Why can't you login with method=approle?

Was the command vault login -method=approle role_id=$ROLE_ID secret_id=$SECRET_ID ever supported? It yields a misleading error message.

Unknown auth method: approle. Use "vault auth list" to see the complete list
of auth methods. Additionally, some auth methods are only available via the

I later found that I would have to use this instead:

vault login $(vault write auth/approle/login \
  role_id="$ROLE_ID" \
  secret_id="$SECRET_ID" \
  --format=json \
  | jq -r .auth.client_token

Use this:

VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$ROLE_ID secret_id=$SECRET_ID)

You don’t need to do “vault login”.

Because you are a human, not a application ; application often use REST API.

I was doing a vault login with different credentials to test out the least-privilege limitations of policies, such as app_admin can write secrets, app_operator can read secrets.

For the vault cli, it seems I need to have an existing account with write priv on auth/approle/login to test the account?