layout	page_title	sidebar_current	description
api	/sys/policy - HTTP API	docs-http-system-policy	The `/sys/policy` endpoint is used to manage ACL policies in Vault.

`/sys/policy`

The /sys/policy endpoint is used to manage ACL policies in Vault.

List Policies

This endpoint lists all configured policies.

Method	Path	Produces
`GET`	`/sys/policy`	`200 application/json`

$ curl \
    --header "X-Vault-Token: ..." \
    https://vault.rocks/v1/sys/policy

{
  "policies": ["root", "deploy"]
}

This endpoint retrieve the rules for the named policy.

Method	Path	Produces
`GET`	`/sys/policy/:name`	`200 application/json`

name (string: <required>) – Specifies the name of the policy to retrieve. This is specified as part of the request URL.

$ curl \
    --header "X-Vault-Token: ..." \
    https://vault.rocks/v1/sys/policy/my-policy

{
  "rules": "path \"secret/foo\" {..."
}

This endpoint adds a new or updates an existing policy. Once a policy is updated, it takes effect immediately to all associated users.

Method	Path	Produces
`PUT`	`/sys/policy/:name`	`204 (empty body)`

name (string: <required>) – Specifies the name of the policy to create. This is specified as part of the request URL.
rules (string: <required>) - Specifies the policy document.

{
  "rules": "path \"secret/foo\" {..."
}

$ curl \
    --header "X-Vault-Token: ..." \
    --request PUT \
    --data payload.json \
    https://vault.rocks/v1/sys/policy/my-policy

This endpoint deletes the policy with the given name. This will immediately affect all users associated with this policy.

Method	Path	Produces
`DELETE`	`/sys/policy/:name`	`204 (empty body)`

name (string: <required>) – Specifies the name of the policy to delete. This is specified as part of the request URL.

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    https://vault.rocks/v1/sys/policy/my-policy