PUT request to the /v1/sys/policy/<name> endpoint along with a JSON payload, you can define or overwrite policy rules.
Create or Update a Policy
Use the followingcurl command to create or update a policy named webapp:
| Option | Description | Example |
|---|---|---|
--header "X-Vault-Token: …" | Vault token for authentication | X-Vault-Token: s.bCEo8HFNIIR8wRGAzwXwkqUk |
--request PUT | HTTP method for creating or updating a policy | PUT |
--data @payload.json | Path to the JSON file with the policy definition | @payload.json |
| API endpoint | Target URL for policy management; replace webapp with your name | /v1/sys/policy/webapp |
Using
PUT on an existing policy will overwrite it. Always review the policy rules before applying.payload.json Example
Below is a samplepayload.json defining a policy with read, write, list, and delete permissions on kv/apps/webapp:
policy: Contains the HCL-like policy string.path "kv/apps/webapp": Specifies the secrets path this policy governs.capabilities: Lists allowed operations on that path.
Ensure
For advanced policy syntax, see the Vault Policy Documentation.
payload.json is located in your current directory or provide an absolute path.For advanced policy syntax, see the Vault Policy Documentation.
Next Steps & References
- Learn more about Vault’s policy engine and HCL syntax:
Vault Policy Language - Explore other system endpoints in the API:
Vault HTTP API Reference - Secure Vault tokens and follow best practices.