Hello,
Can I give a policy access to a specific secret inside a path? for example if I have a kv/mysecret path with multiple key values can I give access to all values for someone while restrict it for only one value for another? or should I put every key value in a separate path for better privileges administration and build policies around that?
Thanks
IMO, yes. If you have such specific permission requirements, this will be the way to go.
AFAIK there is no way to specify a key in the path descriptor of a policy. The finest detail you can use is the secret name.
What you can do is create sub-folders, with the lower level giving access to the fewer keys. That’ll give you what you’re looking for.
@mikegreen @aram535 I made sub-folders with multiple parameters when possible and separate ones with only one parameter when needed. Thanks for helping