Create your first policy

Policies ➡ create new ACL policy ➡ paste code from secret_policy
Access ➡ userpass ➡ edit user (spongebob) ➡ Tokens ➡ Generated Token's Policies ➡ add your new secret_policy
log out ➡ log back in
User should now see secret engine metadata for kv/developers/ansible

secret_policy

path "kv/developers/ansible/metadata/*"{
capabilities = ["list"]
}

Now add a rule to allow a user to create, read, and update a secret

secret_policy

path "kv/developers/ansible/metadata/*"{
capabilities = ["list"]
}



path "kv/developers/ansible/data/*"{
capabilities = ["create", "read", "update"]
}

Now add a rule to allow a user to delete secret

secret_policy

path "kv/developers/ansible/metadata/*"{
capabilities = ["list", "create", "read", "update", "delete"]
}



path "kv/developers/ansible/data/*"{
capabilities = ["create", "read", "update", "delete"]
}


path "kv/developers/ansible/delete/*"{
capabilities = ["delete", "update"]
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

03_create_first_policy.md

03_create_first_policy.md

Create your first policy

Now add a rule to allow a user to create, read, and update a secret

Now add a rule to allow a user to delete secret

Files

03_create_first_policy.md

Latest commit

History

03_create_first_policy.md

File metadata and controls

Create your first policy

Now add a rule to allow a user to create, read, and update a secret

Now add a rule to allow a user to delete secret