Initial vault agent configuration

system-admin-policy.hcl

@@ -0,0 +1,18 @@
+# Policy for system with broader access
+path "secret/data/*" {
+  capabilities = ["create", "read", "update", "delete", "list"]
+}
+
+path "secret/metadata/*" {
+  capabilities = ["list"]
+}
+
+# Allow token renewal
+path "auth/token/renew-self" {
+  capabilities = ["update"]
+}
+
+# Allow token lookup
+path "auth/token/lookup-self" {
+  capabilities = ["read"]
+}