Last active
September 25, 2017 17:53
-
-
Save gnilchee/f92f2e4c5cd4c2abaa3ceebe8052c1c9 to your computer and use it in GitHub Desktop.
Creating ACL on Hashicorp Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# vault policy-write <policyname> production.hcl | |
# vault token-create -display-name="Optional Display Name" -ttl=0 -no-default-policy -policy="<policyname>" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
path "sys/*" { | |
policy = "deny" | |
} | |
path "secret/production/*" { | |
policy = "write" | |
} | |
path "secret/*" { | |
policy = "deny" | |
} | |
path "auth/token/lookup-self" { | |
policy = "read" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~ # vault write secret/production value=world | |
Error writing data to secret/production: Error making API request. | |
URL: PUT https://127.0.0.1:8200/v1/secret/production | |
Code: 403. Errors: | |
* permission denied | |
~ # vault write secret/hello value=world | |
Error writing data to secret/hello: Error making API request. | |
URL: PUT https://127.0.0.1:8200/v1/secret/hello | |
Code: 403. Errors: | |
* permission denied | |
~ # vault write secret/production/hello value=world | |
Success! Data written to: secret/production/hello | |
~ # vault write secret/production/tier1/hello value=world | |
Success! Data written to: secret/production/tier1/hello | |
~ # vault read secret/production/hello | |
Key Value | |
--- ----- | |
refresh_interval 768h0m0s | |
value world | |
~ # vault read secret/production/tier1/hello | |
Key Value | |
--- ----- | |
refresh_interval 768h0m0s | |
value world |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment