Add new policies to existing ones associated to the role


I have created a role associating to known set of policies. It’s very likely we may get another set of policies ( not known upfront ) that we like to add-on to existing list of policies for that role.

How do I achieve this ?

Say upfront I execute:
vault write auth/token/roles/foundation allowed_policies=foundation_secret

down the road, I have another policy that I like to add to the role :
vault write auth/token/roles/foundation allowed_policies=xyz_secret

if I execute above command, it’ll overwrite foundation role behavior and no longer honors foundation_secret policy ?

Any help greatly appreciated.



You have to read the existing value and then write specifying the full list.