84 lines
1.5 KiB
HCL
84 lines
1.5 KiB
HCL
# Read system health check
|
|
path "sys/health"
|
|
{
|
|
capabilities = ["read", "sudo"]
|
|
}
|
|
|
|
# Create and manage ACL policies broadly across Vault
|
|
|
|
# List existing policies
|
|
path "sys/policies/acl"
|
|
{
|
|
capabilities = ["list"]
|
|
}
|
|
|
|
# Create and manage ACL policies
|
|
path "sys/policies/acl/*"
|
|
{
|
|
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
|
|
}
|
|
|
|
# Enable and manage authentication methods broadly across Vault
|
|
|
|
# Manage auth methods broadly across Vault
|
|
path "auth/*"
|
|
{
|
|
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
|
|
}
|
|
|
|
# Create, update, and delete auth methods
|
|
path "sys/auth/*"
|
|
{
|
|
capabilities = ["create", "update", "delete", "sudo"]
|
|
}
|
|
|
|
# List auth methods
|
|
path "sys/auth"
|
|
{
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Enable and manage the key/value secrets engine at `secret/` path
|
|
|
|
# List, create, update, and delete key/value secrets
|
|
path "secret/*"
|
|
{
|
|
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
|
|
}
|
|
|
|
# Manage secrets engines
|
|
path "sys/mounts/*"
|
|
{
|
|
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
|
|
}
|
|
|
|
# List existing secrets engines.
|
|
path "sys/mounts"
|
|
{
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Allow creation of groups
|
|
path "identity/group"
|
|
{
|
|
capabilities = ["update"]
|
|
}
|
|
|
|
# Allow renaming of groups
|
|
path "identity/group/+/+"
|
|
{
|
|
capabilities = ["update"]
|
|
}
|
|
|
|
# Allow listing and reading of groups and group attributes
|
|
path "identity/groups/+/+"
|
|
{
|
|
capabilities = ["list", "read"]
|
|
}
|
|
|
|
# Allow listing and reading of entities and entity attributes
|
|
path "identity/entity/+/+"
|
|
{
|
|
capabilities = ["list", "read"]
|
|
}
|