More Vault Sentinel examples in the Vault Guides Repo.
Example Endpoint governing policies:
validate_zip_codesvalidates that any key named "zipcode", "zip_code", or "zip-code" contains a valid 5-digit U.S. zipcode. EGP Policy, paths = secret/*validate_state_codesvalidates that any key named "state" contains a valid U.S. state code. EGP Policy, paths = secret/*validate_root_aws_keysvalidates that any path having both access_key and secret_key keys contain valid AWS keys. EGP Policy, paths = * a. This ensures that the root keys for an instance of the AWS secrets engine in path /config/root are valid. b. Since the AWS secret engine may exist at multiple paths, the path is set to "*".business_hoursEGP on one namespace that only allows writing secrets between 8am and 8pm EDT on Monday to Friday. EGP Policy, paths = secret/*