diff --git a/_sys/vault/vault-service-policy.hcl b/_sys/vault/vault-service-policy.hcl
new file mode 100644
index 0000000..302fe60
--- /dev/null
+++ b/_sys/vault/vault-service-policy.hcl
@@ -0,0 +1,13 @@
+https://developer.hashicorp.com/vault/tutorials/day-one-consul/deployment-guide
+#consul acl policy create -name vault-service -rules @vault-service-policy.hcl
+#consul acl token create \
+#    -description "Vault Service Token" \
+#   -policy-name vault-service
+
+
+service "vault" { policy = "write" }
+key_prefix "vault/" { policy = "write" }
+agent_prefix "" { policy = "read" }
+session_prefix "" { policy = "write" }
+
+