dani
/
ctctl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add ACL for password policies and transit engines for admin

This commit is contained in:
Daniel Berteaud 2023-10-27 16:11:13 +02:00
parent adf338ea73
commit 63c5cd9973
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
vault/policies/admin.hcl
View File

@ -19,6 +19,14 @@ path "sys/policies/acl/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# List and manage password policies
path "sys/policies/password" {
capabilities = ["list"]
}
path "sys/policies/password/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Enable and manage authentication methods broadly across Vault
# Manage auth methods broadly across Vault
@ -61,6 +69,10 @@ path "/database/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Manage transit engines
path "/transit/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Manage secrets engines
path "sys/mounts/*" {