From 63c5cd997330c528d81c6d0a477b1db69c81f67b Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Fri, 27 Oct 2023 16:11:13 +0200
Subject: [PATCH] Add ACL for password policies and transit engines for admin

---
 vault/policies/admin.hcl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/vault/policies/admin.hcl b/vault/policies/admin.hcl
index 0ecc5d4..258dea8 100644
--- a/vault/policies/admin.hcl
+++ b/vault/policies/admin.hcl
@@ -19,6 +19,14 @@ path "sys/policies/acl/*" {
   capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }
 
+# List and manage password policies
+path "sys/policies/password" {
+  capabilities = ["list"]
+}
+path "sys/policies/password/*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
 # Enable and manage authentication methods broadly across Vault
 
 # Manage auth methods broadly across Vault
@@ -61,6 +69,10 @@ path "/database/*" {
   capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }
 
+# Manage transit engines
+path "/transit/*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
 
 # Manage secrets engines
 path "sys/mounts/*" {