Assigning Secret Policies to the Secrets in the Folders

Assigning via the UI

  1. Select the folder containing the secrets you would like to assign a policy to.

  2. Click on the ellipsis button next to the folder name and select Edit Folder. The Folder Details page appears.

  3. Click the Edit link next to Secret Policy. The Edit Folder popup appears.

  4. Click to select the desired policy in the Secret Policy dropdown list.

  5. Click Save.

Assigning via the REST API

To assign a Secret Policy to a folder programmatically, use PATCH /api/v1/folder/{id}. The required role permissions and secret-level ACLs depend on whether the policy has an Enforced Privileged Account.

Required Role Permissions

  • Assign Secret Policy
  • View Secret Policy
  • Edit Folder (or Owner permission on the target folder)

Additional Permissions for Policies with an Enforced Privileged Account

When the policy's Privileged Account setting has Default only unchecked (Enforced), the API caller must also have:

  • Role permission: Allow List Secret Access for Assigning Policy
  • Secret ACL: List on the Privileged Account secret referenced by the policy

If the policy's Privileged Account has Default only checked, the per-secret access check is skipped and the additional permission and ACL above are not required.

If the caller is missing the required permission or ACL, the endpoint returns HTTP 403 AccessDenied with an error message that names the specific missing permission and secret. For full details on required permissions and response codes, see PATCH api/v1/folder/{id} — Assigning a Secret Policy via the API.