Hi I’m new to Vault and have been playing with vault AppRole. When using API to get role-id and secret-id, it requires a token. My question is, what access must this token have and what’s a good practice for generating this token? Thanks a lot in advance.
See https://learn.hashicorp.com/tutorials/vault/approle#policy-requirements
In most case you will have and vault admin user do this.
Got it. I was assuming there’s a default policy for that but looks like I can create a custom policy to handle approle admin work. Thanks a lot!