HCP Vault Secrets permissions
The following table lists HCP Vault Secrets permissions based on Role-Based Access Control (RBAC).
HCP Vault Secrets permissions | Viewer | Contributor | Admin | App Manager | App Secrets Reader |
---|---|---|---|---|---|
Create and edit applications | ❌ | ✅ | ✅ | ✅ | ❌ |
View applications | ✅ | ✅ | ✅ | ✅ | ✅ |
Delete applications | ❌ | ✅ | ✅ | ✅ | ❌ |
Create secrets and new versions of secrets | ❌ | ✅ | ✅ | ✅ | ❌ |
Read secrets | ✅ | ✅ | ✅ | ✅ | ✅ |
Edit secrets | ❌ | ✅ | ✅ | ✅ | ❌ |
Delete secrets | ❌ | ✅ | ✅ | ✅ | ❌ |
View audit logs | ❌ | ❌ | ✅ | ❌ | ❌ |
Add existing users or service principals to applications | ❌ | ❌ | ✅ | ❌ | ❌ |
Remove users or service principals from applications | ❌ | ❌ | ✅ | ❌ | ❌ |
Create and manage sync integrations | ❌ | ✅ | ✅ | ❌ | ❌ |
Connect sync integrations | ❌ | ✅ | ✅ | ✅ | ❌ |
Disconnect sync integrations | ❌ | ✅ | ✅ | ✅ | ❌ |
App Manager & App Secrets Reader roles
Currently, the App Manager and App Secrets Reader roles are available through the Terraform HashiCorp Cloud Platform (HCP) Provider. The UI support is coming soon.
These permissions are applicable when applied at the project level.
Assign permissions to users
Refer to the users page to learn how to invite users and assign roles.
The service principals page describes how to create a service principal.