Policies
Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault. In this step, you will create a policy and then edit it to support new requirements.
This step assumes you started the Vault server and signed in with the root token in the Web UI step.
Create a policy
Select Policies from the menu
This view is the policy index and displays all the policies. The default policy and the root policy were created when Vault was initialized.
Select the Create ACL policy action.
Enter
webapp
in the Name field.Enter this policy in the Policy field.
Choose the Create policy action at the bottom of the view.
The policy is created and this view displays its name and contents.
Select the ACL Policies navigation from within the view.
The view returns to the policy index. The new webapp policy is displayed.
Filtering
When there are a lot of policies, the Filter policies field can narrow the displayed policies down to a manageable list or the exact policy.
Edit a policy
The webapp policy needs to be updated to support a new secrets engine and its paths required and capabilities.
Select the webapp policy title from within the policy index view.
This view displays the policy with its definition. The read-only policy field displays the entire contents of the policy.
Select the Edit policy action from within the view.
This view is the policy edit view. The Policy field provides a text editor preloaded with the policy definition.
Select the Policy text editor from within the view.
The editor enables navigation through the arrow keys.
Add this policy to after the other content in the Policy field.
Editing
The editor supports common keyboard shortcuts for undo and redo. You can also reset every change back its original by choosing Cancel.
The updated policy needs to be saved.
Choose the Save action at the bottom of the view.
The policy is updated. The view returns to the policy and its updated definition.
Last updated