我正在尝试为所有用户建立共享的秘密环境,但是每个用户都无法看到彼此的秘密。它可以通过CLI正常运行,但是当我尝试在Web UI上对其进行测试时,它表明测试用户没有正确的权限。我按照本指南https://learn.hashicorp.com/vault/identity-access-management/policy-templating和https://www.vaultproject.io/docs/concepts/policies.html进行了参考,但是无论我做什么,它在Web UI上均无法正常工作。
这是我的政策的样子。
path "secret/data/{{identity.entity.name}}/*" {
capabilities = ["create", "update", "read", "delete", "sudo"]
}
path "secret/metadata/{{identity.entity.name}}/*" {
capabilities = ["list", "read", "create", "update", "delete", "sudo"]
}
CLI输出:
$ vault kv list secret/user
Keys
----
test
感谢您的任何帮助或建议,谢谢。
尝试此:
path "secret/data/{{identity.entity.name}}/*" {
capabilities = ["create", "update", "read", "delete", "sudo"]
}
path "secret/metadata/{{identity.entity.name}}/*" {
capabilities = ["list"]
}
path "secret/metadata" {
capabilities = ["list"]
}