# Allow reading Vault auth backend configuration --- rules: - path: "kv/data/service/vault/+/+/auth_backend/*" capabilities: - list - read auth: approle: - tf_vault k8s/au/syd1: - woodpecker_terraform_vault