Hi, I was trying to setup OIDC auth method using Google OAuth by referring https://github.com/hashicorp/vault-guides/tree/master/identity/oidc-auth
And created 2 roles as below:
vault list auth/oidc/role
Keys
----
manager
reader
where reader has list, read capabilities on secret and manager has create, delete, list, read, update capabilities on secret.
vault policy read reader
# Read permission on the k/v secrets
path "/secret/*" {
capabilities = ["read", "list"]
}
But when I login to vault UI with reader as default role, I can still create secret. It shouldn’t have permissions to create it right?