Can’t put/get a kv secret on secret/ path, even the policy allowing it.
Created the policy file department1.hcl:
path "secret/department1/*" {
capabilities = ["create", "read", "update", "list"]
}
Imported the policy:
vault policy write department1 department1.hcl
Enabled userpass auth method:
vault auth enable userpass
Created a user john attached to the policy:
vault write auth/userpass/users/john password=123456 policies=department1
Login as John:
vault login -method=userpass username=john
Tried to add a secret to the path secret/department1/db/mysql/server1 (this fails as john, but works as root)
vault kv put secret/department1/db/mysql/server1 login=guest password=123 server=127.0.0.1 port=3306
I am guessing is something wrong, maybe on the policy, some base principle I am missing, but could not find the answer on the docs.
Any ideas?