Documentation fix for Vault ACL policy template tutorial

I couldn’t find a public repo for the Vault tutorial docs, so I’m filing here.

In step 2.3 of the Recommended Pattern for Vault ACL Policy Path Templates, the instructions call for creating a policy named kubernetes-kv-read. This should be $CLUSTER_NAME-kv-read, as this is the policy name subsequent steps expect:

vault write auth/$CLUSTER_NAME/role/$APP_NAMESPACE-$APP_NAME \
       bound_service_account_names=$APP_NAME \
       bound_service_account_namespaces=$APP_NAMESPACE \
       policies=$CLUSTER_NAME-kv-read \

($CLUSTER_NAME is set to minikube in a prior step, so this role never attaches a policy and the demo results in permissions errors.)


1 Like