feat(docs): Summarize orphan tokens (#3)

2023-04-25 02:19:44 +02:00 · 2023-04-25 02:19:44 +02:00 · 7f08b52a0c
commit 7f08b52a0c
parent 627403e679
1 changed files with 4 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -185,6 +185,10 @@ Their `list` permission only begins one lever deeper at `kv/list/for_rbacgroup_z
 https://f.q.d.n/ui/vault/secrets/kv/list/for_rbacgroup_zabbix
 ```

+### Permission to create orphan tokens
+
+The next example will explain orphan tokens. If you've followed examples above your Vault instance will have an `administrators` group with an `administrator` policy assigned to it. Users in that group will already have `write` access to `auth/token/create-orphan` so you can just use one of your `administrators` entities to follow along.
+
 ## Clean-up

 If during any of the above steps you've used the Vault command-line client to authenticate against Vault with your `root` token make sure that client's `~/.vault-token` file is deleted. It contains the verbatim `root` token.