Creating a dynamic vault policy using templating based on username using userpass

Question

I want to create an ACL policy that allows user's to create, read, update etc data to a secrets engine based on their userpass username.

For example, if the username is foo I want it so that they have access to secrets/foo/* I obviously want this to be dynamic, so I do not want to create multiple policies where I hard code these values.

path "secrets/{{identity.entity.metadata.username}}/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

But this only work when I manually add metadata to a user instead of using that user's username.

How can I achieve this using templating ?

score 0 · Answer 1 · answered Jun 04 '22 at 09:35

0

This might help you, check the available templating parameters https://learn.hashicorp.com/tutorials/vault/policy-templating#available-templating-parameters

Add custom_metadata might help in your use case.

answered Jun 04 '22 at 09:35

Abeer

1
1

Creating a dynamic vault policy using templating based on username using userpass

1 Answers1