HashiCorp HCVA0-003 Question Answer
You have a new team member on the Vault operations team. Their first task is to rotate the encryption key in Vault as part of the organization’s security policy. However, when they log in, they get an access denied error when attempting to rotate the key. The policy being used is below. Why can’t the user rotate the encryption key?
path " auth/* " {
capabilities = [ " create " , " read " , " update " , " delete " , " list " ]
}
path " sys/rotate " {
capabilities = [ " read " , " update " ]
}

