Updates to identity docs.

2026-01-20 19:51:40 +01:00
parent ba8d65173b
commit b887ade155
3 changed files with 59 additions and 4 deletions
--- a/policies/README.md
+++ b/policies/README.md
@@ -1,5 +1,16 @@
 # HashiCorp Vault Policies

+## Defualt Policy
+
+The **default** policy is created automatically when Vault is initialized, but can be modified as needed. It provides basic access to Vault features for authenticated users.
+
+To restore the default policy to the newest default version, launch a development Vault server and copy the default policy from there:
+
+```bash
+vault policy read default > default_policy.hcl
+vault policy write default default_policy.hcl
+```
+
 ## Policy Commands

 ```bash
@@ -11,6 +22,12 @@ vault policy delete <policy-name>

 Format a policy file using `vault policy fmt <policy-file.hcl>`.

+Display required capabilities for a given path with:
+
+```bash
+vault <anycommand> -output-policy
+```
+
 ## Auditing

 To enable auditing, use the following command:
@@ -46,3 +63,7 @@ To disable auditing, use:
 ```bash
 vault audit disable file
 ```
+
+## References
+
+- [RSoP Tool](https://github.com/threatkey-oss/hvresult) - **hvresult** computes the Resultant Set of Policy (RSoP) for Hashicorp Vault ACLs.