The ‘alpha’ secrets are stored in the team-based paths using this convention: secret/
Which Vault policy would not allow reading paths with the word “beta” in them, such as secrets/team01/beta?
The ‘alpha’ secrets are stored in the team-based paths using this convention: secret/
Which Vault policy would not allow reading paths with the word “beta” in them, such as secrets/team01/beta?
The correct policy to not allow reading paths with the word 'beta' in them would be the one that does not permit any type of 'beta' in the path. Option A and B both allow 'beta' in some form (either within paths or as part of more extended paths like 'beta/alpha'). Option C, however, does not allow 'beta' to appear in any path, ensuring that secrets with 'beta' in their names cannot be read.
C A would allow secrets/team01/beta and B /secrets/team01/beta/alpha
A would allow "secrets/beta" and B would allow "secrets/beta/alpha" so C seems correct.
D. Additional deny pattern to be set for beta