# Allow reading audit logs related to secret engines
path "sys/audit" {
  capabilities = ["read", "list"]
}