0
Consider the following policy
path "secret/*" {
capabilities = [ "read" ]
}
path "secret/dev.example.com/django/*" {
capabilities = [ "read" ]
}
The second rule allows for reading secrets out of secret/dev.example.com/django. However, this only works if read privilege is granted on secret/* too.
My question is why the first rule is required ?