slawek/vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates to identity docs.

Browse Source
This commit is contained in:
Sławek Koszewski
2026-01-20 19:51:40 +01:00
parent ba8d65173b
commit b887ade155
3 changed files with 59 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
policies/README.md
View File

@@ -1,5 +1,16 @@
# HashiCorp Vault Policies
## Defualt Policy
The **default** policy is created automatically when Vault is initialized, but can be modified as needed. It provides basic access to Vault features for authenticated users.
To restore the default policy to the newest default version, launch a development Vault server and copy the default policy from there:
```bash
vault policy read default > default_policy.hcl
vault policy write default default_policy.hcl
```
## Policy Commands
```bash
@@ -11,6 +22,12 @@ vault policy delete <policy-name>
Format a policy file using `vault policy fmt <policy-file.hcl>`.
Display required capabilities for a given path with:
```bash
vault <anycommand> -output-policy
```
## Auditing
To enable auditing, use the following command:
@@ -46,3 +63,7 @@ To disable auditing, use:
```bash
vault audit disable file
```
## References
- [RSoP Tool](https://github.com/threatkey-oss/hvresult) - **hvresult** computes the Resultant Set of Policy (RSoP) for Hashicorp Vault ACLs.