Creating single use token?

Hello,
I can access secrets in this path with root token but, I am creating token with this command and policy it returns “permission denied”:

#policy: single_use

path “secret/customer/novopay” {
capabilities = [“read”]
}

vault token create -policy=single_use -use-limit=1

I am making api request over:
https://vault.my-domain.com/v1/secret/data/customer/novopay

What is wrong here?

Thank you.

You answered your own question … your API path and your policy don’t match.

vault kv read secret/customer/novopay

needs to match the path, so the path should be:
path "secret/data/customer/novopay"

In the future, use vault capabilities to check your token access to the path you need it to have access to.

1 Like

It just worked!

Thank you so much!