From d6e5136ebfbc4ac68e1d51551fd5fcd5681d55d8 Mon Sep 17 00:00:00 2001
From: hcornet <hcornet@tips-of-mine.fr>
Date: Sat, 18 Jan 2025 12:09:24 +0100
Subject: [PATCH] Update : policy global

---
 policy/global.hcl | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 policy/global.hcl

diff --git a/policy/global.hcl b/policy/global.hcl
new file mode 100644
index 0000000..da140c6
--- /dev/null
+++ b/policy/global.hcl
@@ -0,0 +1,28 @@
+# Mount secrets engines
+path "sys/mounts/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
+
+# Configure the Terraform secrets engine and create roles
+path "terraform/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
+
+# Manage the leases
+path "sys/leases/+/terraform/creds/my-user/*" {
+  capabilities = [ "create", "read", "update", "delete", "list", "sudo" ]
+}
+
+path "sys/leases/+/terraform/creds/my-user" {
+  capabilities = [ "create", "read", "update", "delete", "list", "sudo" ]
+}
+
+# Write ACL policies
+path "sys/policies/acl/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
+
+# Manage tokens for verification
+path "auth/token/create" {
+  capabilities = [ "create", "read", "update", "delete", "list", "sudo" ]
+}