Skip to content

Instantly share code, notes, and snippets.

@tbeyer567

tbeyer567/admin.hcl

Created October 16, 2023 16:23
Show Gist options
  • Save tbeyer567/192d960eeb68fbced2d0a5bb5042fe9f to your computer and use it in GitHub Desktop.
Save tbeyer567/192d960eeb68fbced2d0a5bb5042fe9f to your computer and use it in GitHub Desktop.
Download ZIP
initial admin policy
Raw
admin.hcl
# Read system health check
path "sys/health" {
capabilities = ["read", "sudo"]
}
# Read license
path "sys/license" {
capabilities = ["read"]
}
# Read and Manage storage
path "sys/storage/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Read license status
path "sys/license/status" {
capabilities = ["read"]
}
# Rotate encryption key
path "sys/rotate" {
capabilities = ["update", "sudo"]
}
# List enabled audit devices
path "sys/audit" {
capabilities = ["read", "sudo"]
}
# Enable and manage audit devices
path "sys/audit/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# List ACL policies
path "sys/policies/acl" {
capabilities = ["list"]
}
# Create and manage ACL policies
path "sys/policies/acl/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Manage auth methods
path "auth/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Create, update, and delete auth methods
path "sys/auth/*" {
capabilities = ["create", "update", "delete", "sudo"]
}
# List auth methods
path "sys/auth" {
capabilities = ["read"]
}
# List existing secrets engines
path "sys/mounts" {
capabilities = ["read"]
}
# Manage secrets engines
path "sys/mounts/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Create and manage default kv secret engine
path "secret/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
# Create and manage entities and groups
path "identity/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
# Enable and manage replication
path "sys/replication/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# List namespaces
path "sys/namespaces" {
capabilities = ["list"]
}
# Manage namespaces
path "sys/namespaces/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Allow step down
path "sys/step-down" {
capabilities = ["update", "sudo"]
}
# Read data on number of tokens/entities
path "sys/internal/counters/*" {
capabilities = ["read"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment