The error was thrown because the policy code contains an invalid capability, “write”. The valid
capabilities for a policy are “create”, “read”, “update”, “delete”, “list”, and “sudo”. The “write”
capability is not recognized by Vault and should be replaced with “create”, which allows creating new
secrets or overwriting existing ones. The other statements are not correct, because the wildcard (*)
and the sudo capability are both valid in a policy. The wildcard matches any number of characters
within a path segment, and the sudo capability allows performing certain operations that require
root privileges.
Reference:
[Policy Syntax | Vault | HashiCorp Developer]
[Policy Syntax | Vault | HashiCorp Developer]
Which statement describes the fix for this issue?
Which statement describes the fix for this issue?