# Allow reading Vault auth backend configuration
---
rules:
  - path: "kv/data/service/vault/+/+/auth_backend/*"
    capabilities:
      - list
      - read

auth:
  approle:
    - tf_vault