Document required policy for doing import/export

[cthtrifork]

I would like the TOKEN to have the least-permissive setup but I can not find documentation of a token_policies that would work with medusa.

# List, create, update, and delete key/value secrets
path "secret/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

Would this path be enough?

[cthtrifork]

Ideally I would like documentation for creating an approle with a token policy that can only call relevant APIs

[jonasvinther]

Hi Casper,
Small world. You propably didn't realize it, but we met a few times during my time in Trifork a few years ago :) Nice to see that you have found my little Vault tool.

The capabilities looks correct. The only thing you might wanna reconsider is if you always needs all the permissions. For instance if you isn't planning on using the delete command then I don't see any reason to have the delete capability. And again if you are only going to read secrets, you only need the list and read capabilities.