# HashiCorp Vault Policies

## Policy Commands

```bash
vault policy list
vault policy read <policy-name>
vault policy write <policy-name> <policy-file.hcl>
vault policy delete <policy-name>
```

Format a policy file using `vault policy fmt <policy-file.hcl>`.

## Auditing

To enable auditing, use the following command:

```bash
vault audit enable file file_path=/var/log/vault_audit.log mode=0640
```

Configure Alloy to read the audit logs from the specified file path.

Add the following configuration to your Alloy setup:

```hcl
loki.source.file "vault_audit_log" {
    targets = [
        {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit", "level" = "info"},
    ]
    forward_to = [loki.write.default.receiver]
    tail_from_end = true
}
```

> **Note:** `tail_from_end = true` ensures that only new log entries are read, preventing the ingestion of old lines/entries. It is (probably) required because the audit log file does not contain timestamps and only entry guids.

Check auditing configuration with:

```bash
vault audit list -detailed
```

To disable auditing, use:

```bash
vault audit disable file
```