Skip to content

Instantly share code, notes, and snippets.

@scarolan

scarolan/vault_userpass_policy_demo.hcl

Created July 17, 2018 14:02
Show Gist options
  • Save scarolan/db2d9795885ef1a2bfb0a7de3f99c957 to your computer and use it in GitHub Desktop.
Save scarolan/db2d9795885ef1a2bfb0a7de3f99c957 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
vault_userpass_policy_demo.hcl
# First enable the userpass auth engine
#
# vault auth enable userpass
# vault write auth/userpass/users/alice password=alice policies="default,dev"
# vault write auth/userpass/users/bob password=bob policies="default,prod"
# Then create these policies
# dev
path "sys/mounts" {
capabilities = ["read","list"]
}
path "secret/*" {
capabilities = ["list"]
}
path "secret/" {
capabilities = ["read"]
}
path "secret/data/dev*" {
capabilities = ["read","list","create","update","delete"]
}
# prod
path "sys/mounts" {
capabilities = ["read","list"]
}
path "secret/*" {
capabilities = ["list"]
}
path "secret/" {
capabilities = ["read"]
}
path "secret/data/prod*" {
capabilities = ["read","list","create","update","delete"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment