Update text around default policy to make it clear that it is user-modifiable
This commit is contained in:
parent
9dba3590ac
commit
9d2a0dc31f
|
@ -368,9 +368,9 @@ wrapping mandatory for a particular path.
|
|||
wrapped response.
|
||||
|
||||
If both are specified, the minimum value must be less than the maximum. In
|
||||
addition, if paths are merged from different stanzas, the lowest value specified
|
||||
for each is the value that will result, in line with the idea of keeping token
|
||||
lifetimes as short as possible.
|
||||
addition, if paths are merged from different stanzas, the lowest value
|
||||
specified for each is the value that will result, in line with the idea of
|
||||
keeping token lifetimes as short as possible.
|
||||
|
||||
## Builtin Policies
|
||||
|
||||
|
@ -379,10 +379,17 @@ the two builtin policies.
|
|||
|
||||
### Default Policy
|
||||
|
||||
The `default` policy is a builtin Vault policy that cannot be modified or
|
||||
removed. By default, it is attached to all tokens, but may be explicitly
|
||||
detached at creation time. The policy contains basic functionality such as the
|
||||
ability for the token to lookup data about itself and to use its cubbyhole data.
|
||||
The `default` policy is a builtin Vault policy that cannot be removed. By
|
||||
default, it is attached to all tokens, but may be explicitly excluded at token
|
||||
creation time by supporting authentication methods.
|
||||
|
||||
The policy contains basic functionality such as the ability for the token to
|
||||
look up data about itself and to use its cubbyhole data. However, Vault is not
|
||||
proscriptive about its contents. It can be modified to suit your needs; Vault
|
||||
will never overwrite your modifications. If you want to stay up-to-date with
|
||||
the latest upstream version of the `default` policy, simply read the contents
|
||||
of the policy from an up-to-date `dev` server, and write those contents into
|
||||
your Vault's `default` policy.
|
||||
|
||||
To view all permissions granted by the default policy on your Vault
|
||||
installation, run:
|
||||
|
|
Loading…
Reference in a new issue