diff --git a/policies/README.md b/policies/README.md
new file mode 100644
index 0000000..5ad8f9d
--- /dev/null
+++ b/policies/README.md
@@ -0,0 +1,12 @@
+# HashiCorp Vault Policies
+
+## Policy Commands
+
+```bash
+vault policy list
+vault policy read <policy-name>
+vault policy write <policy-name> <policy-file.hcl>
+vault policy delete <policy-name>
+```
+
+Format a policy file using `vault policy fmt <policy-file.hcl>`.
diff --git a/policies/admin_policy.hcl b/policies/admin_policy.hcl
new file mode 100644
index 0000000..a0f469e
--- /dev/null
+++ b/policies/admin_policy.hcl
@@ -0,0 +1,51 @@
+# Read system health check
+path "sys/health" {
+  capabilities = ["read", "sudo"]
+}
+
+# Create and manage ACL policies broadly across Vault
+
+# List existing policies
+path "sys/policies/acl" {
+  capabilities = ["list"]
+}
+
+# Create and manage ACL policies
+path "sys/policies/acl/*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+# Enable and manage authentication methods broadly across Vault
+
+# Manage auth methods broadly across Vault
+path "auth/*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+# Create, update, and delete auth methods
+path "sys/auth/*" {
+  capabilities = ["create", "update", "delete", "sudo"]
+}
+
+# List auth methods
+path "sys/auth" {
+  capabilities = ["read"]
+}
+
+# Enable and manage the key/value secrets engine at `secret/` path
+
+# List, create, update, and delete key/value secrets
+# path "secret/*"
+# {
+#   capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+# }
+
+# Manage secrets engines
+path "sys/mounts/*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+# List existing secrets engines.
+path "sys/mounts" {
+  capabilities = ["read"]
+}
diff --git a/policies/app_role_admin.hcl b/policies/app_role_admin.hcl
new file mode 100644
index 0000000..a05adb3
--- /dev/null
+++ b/policies/app_role_admin.hcl
@@ -0,0 +1,19 @@
+# Mount the AppRole auth method
+path "sys/auth/approle" {
+  capabilities = [ "create", "read", "update", "delete", "sudo" ]
+}
+
+# Configure the AppRole auth method
+path "sys/auth/approle/*" {
+  capabilities = [ "create", "read", "update", "delete" ]
+}
+
+# Create and manage roles
+path "auth/approle/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
+
+# Write ACL policies
+path "sys/policies/acl/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
diff --git a/policies/identity_admin_policy.hcl b/policies/identity_admin_policy.hcl
new file mode 100644
index 0000000..3edb6ea
--- /dev/null
+++ b/policies/identity_admin_policy.hcl
@@ -0,0 +1,8 @@
+# Add identity admin role to the token
+path "identity/*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+path "identity/entity/*/name" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}