HashiCorp Certified: Vault Associate Certification

Create Vault Policies

Managing Policies using the API

Vault’s HTTP API provides a straightforward way to create, update, and manage policies. By sending a PUT request to the /v1/sys/policy/<name> endpoint along with a JSON payload, you can define or overwrite policy rules.

Create or Update a Policy

Use the following curl command to create or update a policy named webapp:

curl \
  --header "X-Vault-Token: s.bCEo8HFNIIR8wRGAzwXwkqUk" \
  --request PUT \
  --data @payload.json \
  http://127.0.0.1:8200/v1/sys/policy/webapp
OptionDescriptionExample
--header "X-Vault-Token: …"Vault token for authenticationX-Vault-Token: s.bCEo8HFNIIR8wRGAzwXwkqUk
--request PUTHTTP method for creating or updating a policyPUT
--data @payload.jsonPath to the JSON file with the policy definition@payload.json
API endpointTarget URL for policy management; replace webapp with your name/v1/sys/policy/webapp

Warning

Using PUT on an existing policy will overwrite it. Always review the policy rules before applying.

payload.json Example

Below is a sample payload.json defining a policy with read, write, list, and delete permissions on kv/apps/webapp:

{
  "policy": "
    path \"kv/apps/webapp\" {
      capabilities = [\"create\", \"update\", \"read\", \"delete\", \"list\"]
    }
  "
}
  • policy: Contains the HCL-like policy string.
  • path "kv/apps/webapp": Specifies the secrets path this policy governs.
  • capabilities: Lists allowed operations on that path.

Note

Ensure payload.json is located in your current directory or provide an absolute path.
For advanced policy syntax, see the Vault Policy Documentation.

Next Steps & References

Watch Video

Watch video content

Previous
Managing Policies using the UI