Control role policy attachment

Is there a way to prevent usage of specific token_policies when we create a new Vault auth role?

I would like to protect some highly-privilege policies so they can’t be used in “token_policies” during a role creation.


The first thing that comes to my mind is Sentinel, but it’s an enterprise feature. :blush:

1 Like