# Allow reading Puppet certificates for Terraform
---
rules:
  - path: "kv/data/service/puppet/certificates/terraform"
    capabilities:
      - read

auth:
  approle:
    - terraform_incus