Skill

auth-policies

Use this skill when the user asks to "manage auth methods", "create a policy", "manage tokens", "enable LDAP", "set up approle", "create an ACL policy", "revoke a token", "list policies", or any task involving Vault authentication and authorization.

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/hashicorp-vault:auth-policies

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Use the `hashicorp-vault` MCP server tools to manage authentication methods, ACL policies, and tokens.

Supporting Files

references/policy-syntax.md

SKILL.md

83 lines · ~668 tokens

Stats

LanguageJavaScript

Parent stars0

MaintenanceGood

Last CommitMar 23, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

Vault Auth & Policies Management

Use the hashicorp-vault MCP server tools to manage authentication methods, ACL policies, and tokens.

Auth Methods

Listing auth methods

Call vault_list_auth to see all enabled auth methods with their types and paths.

Enabling an auth method

Choose the type: userpass, approle, ldap, oidc, kubernetes, jwt, cert, github, etc.
Call vault_enable_auth with a path and type.
After enabling, the auth method needs configuration (done via the Vault CLI or API directly for method-specific settings).

Disabling an auth method

Warning: Disabling revokes all tokens issued by that method.
Always confirm with the user before proceeding.
Call vault_disable_auth.

ACL Policies

Listing policies

Call vault_list_policies to see all ACL policy names.

Reading a policy

Call vault_read_policy with the policy name to view the HCL rules.

Creating/updating a policy

Write the policy in HCL format. Example:

path "secret/data/myapp/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}
path "secret/metadata/myapp/*" {
  capabilities = ["list", "read"]
}

Call vault_write_policy with the name and policy document.

Deleting a policy

Confirm with the user — tokens using this policy will lose those permissions.
Call vault_delete_policy.

Tokens

Creating a token

Call vault_create_token with policies, TTL, and other options. Common patterns:

Service token: policies: ["myapp-read"], ttl: "24h", renewable: true
One-time use: num_uses: 1, ttl: "5m"
Orphan token: no_parent: true (won't be revoked when parent is)

Looking up tokens

vault_lookup_self — info about the current token
vault_lookup_token — info about a specific token

Renewing a token

Call vault_renew_token before the TTL expires. Only works if the token is renewable.

Revoking a token

Call vault_revoke_token — this also revokes all child tokens.

Best Practices

Use the principle of least privilege for policies.
Prefer short TTLs with renewal over long-lived tokens.
Use approle for machine-to-machine auth, oidc for humans.
Never share root tokens; create scoped tokens instead.

Reference

See references/policy-syntax.md for HCL policy syntax details.

auth-policies

Invocation

Context Preview

Supporting Files

SKILL.md

auth-policies

Invocation

Context Preview

Supporting Files

SKILL.md

Vault Auth & Policies Management

Auth Methods

Listing auth methods

Enabling an auth method

Disabling an auth method

ACL Policies

Listing policies

Reading a policy

Creating/updating a policy

Deleting a policy

Tokens

Creating a token

Looking up tokens

Renewing a token

Revoking a token

Best Practices

Reference

Similar Skills

Vault Auth & Policies Management

Auth Methods

Listing auth methods

Enabling an auth method

Disabling an auth method

ACL Policies

Listing policies

Reading a policy

Creating/updating a policy

Deleting a policy

Tokens

Creating a token

Looking up tokens

Renewing a token

Revoking a token

Best Practices

Reference

Similar Skills