diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
index 45a1f6f9f9ff..4c057b6d3561 100644
--- a/builtin/credential/approle/path_role.go
+++ b/builtin/credential/approle/path_role.go
@@ -167,7 +167,7 @@ TTL will be set to the value of this parameter.`,
 					Type:        framework.TypeString,
 					Description: "Identifier of the role. Defaults to a UUID.",
 				},
-				"enable_local_secret_ids": &framework.FieldSchema{
+				"local_secret_ids": &framework.FieldSchema{
 					Type: framework.TypeBool,
 					Description: `If set, the secret IDs generated using this role will be cluster local. This
 can only be set during role creation and once set, it can't be reset later.`,
@@ -184,7 +184,7 @@ can only be set during role creation and once set, it can't be reset later.`,
 			HelpDescription: strings.TrimSpace(roleHelp["role"][1]),
 		},
 		&framework.Path{
-			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/enable-local-secret-ids$",
+			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/local-secret-ids$",
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": &framework.FieldSchema{
 					Type:        framework.TypeString,
@@ -192,7 +192,7 @@ can only be set during role creation and once set, it can't be reset later.`,
 				},
 			},
 			Callbacks: map[logical.Operation]framework.OperationFunc{
-				logical.ReadOperation: b.pathRoleEnableLocalSecretIDsRead,
+				logical.ReadOperation: b.pathRoleLocalSecretIDsRead,
 			},
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-local-secret-ids"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-local-secret-ids"][1]),
@@ -807,7 +807,7 @@ func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request
 		return logical.ErrorResponse(fmt.Sprintf("role name %q doesn't exist", roleName)), nil
 	}
 
-	localSecretIDsRaw, ok := data.GetOk("enable_local_secret_ids")
+	localSecretIDsRaw, ok := data.GetOk("local_secret_ids")
 	if ok {
 		switch {
 		case req.Operation == logical.CreateOperation:
@@ -816,7 +816,7 @@ func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request
 				role.SecretIDPrefix = secretIDLocalPrefix
 			}
 		default:
-			return logical.ErrorResponse("enable_local_secret_ids can only be modified during role creation"), nil
+			return logical.ErrorResponse("local_secret_ids can only be modified during role creation"), nil
 		}
 	}
 
@@ -948,20 +948,20 @@ func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *
 	}
 
 	respData := map[string]interface{}{
-		"bind_secret_id":          role.BindSecretID,
-		"bound_cidr_list":         role.BoundCIDRList,
-		"period":                  role.Period / time.Second,
-		"policies":                role.Policies,
-		"secret_id_num_uses":      role.SecretIDNumUses,
-		"secret_id_ttl":           role.SecretIDTTL / time.Second,
-		"token_max_ttl":           role.TokenMaxTTL / time.Second,
-		"token_num_uses":          role.TokenNumUses,
-		"token_ttl":               role.TokenTTL / time.Second,
-		"enable_local_secret_ids": false,
+		"bind_secret_id":     role.BindSecretID,
+		"bound_cidr_list":    role.BoundCIDRList,
+		"period":             role.Period / time.Second,
+		"policies":           role.Policies,
+		"secret_id_num_uses": role.SecretIDNumUses,
+		"secret_id_ttl":      role.SecretIDTTL / time.Second,
+		"token_max_ttl":      role.TokenMaxTTL / time.Second,
+		"token_num_uses":     role.TokenNumUses,
+		"token_ttl":          role.TokenTTL / time.Second,
+		"local_secret_ids":   false,
 	}
 
 	if role.SecretIDPrefix == secretIDLocalPrefix {
-		respData["enable_local_secret_ids"] = true
+		respData["local_secret_ids"] = true
 	}
 
 	resp := &logical.Response{
@@ -1450,7 +1450,7 @@ func (b *backend) pathRoleBindSecretIDDelete(ctx context.Context, req *logical.R
 	return nil, b.setRoleEntry(ctx, req.Storage, roleName, role, "")
 }
 
-func (b *backend) pathRoleEnableLocalSecretIDsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
+func (b *backend) pathRoleLocalSecretIDsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	roleName := data.Get("role_name").(string)
 	if roleName == "" {
 		return logical.ErrorResponse("missing role_name"), nil
@@ -1471,7 +1471,7 @@ func (b *backend) pathRoleEnableLocalSecretIDsRead(ctx context.Context, req *log
 		}
 		return &logical.Response{
 			Data: map[string]interface{}{
-				"enable_local_secret_ids": localSecretIDs,
+				"local_secret_ids": localSecretIDs,
 			},
 		}, nil
 	}
diff --git a/builtin/credential/approle/path_role_test.go b/builtin/credential/approle/path_role_test.go
index 760ca1d872f7..e3a757f74661 100644
--- a/builtin/credential/approle/path_role_test.go
+++ b/builtin/credential/approle/path_role_test.go
@@ -12,14 +12,14 @@ import (
 	"github.com/mitchellh/mapstructure"
 )
 
