Vault approle in groups

I have some approles and would like to assign them some groups, such as I am used to do with users. In this way, users inherit the policies from the group itself.

How can I reproduce the same behavior with approle ?


For AppRole, the only supported way to assign policies is directly using the token_policies field. Depending on your exact use case, it may be helpful to know that paths in policies can be templated, but there is no way of grouping a set of policies together under one name for AppRole.