Hi Team,
I’m getting Not Authorized with client-token generated from below Policy;
Secrets are present according to Environment
Secret-Keys/CMS/(SIT,UAT,PROD)
Allow a token to manage CMS policy
path “Secret-Keys/" {
capabilities = [“list”]
}
path "Secret-Keys/CMS/” {
capabilities = [“list”, “read”]
Have you tried this?
path "Secret-Keys/CMS/*” {
capabilities = [“list”, “read”]
}
Yes , I have tried the same and generated ‘client-token’ from this policy.
Still getting ‘Not Authorized’
You don’t have access to Secret-Keys/
I have also tried below policy, but only able to list but not read key-value. Have tried by token as well as username-password auth method, but still not able to read kv under SIT
path “Secret-Keys/CMS/SIT” {
capabilities = [“list”,“read”]
}
path “Secret-Keys/CMS/" {
capabilities = [“list”,“read”]
}
path "Secret-Keys/” {
capabilities = [“list”]
}
Just to ensure the policy is been applied using below policy and was getting response for Secret-Keys/CMS/SIT but not able to restrict other keys
path “Secret-Keys/*” {
capabilities = [“list”, “read”]
}