acme-to-vault/vault/policies/acme-to-vault.hcl

path "[[ .vault.root ]]kv/data/service/+/certs/*" {
  capabilities = ["read","create","update"]
}
path "[[ .vault.root ]]kv/metadata/service/+/certs" {
  capabilities = ["list","read"]
}

path "[[ .vault.root ]]kv/data/service/[[ .instance ]]/account/*" {
  capabilities = ["read","create","update"]
}
path "[[ .vault.root ]]kv/metadata/service/[[ .instance ]]/account/*" {
  capabilities = ["list","read"]
}

path "[[ .vault.root ]]kv/data/service/[[ .instance ]]" {
  capabilities = ["read"]
}
Adapt vault.prefix -> vault.root 2024-01-31 11:55:24 +01:00			`path "[[ .vault.root ]]kv/data/service/+/certs/*" {`
Import job 2023-08-21 17:24:33 +02:00			`capabilities = ["read","create","update"]`
			`}`
Adapt vault.prefix -> vault.root 2024-01-31 11:55:24 +01:00			`path "[[ .vault.root ]]kv/metadata/service/+/certs" {`
Import job 2023-08-21 17:24:33 +02:00			`capabilities = ["list","read"]`
			`}`

Adapt vault.prefix -> vault.root 2024-01-31 11:55:24 +01:00			`path "[[ .vault.root ]]kv/data/service/[[ .instance ]]/account/*" {`
Import job 2023-08-21 17:24:33 +02:00			`capabilities = ["read","create","update"]`
			`}`
Adapt vault.prefix -> vault.root 2024-01-31 11:55:24 +01:00			`path "[[ .vault.root ]]kv/metadata/service/[[ .instance ]]/account/*" {`
Import job 2023-08-21 17:24:33 +02:00			`capabilities = ["list","read"]`
			`}`
Allow reading kv/service/acme-to-vault 2023-10-16 13:37:25 +02:00
Adapt vault.prefix -> vault.root 2024-01-31 11:55:24 +01:00			`path "[[ .vault.root ]]kv/data/service/[[ .instance ]]" {`
Allow reading kv/service/acme-to-vault 2023-10-16 13:37:25 +02:00			`capabilities = ["read"]`
			`}`