-func TestAppRole_EnableLocalSecretIDsRead(t *testing.T) {
+func TestAppRole_LocalSecretIDsRead(t *testing.T) {
 	var resp *logical.Response
 	var err error
 	b, storage := createBackendWithStorage(t)
 
 	roleData := map[string]interface{}{
-		"enable_local_secret_ids": true,
-		"bind_secret_id":          true,
+		"local_secret_ids": true,
+		"bind_secret_id":   true,
 	}
 
 	resp, err = b.HandleRequest(context.Background(), &logical.Request{
@@ -35,13 +35,13 @@ func TestAppRole_EnableLocalSecretIDsRead(t *testing.T) {
 	resp, err = b.HandleRequest(context.Background(), &logical.Request{
 		Operation: logical.ReadOperation,
 		Storage:   storage,
-		Path:      "role/testrole/enable-local-secret-ids",
+		Path:      "role/testrole/local-secret-ids",
 	})
 	if err != nil || (resp != nil && resp.IsError()) {
 		t.Fatalf("err:%v resp:%#v", err, resp)
 	}
-	if !resp.Data["enable_local_secret_ids"].(bool) {
-		t.Fatalf("expected enable_local_secret_ids to be returned")
+	if !resp.Data["local_secret_ids"].(bool) {
+		t.Fatalf("expected local_secret_ids to be returned")
 	}
 }
 
@@ -51,22 +51,22 @@ func TestApprole_LocalNonLocalSecretIDs(t *testing.T) {
 
 	b, storage := createBackendWithStorage(t)
 
-	// Create a role with enable_local_secret_ids set
+	// Create a role with local_secret_ids set
 	resp, err = b.HandleRequest(context.Background(), &logical.Request{
 		Path:      "role/testrole1",
 		Operation: logical.CreateOperation,
 		Storage:   storage,
 		Data: map[string]interface{}{
-			"policies":                []string{"default", "role1policy"},
-			"bind_secret_id":          true,
-			"enable_local_secret_ids": true,
+			"policies":         []string{"default", "role1policy"},
+			"bind_secret_id":   true,
+			"local_secret_ids": true,
 		},
 	})
 	if err != nil || (resp != nil && resp.IsError()) {
 		t.Fatalf("bad: err: %v\n resp: %#v", err, resp)
 	}
 
-	// Create another role without setting enable_local_secret_ids
+	// Create another role without setting local_secret_ids
 	resp, err = b.HandleRequest(context.Background(), &logical.Request{
 		Path:      "role/testrole2",
 		Operation: logical.CreateOperation,
@@ -158,7 +158,7 @@ func TestApprole_UpgradeSecretIDPrefix(t *testing.T) {
 		t.Fatalf("expected SecretIDPrefix to be set")
 	}
 
-	// Ensure that the API response contains enable_local_secret_ids
+	// Ensure that the API response contains local_secret_ids
 	resp, err = b.HandleRequest(context.Background(), &logical.Request{
 		Path:      "role/testrole",
 		Operation: logical.ReadOperation,
@@ -167,9 +167,9 @@ func TestApprole_UpgradeSecretIDPrefix(t *testing.T) {
 	if err != nil || (resp != nil && resp.IsError()) {
 		t.Fatalf("bad: err: %v\n resp: %#v", err, resp)
 	}
-	_, ok := resp.Data["enable_local_secret_ids"]
+	_, ok := resp.Data["local_secret_ids"]
 	if !ok {
-		t.Fatalf("expected enable_local_secret_ids to be present in the response")
+		t.Fatalf("expected local_secret_ids to be present in the response")
 	}
 }
 
@@ -180,13 +180,13 @@ func TestApprole_LocalSecretIDImmutability(t *testing.T) {
 	b, storage := createBackendWithStorage(t)
 
 	roleData := map[string]interface{}{
-		"policies":                []string{"default"},
-		"bind_secret_id":          true,
-		"bound_cidr_list":         []string{"127.0.0.1/18", "192.178.1.2/24"},
-		"enable_local_secret_ids": true,
+		"policies":         []string{"default"},
+		"bind_secret_id":   true,
+		"bound_cidr_list":  []string{"127.0.0.1/18", "192.178.1.2/24"},
+		"local_secret_ids": true,
 	}
 
-	// Create a role with enable_local_secret_ids set
+	// Create a role with local_secret_ids set
 	resp, err = b.HandleRequest(context.Background(), &logical.Request{
 		Path:      "role/testrole",
 		Operation: logical.CreateOperation,
@@ -197,7 +197,7 @@ func TestApprole_LocalSecretIDImmutability(t *testing.T) {
 		t.Fatalf("bad: err: %v\nresp: %#v", err, resp)
 	}
 
-	// Attempt to modify enable_local_secret_ids should fail
+	// Attempt to modify local_secret_ids should fail
 	resp, err = b.HandleRequest(context.Background(), &logical.Request{
 		Path:      "role/testrole",
 		Operation: logical.UpdateOperation,
@@ -205,7 +205,7 @@ func TestApprole_LocalSecretIDImmutability(t *testing.T) {
 		Data:      roleData,
 	})
 	if resp == nil || !resp.IsError() {
-		t.Fatalf("expected an error since enable_local_secret_ids can't be overwritten")
+		t.Fatalf("expected an error since local_secret_ids can't be overwritten")
 	}
 }