Vault KV-V2 list policy

Mar 25, 2021 · ~1min read

Notes #hashicorp #infrastructure #vault

Enable kv-v2 on secrets secret

$ vault kv enable-versioning secret

Put something inside secrets secret

$ vault kv put secret/your-path your-key=your-value

Create policy file

$ tee policyfile.hcl <<EOF
path "secret/*" {
  capabilities = [ "list" ]
}
path "secret/data/your-path" {
  capabilities = [ "read" ]
}
EOF

Please notify that we add policy rules for secret/data/your-path even though we use secret/your-path as a path. Because KV-V2 add data prefix before your path name

Apply the policy file to your role

$ vault policy write your-role policyfile.hcl

Thank you for reading!