1--- 2layout: "api" 3page_title: "/sys/policy - HTTP API" 4sidebar_title: "<code>/sys/policy</code>" 5sidebar_current: "api-http-system-policy" 6description: |- 7 The `/sys/policy` endpoint is used to manage ACL policies in Vault. 8--- 9 10# `/sys/policy` 11 12The `/sys/policy` endpoint is used to manage ACL policies in Vault. 13 14## List Policies 15 16This endpoint lists all configured policies. 17 18| Method | Path | 19| :--------------------------- | :--------------------- | 20| `GET` | `/sys/policy` | 21 22### Sample Request 23 24``` 25$ curl \ 26 --header "X-Vault-Token: ..." \ 27 http://127.0.0.1:8200/v1/sys/policy 28``` 29 30### Sample Response 31 32```json 33{ 34 "policies": ["root", "deploy"] 35} 36``` 37 38## Read Policy 39 40This endpoint retrieve the policy body for the named policy. 41 42| Method | Path | 43| :--------------------------- | :--------------------- | 44| `GET` | `/sys/policy/:name` | 45 46### Parameters 47 48- `name` `(string: <required>)` – Specifies the name of the policy to retrieve. 49 This is specified as part of the request URL. 50 51### Sample Request 52 53``` 54$ curl \ 55 --header "X-Vault-Token: ..." \ 56 http://127.0.0.1:8200/v1/sys/policy/my-policy 57``` 58 59### Sample Response 60 61```json 62{ 63 "name": "my-policy", 64 "rules": "path \"secret/*\"... 65} 66``` 67 68## Create/Update Policy 69 70This endpoint adds a new or updates an existing policy. Once a policy is 71updated, it takes effect immediately to all associated users. 72 73| Method | Path | 74| :--------------------------- | :--------------------- | 75| `PUT` | `/sys/policy/:name` | 76 77### Parameters 78 79- `name` `(string: <required>)` – Specifies the name of the policy to create. 80 This is specified as part of the request URL. 81 82- `policy` `(string: <required>)` - Specifies the policy document. 83 84### Sample Payload 85 86```json 87{ 88 "policy": "path \"secret/foo\" {..." 89} 90``` 91 92### Sample Request 93 94``` 95$ curl \ 96 --header "X-Vault-Token: ..." \ 97 --request PUT \ 98 --data @payload.json \ 99 http://127.0.0.1:8200/v1/sys/policy/my-policy 100``` 101 102## Delete Policy 103 104This endpoint deletes the policy with the given name. This will immediately 105affect all users associated with this policy. 106 107| Method | Path | 108| :--------------------------- | :--------------------- | 109| `DELETE` | `/sys/policy/:name` | 110 111### Parameters 112 113- `name` `(string: <required>)` – Specifies the name of the policy to delete. 114 This is specified as part of the request URL. 115 116### Sample Request 117 118``` 119$ curl \ 120 --header "X-Vault-Token: ..." \ 121 --request DELETE \ 122 http://127.0.0.1:8200/v1/sys/policy/my-policy 123``` 124