Platform secret setup
This commit is contained in:
parent
f0061d5020
commit
a7ffeb8b46
8 changed files with 493 additions and 4 deletions
28
openbao/policies/platform-readonly.hcl
Normal file
28
openbao/policies/platform-readonly.hcl
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
# Read-only platform inspection policy.
|
||||
#
|
||||
# Useful for status dashboards and audit/review sessions that need visibility
|
||||
# into mounts and platform metadata without secret material mutation.
|
||||
|
||||
path "sys/health" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "sys/mounts" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
|
||||
path "sys/auth" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
|
||||
path "sys/policies/acl" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
|
||||
path "auth/token/lookup-self" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "platform/metadata/*" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue