# Allow reading Vault secret backend configuration
---
rules:
  - path: "kv/data/service/vault/+/+/secret_backend/*"
    capabilities:
      - list
      - read

auth:
  approle:
    - tf_vault