diff --git a/src/VaultSharp/V1/AuthMethods/AppRole/Models/AppRoleRoleModel.cs b/src/VaultSharp/V1/AuthMethods/AppRole/Models/AppRoleRoleModel.cs
index 814529be..7d9f5501 100644
--- a/src/VaultSharp/V1/AuthMethods/AppRole/Models/AppRoleRoleModel.cs
+++ b/src/VaultSharp/V1/AuthMethods/AppRole/Models/AppRoleRoleModel.cs
@@ -9,7 +9,7 @@ public class AppRoleRoleModel
         public bool BindSecretId { get; set; } = true;
 
         [JsonPropertyName("local_secret_ids")]
-        public bool LocalSecretIds { get; set; }
+        public virtual bool LocalSecretIds { get; set; }
 
         [JsonPropertyName("policies")]
         public List<string> Policies { get; set; }
@@ -50,4 +50,4 @@ public class AppRoleRoleModel
         [JsonPropertyName("token_type")]
         public AuthTokenType TokenType { get; set; }
     }
-}
\ No newline at end of file
+}
diff --git a/src/VaultSharp/V1/AuthMethods/AppRole/Models/UpdateAppRoleRoleModel.cs b/src/VaultSharp/V1/AuthMethods/AppRole/Models/UpdateAppRoleRoleModel.cs
new file mode 100644
index 00000000..f901aed9
--- /dev/null
+++ b/src/VaultSharp/V1/AuthMethods/AppRole/Models/UpdateAppRoleRoleModel.cs
@@ -0,0 +1,12 @@
+using System;
+using System.Text.Json.Serialization;
+
+namespace VaultSharp.V1.AuthMethods.AppRole.Models
+{
+    public class UpdateAppRoleRoleModel : AppRoleRoleModel
+    {
+        [JsonIgnore]
+        [Obsolete("LocalSecretIds can only be set when creating an app role. Use AppRoleRoleModel if creating a new app role", true)]
+        public override bool LocalSecretIds { get; set; }
+    }
+}
diff --git a/test/VaultSharp.Samples/Backends/Auth/AppRoleAuthBackendSamples.cs b/test/VaultSharp.Samples/Backends/Auth/AppRoleAuthBackendSamples.cs
index 83562329..6a854b18 100644
--- a/test/VaultSharp.Samples/Backends/Auth/AppRoleAuthBackendSamples.cs
+++ b/test/VaultSharp.Samples/Backends/Auth/AppRoleAuthBackendSamples.cs
@@ -65,6 +65,34 @@ private static void RunAppRoleAuthMethodSamples()
             Assert.Equal(newAppRoleRole.TokenMaximumTimeToLive, writtenRole.Data.TokenMaximumTimeToLive);
             Assert.Equal(newAppRoleRole.TokenNumberOfUses, writtenRole.Data.TokenNumberOfUses);
 
+            var updatedAppRoleRole = new UpdateAppRoleRoleModel
+            {
+                BindSecretId = true,
+                SecretIdBoundCIDRs = new System.Collections.Generic.List<string> { "192.168.129.23/17", "127.0.0.1/32" },
+                SecretIdNumberOfUses = 100,
+                SecretIdTimeToLive = 48 * 60 * 60,
+                TokenTimeToLive = 13 * 60 * 60,
+                TokenMaximumTimeToLive = 15 * 60 * 60,
+                TokenPolicies = new System.Collections.Generic.List<string> { "dev", "test", "local" },
+
+                // raja todo. Does not seem to reflect.
+                Policies = new System.Collections.Generic.List<string> { "devp", "testp", "qap" },
+
+                TokenBoundCIDRs = new System.Collections.Generic.List<string> { "192.168.128.23/17" },
+                TokenExplicitMaximumTimeToLive = 35 * 60 * 60,
+                TokenNumberOfUses = 0,
+                TokenPeriod = 19 * 60 * 60,
+                TokenType = AuthTokenType.Service
+            };
+
+            _authenticatedVaultClient.V1.Auth.AppRole.WriteRoleAsync(roleName, updatedAppRoleRole, mountPoint).Wait();
+
+            var writtenUpdatedRole = _authenticatedVaultClient.V1.Auth.AppRole.ReadRoleAsync(roleName, mountPoint).Result;
+            DisplayJson(writtenUpdatedRole);
+
+            Assert.Equal(updatedAppRoleRole.TokenMaximumTimeToLive, writtenUpdatedRole.Data.TokenMaximumTimeToLive);
+            Assert.Equal(updatedAppRoleRole.TokenNumberOfUses, writtenUpdatedRole.Data.TokenNumberOfUses);
+
             var roles = _authenticatedVaultClient.V1.Auth.AppRole.ReadAllRolesAsync(mountPoint).Result;
             DisplayJson(roles);
             Assert.True(roles.Data.Keys.Count() == 1);
@@ -198,8 +226,8 @@ private static void RunAppRoleAuthMethodSamples()
             var readNewPolicies = _authenticatedVaultClient.V1.Auth.AppRole.ReadRolePoliciesAsync(roleName, mountPoint).Result;
             DisplayJson(readNewPolicies);
 
-            Assert.True(readNewPolicies.Data.Policies.Count == 3);
-            Assert.True(readNewPolicies.Data.TokenPolicies.Count == 3);
+            Assert.Equal(new System.Collections.Generic.List<string>{"dev", "local", "raaa", "test"}, readNewPolicies.Data.Policies);
+            Assert.Equal(new System.Collections.Generic.List<string>{"dev", "local", "raaa", "test"}, readNewPolicies.Data.TokenPolicies);
 
             _authenticatedVaultClient.V1.Auth.AppRole.DeleteRolePoliciesAsync(roleName, mountPoint).Wait();
             readNewPolicies = _authenticatedVaultClient.V1.Auth.AppRole.ReadRolePoliciesAsync(roleName, mountPoint).Result;
@@ -367,4 +395,4 @@ private static void RunAppRoleAuthMethodSamples()
             _authenticatedVaultClient.V1.System.UnmountAuthBackendAsync(newApproleAuthBackend.Path).Wait();
         }
     }
-}
\ No newline at end of file
+}