  "$($ENV:VAULT_TOKEN)"
    "X-Vault-Namespace" = "$($env:VAULT_NAMESPACE)"
$uri = "$($env:VAULT_ADDR)" +"/v1/$($secret)/data/$($api)"

'URI: **************'

'HEADER: **************'

'PAYLOAD: **************'

$response = Invoke-RestMethod -Headers $header -ContentType 'application/json' -Method PUT -Uri $uri -Body $payload

'RESPONSE: *************'

Well, it might help if you have update in your capabilities in the policy attached to the approle!! DUH…< EGG ON FACE >

Leaving the code above for others…