From 5899c9acb3c83fada0f4c372c6115ab24c38772e Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Thu, 15 Jan 2026 04:17:14 -0300
Subject: [PATCH] vault: allow admin policy to update shared secrets

---
 services/vault/scripts/vault_k8s_auth_configure.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/services/vault/scripts/vault_k8s_auth_configure.sh b/services/vault/scripts/vault_k8s_auth_configure.sh
index daf0214..46086cf 100644
--- a/services/vault/scripts/vault_k8s_auth_configure.sh
+++ b/services/vault/scripts/vault_k8s_auth_configure.sh
@@ -133,6 +133,12 @@ path "kv/data/atlas/vault/*" {
 path "kv/metadata/atlas/vault/*" {
   capabilities = ["list"]
 }
+path "kv/data/atlas/shared/*" {
+  capabilities = ["create", "update", "read", "patch"]
+}
+path "kv/metadata/atlas/shared/*" {
+  capabilities = ["list"]
+}
 '
 
 write_raw_policy "vault-admin" "${vault_admin_policy}"