Skip to content

Instantly share code, notes, and snippets.

@tbeyer567

tbeyer567/admin.hcl

Created March 22, 2023 16:55
Show Gist options
  • Save tbeyer567/2c9e8acf9f511c53d58fad672a5cda7b to your computer and use it in GitHub Desktop.
Save tbeyer567/2c9e8acf9f511c53d58fad672a5cda7b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
admin.hcl
# Manage auth methods broadly across Vault
path "auth/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Create, update, and delete auth methods
path "sys/auth/*"
{
capabilities = ["create", "update", "delete", "sudo"]
}
# List auth methods
path "sys/auth"
{
capabilities = ["read"]
}
# Create and manage ACL policies
path "sys/policies/acl/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# List ACL policies
path "sys/policies/acl"
{
capabilities = ["list"]
}
# Create and manage secrets engines broadly across Vault.
path "sys/mounts/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# List enabled secrets engines
path "sys/mounts"
{
capabilities = ["read", "list"]
}
# List, create, update, and delete key/value secrets at kv-v2/
path "kv-v2/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Manage transit secrets engine
path "transit/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Read health checks
path "sys/health"
{
capabilities = ["read", "sudo"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment