# Allow access to manage secret engines (mount, unmount, update)
---
rules:
  - path: "sys/mounts/*"
    capabilities:
      - create
      - update
      - delete
      - read
      - list
  - path: "sys/mounts-tune/*"
    capabilities:
      - update
      - read
  - path: "sys/mounts"
    capabilities:
      - read
      - list

auth:
  approle:
    - tf_vault