In order for mfsecretshashicorp vault provider to function correctly, it requires a token that has create, read, update, delete, and list permissions for the given secrets engine path. Micro Focus recommends that you give the token the following policy as a minimum:
# Where `secrets/engine/path` is the same as `secrets_engine_path` provided in the config file
path "secrets/engine/path/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}