I have created a kv (version 2) secrets engine, mounted on /secret:
/ $ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
secret/ kv kv_dba4200e n/a
I have created a policy that should give admin access to everything in dev/team-1
/ $ vault policy read dev
path "secret/data/dev/team-1/*" {
capabilities = ["create", "update", "read","list"]
}
path "secret/metadata/dev/team-1/*" {
capabilities = ["list","read"]
}
I have created a secret
/ $ vault kv get secret/dev/team-1
===== Secret Path =====
secret/data/dev/team-1
======= Metadata =======
Key Value
--- -----
created_time 2023-05-13T00:09:15.416686671Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 1
=== Data ===
Key Value
--- -----
key teste
and also I have created a user that has been assigned the given policy:
/ $ vault token lookup
Key Value
--- -----
accessor UYB46guPahXROwvvFpRJ3in7
creation_time 1683931479
creation_ttl 768h
display_name token
entity_id n/a
expire_time 2023-06-13T22:44:39.062580257Z
explicit_max_ttl 0s
id hvs.CAESIDoYx7LfFWXh9p3KJ_CqyDQSQgQvPONeXpU4jcek-bt5Gh4KHGh2cy4zTjZUbGRKeUY3MkpweW52aDVWV0RvS3A
issue_time 2023-05-12T22:44:39.062596882Z
meta <nil>
num_uses 0
orphan false
path auth/token/create
policies [default dev]
renewable true
ttl 766h11m17s
type service
However when I try to access anything with this new user attached to the dev policy (list,get), I get this:
/ $ vault kv list secret/dev/team-1
No value found at secret/metadata/dev/team-1
/ $ vault kv get secret/dev/team-1/key
No value found at secret/data/dev/team-1/key
I would really appreciate if anyone could help with any guidance, I have spent a couple of days trying to figure out what I'm doing wrong
