Hello,
I have following policy in vault kv version 2:
When I execute CLI commands:
in UI, I saw following:
I wasn’t expecting permission issue when putting secrets at “secret/dc” or “secret/dc/”. Given a wildcard (dc/*) and valid token, Shouldn’t I be able to put secrets right at right at dc/ aswell? I thought I had access to everything under “dc/”.
Appreciate help.
Thanks
You do. But dc is not under dc/.
Vault’s * wildcard is a simple “string starts with given prefix” match, and dc is not a string starting with dc/.
Additionally, all “file-like” Vault operations (all of them apart from list) will automatically trim off any trailing slash - and the only “directory-like” operation (list) will automatically append a trailing slash to the path if not already present.
