Is there a way to declare multiple policies in HCL in one file (without having to rely on the file name) like how you can in terraform. An example would be something like, but vault doesn’t recognize the policy keyword in this example:
No, and further there is no relationship with the filename(policy name) and the actual content. Vault actually combines all of the policies at auth time and applies them all, the names are just for human reference.
The only policy name that is a known name is “default” and even that can be changed to anything you want.
Not really true since all configuration referencing policies does so by name.
Not true, there is also root, response-wrapping and control-group.
Also not true, the default policy name is special and that specialness can’t be reassigned to a different policy name - although yes, you can change the contents of the default policy.
So the reason why I am trying to do this is because we are trying to deploy vault with the full config as an HCL file(s) dumped into the host (basically infrastructure as data). Do you have any advice as to go around doing this?
Are you confusing different HCL files? The original question is about policies – which is not related to IaC (infrastructure and not configuration) and not the configuration for the Vault service. As long as you have access to your storage then that’s not going to get effected. If you want to manage the HCL Policies you can do that via Ansible or Terraform.
If you’re looking for HCL configuration files for the Vault Service, then you can use Packer to template-ize your configuration and post-install run a script that runs on first run to modify the template to match your IP and other variables. We use this with all of our clusters.