slawek/vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6c5323025b3f4009f7b0f171b2cbe448bcf8d32f
vault/policies/README.md

1.1 KiB
Raw Blame History

HashiCorp Vault Policies

Policy Commands

vault policy list
vault policy read <policy-name>
vault policy write <policy-name> <policy-file.hcl>
vault policy delete <policy-name>

Format a policy file using vault policy fmt <policy-file.hcl>.

Auditing

To enable auditing, use the following command:

vault audit enable file file_path=/var/log/vault_audit.log mode=0640

Configure Alloy to read the audit logs from the specified file path.

Add the following configuration to your Alloy setup:

loki.source.file "vault_audit_log" {
    targets = [
        {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit", "level" = "info"},
    ]
    forward_to = [loki.write.default.receiver]
    tail_from_end = true
}

Note: tail_from_end = true ensures that only new log entries are read, preventing the ingestion of old lines/entries. It is (probably) required because the audit log file does not contain timestamps and only entry guids.

Check auditing configuration with:

vault audit list -detailed

To disable auditing, use:

vault audit disable file
Reference in New Issue View Git Blame Copy Permalink