Vault provides multiple valid ways to create a policy via the CLI using the vault policy write command. The HashiCorp Vault documentation states: " To write a policy, use the vault policy write command. " The valid methods are:
A : " vault policy write my-policy - < < EOF ... EOF uses heredoc syntax to inline policy content, which Vault accepts directly. "
C : " vault policy write my-policy /tmp/policy.hcl writes a policy from a file, a standard method per the docs: ' The policy can be read from a file or piped from stdin. ' "
D : " cat user.hcl | vault policy write my-policy - pipes policy content from a file via stdin, another documented approach: ' You can pipe the policy content to the command using -. ' "
Option B, vault policy create, is invalid as no such command exists—only vault policy write is used. Thus, A, C, and D are correct.
[Reference:, HashiCorp Vault Documentation - Policies: Write a Policy, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit