Creating a policy for master key permissions

Content Software for File CLI Reference

Version
4.2.x
Audience
anonymous
Part Number
MK-HCSF001-03

Create a wekaio_policy.hcl file with the following content:

path "transit/+/weka-key" {
  capabilities = ["read", "create", "update"]
}
path "transit/keys/weka-key" {
  capabilities = ["read"]}

This limits the capabilities so there is no permission to destroy the key, using this policy. This protection is important when creating an API token.

Create the policy using the following command:

$ vault policy write weka weka_policy.hcl