Document required policy for doing import/export

jonasvinther / medusa

A cli tool for importing and exporting Hashicorp Vault secrets

MIT License

472 stars 61 forks source link

Open cthtrifork opened 2 hours ago

cthtrifork commented 2 hours ago

I would like the TOKEN to have the least-permissive setup but I can not find documentation of a token_policies that would work with medusa.

# List, create, update, and delete key/value secrets
path "secret/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

Would this path be enough?

cthtrifork commented 2 hours ago

Ideally I would like documentation for creating an approle with a token policy that can only call relevant APIs