From e4361d2cfc05bb7f006e311bb0ab9b9e7e73c97e Mon Sep 17 00:00:00 2001 From: Robin Beck Date: Tue, 7 Oct 2025 12:31:13 -0700 Subject: [PATCH] fixes controller policy example (#6113) --- .../docs/domain-model/credential-stores.mdx | 40 +++++++++++++++---- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/website/content/docs/domain-model/credential-stores.mdx b/website/content/docs/domain-model/credential-stores.mdx index 6b6538d190..38968f910f 100644 --- a/website/content/docs/domain-model/credential-stores.mdx +++ b/website/content/docs/domain-model/credential-stores.mdx @@ -122,8 +122,7 @@ removed from the credential store. #### Vault Boundary controller policy -The token Boundary receives must have the capabilities listed below. An explanation -for the use of each capability is given. +The token Boundary receives must have the capabilities in the policy below. An explanation for each capability is documented above the written policy. ```hcl # Allow Boundary to read and verify the properties of the token. This is @@ -165,14 +164,41 @@ path "sys/capabilities-self" { } ``` -The above [`boundary-controller` policy](https://boundaryproject.io/data/vault/boundary-controller-policy.hcl) is -available for download. Below is an example of writing this policy to Vault: +Follow the steps below to write this policy to Vault. + +Create the policy: ```shell-session -# Download the policy -$ curl https://boundaryproject.io/data/vault/boundary-controller-policy.hcl -O -s -L +$ cat > boundary-controller-policy.hcl <