/sys/policy
The /sys/policy endpoint is used to manage ACL policies in Vault.
List policies
This endpoint lists all configured policies.
| Method | Path |
|---|---|
GET | /sys/policy |
Sample request
$ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/policySample response
{ "policies": ["root", "deploy"]}Read policy
This endpoint retrieve the policy body for the named policy.
| Method | Path |
|---|---|
GET | /sys/policy/:name |
Parameters
name(string: <required>)– Specifies the name of the policy to retrieve. This is specified as part of the request URL.
Sample request
$ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/policy/my-policySample response
{ "name": "my-policy", "rules": "path \"secret/*\"...}Create/Update policy
This endpoint adds a new or updates an existing policy. Once a policy is updated, it takes effect immediately to all associated users.
| Method | Path |
|---|---|
POST | /sys/policy/:name |
Parameters
name(string: <required>)– Specifies the name of the policy to create. This is specified as part of the request URL.policy(string: <required>)- Specifies the policy document.
Sample payload
{ "policy": "path \"secret/foo\" {..."}Sample request
$ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/sys/policy/my-policyDelete policy
This endpoint deletes the policy with the given name. This will immediately affect all users associated with this policy.
| Method | Path |
|---|---|
DELETE | /sys/policy/:name |
Parameters
name(string: <required>)– Specifies the name of the policy to delete. This is specified as part of the request URL.
Sample request
$ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/sys/policy/my-policy