# Allow administration of PKI roles --- rules: - path: "pki/au/syd1/roles/*" capabilities: - create - update - read - delete - list auth: approle: - tf_vault k8s/au/syd1: - woodpecker_terraform_vault