I am trying to use vault in my application. The authentication mechanism i am using is LDAP. I have done the configuration and my users are able to login to vault but they are not able to see any secret engines that I created as a root user.
For example I have enabled a secret engine secrets/kv and created 2 keys inside it. What i want is my ldap users to read/write secrets directly from UI. My policy file looks like this -
path "secret/kv"
{
capabilities = ["read", "update", "list"]
}
path "auth/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
And use issued the below command to write the data -
vault write auth/ldap/groups/ldap-group policies=my-policy
Still the users can't see the kv engine on the UI to read/write secrets.
Let me know if anyone can help me with this.
This policy should solve your issue.You don't need to prefix the path with
secret.