Policy viewing history

frank.meier · October 16, 2023, 6:58am

Hi there,

we have a really resticted access permisson policy.
Everything is forbidden, except viewing and editing well definded pathes:
secrets/kv/pc/pl/lnx/*

The policy for that:

path "kv/data/pc/pl/lnx/*" {
  capabilities = ["create", "update","read"]
}

But I can’t see secret history.
So I tried:

path "secret/data/pc/pl/lnx/*" {
  capabilities = ["read", "create", "update"]
}
path "secret/metadata/pc/pl/lnx/*" {
  capabilities = ["read"]
}

I can create new versions, but I can’t see the version button.

What is the correect policy for that?

Vault 1.13.2+ent
kv2

Thanks

Frank Meier

Topic		Replies	Views
Vault policy to show the path and key and deny the value Vault vault	2	1789	November 25, 2021
Is policy limited for engine level only or all path & sub-path? Vault vault , policy-as-code	5	1067	May 24, 2022
Understanding Vault policies behavior Vault	2	380	November 16, 2019
Vault policy write only + read parameters too Vault	5	2386	November 28, 2021
Vault policies - no permissions error Vault	2	552	November 17, 2020