From 756a1af2e688029b3c4afd36fd0390538373620f Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Thu, 15 Jan 2026 02:16:55 -0300
Subject: [PATCH] vault: allow oidc tuning

---
 services/vault/scripts/vault_k8s_auth_configure.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/vault/scripts/vault_k8s_auth_configure.sh b/services/vault/scripts/vault_k8s_auth_configure.sh
index ce9533c..d47ebb5 100644
--- a/services/vault/scripts/vault_k8s_auth_configure.sh
+++ b/services/vault/scripts/vault_k8s_auth_configure.sh
@@ -124,6 +124,9 @@ path "sys/policies/acl" {
 path "sys/policies/acl/*" {
   capabilities = ["create", "update", "read"]
 }
+path "sys/mounts/auth/*" {
+  capabilities = ["read", "update", "sudo"]
+}
 path "kv/data/atlas/vault/*" {
   capabilities = ["read"]
 }