There’s some test vault installation
There’s some role with policy like this
path "sys/mounts" { capabilities = ["list", "read", "create", "update", "delete"] }
path "sys/mounts/*" { capabilities = ["list", "read", "create", "update", "delete"] }
path "sys/remount" { capabilities = ["list", "read", "create", "update", "delete"] }
When i try to remount storage i got error
vault secrets move secret/path1 secret/path2
Error moving secrets engine secret/path1/ to secret/path2/: Error making API request.
URL: POST http://vault.local:8200/v1/sys/remount
Code: 403. Errors:
* 1 error occurred:
* permission denied
Same command via CURL
curl -X POST -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" -d '{"from":"secret/path1","to":"secret/path2"}' http://vault.local:8200/v1/sys/remount
{"errors":["1 error occurred:\n\t* permission denied\n\n"]}
What am i doing wrong? Should i ask for additional permissions?