From f5231d282b6cd79860bddcb21f94bfa6c61cc744 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Fri, 16 Jan 2026 02:06:31 -0300
Subject: [PATCH] vault: allow UI mount listing for admins

---
 services/vault/scripts/vault_k8s_auth_configure.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/services/vault/scripts/vault_k8s_auth_configure.sh b/services/vault/scripts/vault_k8s_auth_configure.sh
index 46086cf..daf48b3 100644
--- a/services/vault/scripts/vault_k8s_auth_configure.sh
+++ b/services/vault/scripts/vault_k8s_auth_configure.sh
@@ -124,6 +124,12 @@ path "sys/policies/acl" {
 path "sys/policies/acl/*" {
   capabilities = ["create", "update", "read"]
 }
+path "sys/internal/ui/mounts" {
+  capabilities = ["read"]
+}
+path "sys/mounts" {
+  capabilities = ["read"]
+}
 path "sys/mounts/auth/*" {
   capabilities = ["read", "update", "sudo"]
 }