Vault Rules
HashiCorp Vault for secrets management. Store, access, and rotate credentials, tokens, and encryption keys securely.
3 rules
Authentication Method Configuration
Intermediate
Configure Vault authentication methods properly — prefer machine identity (AppRole, Kubernetes, AWS IAM) over static tokens, set appropriate TTLs, and enforce MFA for human operators.
globs: **/*.hcl, **/vault/**, **/*.sh
authentication, approle, kubernetes-auth, oidc
View Rule
Vault Policy Writing Standards
Intermediate
Write HashiCorp Vault policies with least-privilege principles — explicit path capabilities, deny by default, no wildcard read on secrets, and proper policy naming conventions.
globs: **/*.hcl, **/vault/**, **/policies/**
vault-policies, least-privilege, access-control, capabilities
View Rule
Secret Organization and Lifecycle
Intermediate
Organize Vault secrets with consistent path hierarchies — environment-separated paths, versioned KV secrets, automatic rotation for credentials, and proper secret lifecycle management.
globs: **/*.hcl, **/vault/**, **/*.sh
secret-management, kv-v2, dynamic-secrets, rotation
View Rule