From 57e47f4546c9ea78c2e43d3d2e70adacbebacb66 Mon Sep 17 00:00:00 2001
From: Vault Automation <github-team-secure-vault-core@hashicorp.com>
Date: Thu, 26 Feb 2026 13:38:05 -0700
Subject: [PATCH] adding sealing test & seal permissions (#12566) (#12569)

Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com>
---
 ui/e2e/policies/superuser.hcl       |  4 ++++
 ui/e2e/tests/superuser/seal.spec.ts | 15 +++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 ui/e2e/tests/superuser/seal.spec.ts

diff --git a/ui/e2e/policies/superuser.hcl b/ui/e2e/policies/superuser.hcl
index 2c64d21233..589857650d 100644
--- a/ui/e2e/policies/superuser.hcl
+++ b/ui/e2e/policies/superuser.hcl
@@ -3,4 +3,8 @@
 
 path "*" {
   capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+// needed permissions to be able to seal vault
+path "sys/seal" {
+  capabilities = ["sudo", "update"]
 }
\ No newline at end of file
diff --git a/ui/e2e/tests/superuser/seal.spec.ts b/ui/e2e/tests/superuser/seal.spec.ts
new file mode 100644
index 0000000000..142c511381
--- /dev/null
+++ b/ui/e2e/tests/superuser/seal.spec.ts
@@ -0,0 +1,15 @@
+/**
+ * Copyright IBM Corp. 2016, 2025
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import { test, expect } from '@playwright/test';
+
+test('sealing workflow', async ({ page }) => {
+  await page.goto('dashboard');
+  await page.getByRole('link', { name: 'Resilience and recovery' }).click();
+  await page.getByRole('link', { name: 'Seal Vault' }).click();
+  await page.getByRole('button', { name: 'Seal' }).click();
+  await page.getByRole('button', { name: 'Confirm' }).click();
+  await expect(page.getByText('Vault is sealed')).toBeVisible();
+});