To list and export the existing Vault Policies
Introduction
HashiCorp Vault uses policies to define what operations and paths users, applications, or systems can access. Policies ensure fine-grained access control, making it possible to separate responsibilities and secure secrets effectively.
This document explains how to list all existing policies in Vault and how to export a specific policy for review or backup.
Prerequisites
Before proceeding, ensure the following prerequisites are met:
- Vault Installation
- Vault must be installed and running on the target system.
- Ensure the Vault server is initialized and unsealed.
- Access Credentials
- You must have a Vault token with sufficient privileges to list and read policies.
- CLI Access
- Access to the server or environment where Vault is running.
- The
vaultCLI should be installed and available in your$PATH.
- Network & Address Configuration
- In this guide, Vault is assumed to be running locally at
http://127.0.0.1:8200. - If TLS is disabled or self-signed certificates are used, the
-tls-skip-verifyflag must be provided.
- In this guide, Vault is assumed to be running locally at
Steps
1. List All Policies in Vault
To list all available policies in Vault, run the following command:
vault policy list -address="http://127.0.0.1:8200" -tls-skip-verify
This command outputs all policies configured in Vault, including built-in policies like root and any custom ones such as example-policy.
2. Export the Current Policy
To view or export the details of a specific policy (e.g., example-policy), use:
vault policy read -address="http://127.0.0.1:8200" -tls-skip-verify example-policy > example-policy.hcl
- The command reads the
example-policyand writes it into a file calledexample-policy.hcl. - This file can be stored as a backup, versioned in Git, or modified for future updates.
Conclusion
By following these steps, administrators can list all available Vault policies and export specific policies for documentation, auditing, or modification. Regularly backing up and reviewing policies ensures that Vault access control remains secure, auditable, and aligned with organizational requirements.
