Now we need to create a policy which restricts Jerakia to using only the encryption and decryption endpoints.
In order to create this policy, we'll create a new file, jerakia_policy.hcl, and then import it into Vault using the policy-write Vault command:
# jerakia_policy.hcl
path "transit/decrypt/jerakia" {
policy = "write"
}
path "transit/encrypt/jerakia" {
policy = "write"
}
$ ./vault policy-write jerakia jerakia_policy.hcl