Platform secret setup
This commit is contained in:
28
openbao/policies/platform-readonly.hcl
Normal file
28
openbao/policies/platform-readonly.hcl
Normal file
@@ -0,0 +1,28 @@
|
||||
# Read-only platform inspection policy.
|
||||
#
|
||||
# Useful for status dashboards and audit/review sessions that need visibility
|
||||
# into mounts and platform metadata without secret material mutation.
|
||||
|
||||
path "sys/health" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "sys/mounts" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
|
||||
path "sys/auth" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
|
||||
path "sys/policies/acl" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
|
||||
path "auth/token/lookup-self" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "platform/metadata/*" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
Reference in New Issue
Block a user