Token can't access path .. im crazy with this

adrian.delossantos · April 8, 2024, 5:47pm

Hello guys… i have a very simple, common task, that has been impossible.

I have a key value v1 secrets engine on path /kv1/, there i create a EDL/data1 and EDL/data2 so i have

/kv1/EDL/data1
and
/kv1/EDL/data2

now… i want to create a token for a user that can read and write on that path… so i create the following policiy

path "/secret/kv1/EDL/*" {
  capabilities = ["create", "read", "update", "patch", "delete", "list"]
}
path "/kv1/EDL/*" {
  capabilities = ["create", "read", "update", "patch", "delete", "list"]
}

create a token with that policy

vault token create -policy=edl

and when i access the gui using that token and try to access /kv1/EDL i got…

Not Authorized

You don’t have access to kv1/ . If you think you’ve reached this page in error, please contact your administrator.

Go back home.

im almost crazy with this… how can i create a simple token so the user can access /kv1/EDL/* ???

michaelkosir · April 8, 2024, 8:09pm

The UI requires an additional policy path (list on the mount). This is needed to browse the secrets in the UI.

path "kv1/" {
  capabilities = ["list"]
}
path "kv1/EDL/*" {
  capabilities = ["create", "read", "update", "delete", "list", "patch"]
}

Topic		Replies	Views
Vault Policy & Web GUI Vault	5	2033	September 24, 2020
Policy issues using sub folder permissions Vault	2	2627	March 1, 2021
Creating Token for kv policy Vault	8	498	March 15, 2023
Not understanding Vault policies for secret paths Vault	8	2880	June 7, 2021
Having problem with ACL Policies Vault	4	323	March 18, 2020

Token can't access path .. im crazy with this

Not Authorized

Related topics