CODEWITHSUNDEEP
policyhashicorp-vault
GonzalezAndrew
GonzalezAndrew

Reputation: 539

Hashicorp Vault - Template Policy issues with UI

I am trying to establish a shared secret environment for all users but each user cannot see each others secrets. It is working as expected through the CLI but when I try to test it on the web UI it's stating that the test user does not have the correct permissions. I followed this guide https://learn.hashicorp.com/vault/identity-access-management/policy-templating and https://www.vaultproject.io/docs/concepts/policies.html for references but no matter what I do it is not working correctly on the web UI.

Here is how my policies look like. 

path "secret/data/{{identity.entity.name}}/*" {
  capabilities = ["create", "update", "read", "delete", "sudo"]
}
path "secret/metadata/{{identity.entity.name}}/*" {
  capabilities = ["list", "read", "create", "update", "delete", "sudo"]
}

CLI output:

$ vault kv list secret/user
Keys
----
test

UI output: enter image description here

Any help or suggestions would be much appreciated, thanks.

Upvotes: 1

Views: 1509

Answers (1)

DisjunkteMenge
DisjunkteMenge

Reputation: 43

try this: 

path "secret/data/{{identity.entity.name}}/*" {
  capabilities = ["create", "update", "read", "delete", "sudo"]
}
path "secret/metadata/{{identity.entity.name}}/*" {
  capabilities = ["list"]
}
path "secret/metadata" {
  capabilities = ["list"]
}

The problem is that with your policy you have no access to the folder "secret" but only to the path "secret/data/{{identity.entity.name}}". In the navigation of the UI you need additional access rights for the parent folders.

Upvotes: 3

Related Questions