HashiCorp Certified: Vault Associate Certification
Create Vault Policies
Managing Policies using the API
Vault’s HTTP API provides a straightforward way to create, update, and manage policies. By sending a PUT request to the /v1/sys/policy/<name> endpoint along with a JSON payload, you can define or overwrite policy rules.
Create or Update a Policy
Use the following curl command to create or update a policy named webapp:
curl \
--header "X-Vault-Token: s.bCEo8HFNIIR8wRGAzwXwkqUk" \
--request PUT \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/policy/webapp
| Option | Description | Example |
|---|---|---|
--header "X-Vault-Token: …" | Vault token for authentication | X-Vault-Token: s.bCEo8HFNIIR8wRGAzwXwkqUk |
--request PUT | HTTP method for creating or updating a policy | PUT |
--data @payload.json | Path to the JSON file with the policy definition | @payload.json |
| API endpoint | Target URL for policy management; replace webapp with your name | /v1/sys/policy/webapp |
Warning
Using PUT on an existing policy will overwrite it. Always review the policy rules before applying.
payload.json Example
Below is a sample payload.json defining a policy with read, write, list, and delete permissions on kv/apps/webapp:
{
"policy": "
path \"kv/apps/webapp\" {
capabilities = [\"create\", \"update\", \"read\", \"delete\", \"list\"]
}
"
}
policy: Contains the HCL-like policy string.path "kv/apps/webapp": Specifies the secrets path this policy governs.capabilities: Lists allowed operations on that path.
Note
Ensure payload.json is located in your current directory or provide an absolute path.
For advanced policy syntax, see the Vault Policy Documentation.
Next Steps & References
- Learn more about Vault’s policy engine and HCL syntax:
Vault Policy Language - Explore other system endpoints in the API:
Vault HTTP API Reference - Secure Vault tokens and follow best practices.
Watch Video
Watch video content