Skip to content

Instantly share code, notes, and snippets.

@kfabryczny

kfabryczny/example-vault-admin-policy.hcl

Forked from kawsark/example-vault-admin-policy.hcl
Created October 3, 2022 09:30
Show Gist options
  • Save kfabryczny/51ddde26bd079824472bebbbaf3a6899 to your computer and use it in GitHub Desktop.
Save kfabryczny/51ddde26bd079824472bebbbaf3a6899 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @kawsark kawsark revised this gist Oct 12, 2020. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion example-vault-admin-policy.hcl
    View file
    Original file line number Diff line number Diff line change
    @@ -25,7 +25,7 @@ path "sys/auth"
    # List existing policies
    path "sys/policies/acl"
    {
    capabilities = ["read"]
    capabilities = ["read","list"]
    }

    # Create and manage ACL policies
  2. @kawsark kawsark renamed this gist Jun 27, 2019. 1 changed file with 0 additions and 0 deletions.
    0 vault-admin-policy.hcl → example-vault-admin-policy.hcl
    View file
    File renamed without changes.
  3. @kawsark kawsark created this gist Jun 27, 2019.
    59 changes: 59 additions & 0 deletions vault-admin-policy.hcl
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,59 @@
    # Allow managing leases
    path "sys/leases/*"
    {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
    }

    # Manage auth methods broadly across Vault
    path "auth/*"
    {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
    }

    # Create, update, and delete auth methods
    path "sys/auth/*"
    {
    capabilities = ["create", "update", "delete", "sudo"]
    }

    # List auth methods
    path "sys/auth"
    {
    capabilities = ["read"]
    }

    # List existing policies
    path "sys/policies/acl"
    {
    capabilities = ["read"]
    }

    # Create and manage ACL policies
    path "sys/policies/acl/*"
    {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
    }

    # List, create, update, and delete key/value secrets
    path "secret/*"
    {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
    }

    # Manage secret engines
    path "sys/mounts/*"
    {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
    }

    # List existing secret engines.
    path "sys/mounts"
    {
    capabilities = ["read"]
    }

    # Read health checks
    path "sys/health"
    {
    capabilities = ["read", "sudo"]
    }