# policy

The `policy` command groups subcommands for interacting with policies. Users can write, read, and list policies in Vault.

For more information, please see the policy documentation.

### Examples <a href="#examples" id="examples"></a>

List all enabled policies:

```shell-session
$ vault policy list
```

Create a policy named "my-policy" from contents on local disk:

```shell-session
$ vault policy write my-policy ./my-policy.hcl
```

Delete the policy named my-policy:

```shell-session
$ vault policy delete my-policy
```

### Usage <a href="#usage" id="usage"></a>

```
Usage: vault policy <subcommand> [options] [args]

  # ...

Subcommands:
    delete    Deletes a policy by name
    list      Lists the installed policies
    read      Prints the contents of a policy
    write     Uploads a named policy from a file
```

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

## policy delete <a href="#policy-delete" id="policy-delete"></a>

The `policy delete` command deletes the policy named NAME in the Vault server. Once the policy is deleted, all tokens associated with the policy are affected immediately.

Note that it is not possible to delete the "default" or "root" policies. These are built-in policies.

### Examples <a href="#examples" id="examples"></a>

Delete the policy named "my-policy":

```shell-session
$ vault policy delete my-policy
```

### Usage <a href="#usage" id="usage"></a>

There are no flags beyond the standard set of flags included on all commands.

## policy fmt <a href="#policy-fmt" id="policy-fmt"></a>

The `policy fmt` formats a local policy file to the policy specification. This command will overwrite the file at the given PATH with the properly-formatted policy file contents.

### Examples <a href="#examples" id="examples"></a>

Format the local file "my-policy.hcl":

```shell-session
$ vault policy fmt my-policy.hcl
```

### Usage <a href="#usage" id="usage"></a>

There are no flags beyond the standard set of flags included on all commands.

## policy list <a href="#policy-list" id="policy-list"></a>

The `policy list` command Lists the names of the policies that are installed on the Vault server.

### Examples <a href="#examples" id="examples"></a>

List the available policies:

```shell-session
$ vault policy list
default
root
```

### Usage <a href="#usage" id="usage"></a>

The following flags are available in addition to the standard set of flags included on all commands.

#### Output options <a href="#output-options" id="output-options"></a>

* `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the `VAULT_FORMAT` environment variable.

## policy read <a href="#policy-read" id="policy-read"></a>

The `policy read` command prints the contents and metadata of the Vault policy named NAME. If the policy does not exist, an error is returned.

### Examples <a href="#examples" id="examples"></a>

Read the policy named "my-policy":

```shell-session
$ vault policy read my-policy
```

### Usage <a href="#usage" id="usage"></a>

The following flags are available in addition to the standard set of flags included on all commands.

#### Output options <a href="#output-options" id="output-options"></a>

* `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the `VAULT_FORMAT` environment variable.

\
policy write

The `policy write` command uploads a policy with name NAME from the contents of a local file PATH or stdin. If PATH is "-", the policy is read from stdin. Otherwise, it is loaded from the file at the given path on the local disk.

For details on the policy syntax, please see the policy documentation.

### Examples <a href="#examples" id="examples"></a>

Upload a policy named "my-policy" from "/tmp/policy.hcl" on the local disk:

```shell-session
$ vault policy write my-policy /tmp/policy.hcl
```

Upload a policy from stdin:

```shell-session
$ cat my-policy.hcl | vault policy write my-policy -
```

### Usage <a href="#usage" id="usage"></a>

There are no flags beyond the standard set of flags included on all commands.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/vault/cli/policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.