Skip to content

4.4 RBAC for Automation Accounts

Role-based access control ensures automation tools only access necessary credentials.

Vault Policy Example

# Policy for Terraform service account
path "secret/data/abhavtech/dnac/*" {
  capabilities = ["read"]
}

path "secret/data/abhavtech/ise/*" {
  capabilities = ["read"]
}

path "secret/data/abhavtech/ssh/*" {
  capabilities = ["deny"]
}

Apply policy:

vault policy write terraform-policy terraform-policy.hcl

vault token create -policy=terraform-policy

Related Sections: - 4.1 HashiCorp Vault Deployment - 2.3 Role Separation