Hashicorp Vault - List policies using the vault policy list command
by
Jeremy Canfield |
Updated: March 15 2024
| Hashicorp Vault articles
This assumes the following has already been done.
- Hashicorp Vault has been installed
- Hashicorp Vault has been initialized
- Hashicorp Vault has been unsealed
- You have logged into the vault
Policies list what can and cannot be done. For example, to allow or now allow a user to create a secret. The vault policy list command can be used to list the installed policies.
~]# vault policy list
default
root
The vault policy read default command can be used to list what the policy allows.
~]$ sudo docker exec hashicorp_vault vault policy read default
# Allow tokens to look up their own properties
path "auth/token/lookup-self" {
capabilities = ["read"]
}
# Allow tokens to renew themselves
path "auth/token/renew-self" {
capabilities = ["update"]
}
# Allow tokens to revoke themselves
path "auth/token/revoke-self" {
capabilities = ["update"]
}
# Allow a token to look up its own capabilities on a path
path "sys/capabilities-self" {
capabilities = ["update"]
}
# Allow a token to look up its own entity by id or name
path "identity/entity/id/{{identity.entity.id}}" {
capabilities = ["read"]
}
path "identity/entity/name/{{identity.entity.name}}" {
capabilities = ["read"]
}
Did you find this article helpful?
If so, consider buying me a coffee over at