Log into the root namespace via the Vault UI (root token)
Make sure you are in the root name space
Click on Access > Namespaces >create a namespace >
While still logged in the Vault UI as root, to switch to the newly created namespace
Click on the three dots next to your new namespace > switch to namespace
Click on Secrets > Enable new engine > KV > > and write a secret
Click on Policies > Create ACL policy >
Name: super-admin (or whatever)
path "*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
Switch to Vault cli
export VAULT_ADDR=http://yourVaultAddress:8200
export VAULT_TOKEN=<your root token>
export VAULT_NAMESPACE=<new namespace>
vault auth enable userpass
vault write auth/userpass/users/<username> password=<password> policies=<super-admin>
Log out of the Vaut UI as root and back in via username option and the newly created username/password
Attempt to read secret created in previous step from KV
You should now be able to write secrets or create more secrets engines, et..