[英]Hashicorp Vault — Create Auth Tokens Only, Don't read secrets
I'm using Hashicorp Vault: 我正在使用Hashicorp Vault:
https://www.vaultproject.io/ https://www.vaultproject.io/
I want a user that can create new users, but can't read their secrets. 我想要一个可以创建新用户但无法读取其机密的用户。
Would I just create a policy like: 我是否可以创建一个策略,例如:
path "sys/auth/token/*" {
policy = "write"
}
since all policies are set to deny? 既然所有政策都设置为拒绝?
This was the incorrect way to use Vault. 这是使用保管箱的错误方法。 These were my errors:
这些是我的错误:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.