Bootstrap FreeKB - Hashicorp Vault - Create policy using the vault policy write command
Hashicorp Vault - Create policy using the vault policy write command
Updated:   |  Hashicorp Vault articles

This assumes the following has already been done.

Policies list what can and cannot be done. For example, to allow or now allow a user to create a secret. The vault policy list command can be used to list the installed policies.

~]# vault policy list
default
root

 

Let's create a file named /tmp/policy.hcl that contains the following, which basically gives full permission to secrets.

path "secret/data/*" {
  capabilities = ["list", "read", "create", "update", "delete"]
}

 

And then used the vault policy write command to create the policy.

~]$ vault policy write my-policy /tmp/policy.hcl
Success! Uploaded policy: my-policy

 

Be aware that if you are running Hashicorp Vault in a Docker container, you will need to create the /tmp/policy.hcl file in the Docker container, not on the Docker host system.

~]$ sudo docker exec hashicorp_vault vault policy write my-policy /tmp/policy.hcl
Success! Uploaded policy: my-policy

 

And now the vault policy list command should include the policy you created.

~]$ vault policy list
default
my-policy
root

 

And the vault policy read command can be used to show that the policy contains the contents of your /tmp/policy.hcl file.

~]$ vault policy read my-policy
path "secret/data/*" {
  capabilities = ["list", "read", "create", "update", "delete"]
}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter d3911c in the box below so that we can be sure you are a human.