DEV Community

Clavin June
Clavin June

Posted on • Originally published at clavinjune.dev on

Vault KV-V2 list policy

Enable kv-v2 on secrets secret

$ vault kv enable-versioning secret

Enter fullscreen mode Exit fullscreen mode

Put something inside secrets secret

$ vault kv put secret/your-path your-key=your-value

Enter fullscreen mode Exit fullscreen mode

Create policy file

$ tee policyfile.hcl <<EOF
path "secret/*" {
  capabilities = ["list"]
}
path "secret/data/your-path" {
  capabilities = ["read"]
}
EOF

Enter fullscreen mode Exit fullscreen mode

Please notify that we add policy rules for secret/data/your-path even though we use secret/your-path as a path. Because KV-V2 add data prefix before your path name

Apply the policy file to your role

$ vault policy write your-role policyfile.hcl

Enter fullscreen mode Exit fullscreen mode

Top comments (1)

Collapse
 
ben profile image
Ben Halpern

Thanks for this