vault/policies/README.md

HashiCorp Vault Policies

Policy Commands

vault policy list
vault policy read <policy-name>
vault policy write <policy-name> <policy-file.hcl>
vault policy delete <policy-name>

Format a policy file using vault policy fmt <policy-file.hcl>.

Auditing

To enable auditing, use the following command:

vault audit enable file file_path=/var/log/vault_audit.log mode=0640

Configure Alloy to read the audit logs from the specified file path.

Add the following configuration to your Alloy setup:

loki.source.file "vault_audit_log" {
    targets = [
        {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit"},
    ]
    forward_to = [loki.write.default.receiver]
}

Check auditing configuration with:

vault audit list -detailed

To disable auditing, use:

vault audit disable file