I am exploring Hashicorp Vault for secure storage. I have a root account setup and I have logged in to the UI and created the below given policy through the UI.
The name of the policy is app-readonly. I had the policy like below
path "secret/clients-integration" {
capabilities = ["read"]
}
I have executed the below command to create a token as a root user
vault token create -policy=app-readonly -display-name=readonly-app-token -orphan=true -no-default-policy
This command has generated a token, when I use the token in postman to read the secrets stored, I am getting error like below,
{
"errors": [
"1 error occurred:\n\t* permission denied\n\n"
]
}
Upon this error, I felt that the KV is not accessible so modified the above policy to like below
path "secrets/kv/secret/clients-integration" {
capabilities = ["read"]
}
However, now also, I am unable to read / view the tokens through the UI / postman. Actually the UI shows only the Ui shows only the cubbyhole and the kv itself is not visible, can you please help me with the right policy change to allow the token to read the secrets.
EDIT Latest trials
path "secret/data/clients-integration" {
capabilities = ["read"]
}
I am using the latest version of KV => version 2 and I am checking in both the UI and the API. The API however has the below like url
http://host:8080/v1/kv/data/secret/clients-integration?version=2
The data can be obtained using the root token in the same api
