diff --git a/vault/policies/admin.hcl b/vault/policies/admin.hcl
index 258dea8..d0fef8f 100644
--- a/vault/policies/admin.hcl
+++ b/vault/policies/admin.hcl
@@ -27,6 +27,11 @@ path "sys/policies/password/*" {
   capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }
 
+# Revoke leases
+path "sys/leases/revoke/*" {
+  capabilities = ["update"]
+}
+
 # Enable and manage authentication methods broadly across Vault
 
 # Manage auth methods broadly across Vault