From 186b50aeccb1c5a0a562b972e08e29ae25de7984 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Mon, 5 Feb 2024 22:05:26 +0100
Subject: [PATCH] Add permissions to revoke leases to admin

---
 vault/policies/admin.hcl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/vault/policies/admin.hcl b/vault/policies/admin.hcl
index 258dea8..d0fef8f 100644
--- a/vault/policies/admin.hcl
+++ b/vault/policies/admin.hcl
@@ -27,6 +27,11 @@ path "sys/policies/password/*" {
   capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }
 
+# Revoke leases
+path "sys/leases/revoke/*" {
+  capabilities = ["update"]
+}
+
 # Enable and manage authentication methods broadly across Vault
 
 # Manage auth methods broadly across Vault