Vault Namespaces supports a variety of ways of interacting with Vault.
# Config
vault namespace create marketing
echo '
path "secret/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}' | VAULT_NAMESPACE=marketing vault policy write test-policy -
vault write secret/test value=newsecretInRoot
vault write -namespace=marketing secret/test value=newsecretInMarketing
CLIENT_TOKEN=`VAULT_NAMESPACE=marketing vault token create -policy=test-policy -field=token`
# Different ways of retrieving the secret within the namespace
VAULT_TOKEN=$CLIENT_TOKEN vault read secret/test
VAULT_TOKEN=$CLIENT_TOKEN vault read marketing/secret/test
VAULT_NAMESPACE=marketing VAULT_TOKEN=$CLIENT_TOKEN vault read secret/test
VAULT_TOKEN=$CLIENT_TOKEN vault read -namespace=marketing secret/test
curl --header "X-Vault-Token: $CLIENT_TOKEN" --header "X-Vault-Namespace: marketing" $VAULT_ADDR/v1/secret/test
curl --header "X-Vault-Token: $CLIENT_TOKEN" $VAULT_ADDR/v1/marketing/secret/test
# Root secret
vault read secret/test
vault read marketing/secret/test