Check access to a path using an external authorization source

Hi there!

Does Vault provide the feature to check a token’s access to a path using an external authorization server?

For example, I want whenever a client tries to do an operation on all subpaths of example-kv/, Vault sends the path’s value, the operation, and the client’s token’s metadata (or internal data) to a remote server and asks whether this user can do that operation on that path or not.

I already know there is a concept as policy and I can control the tokens’ access using these policies, but in my use case, it’s not possible to write equivalent Vault policies to do the authorization process instead of the remote server.

No, Vault doesn’t support that.

1 Like