From 3faba5d905bcd537f917386799250d14bd7575f6 Mon Sep 17 00:00:00 2001
From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Date: Tue, 18 Apr 2023 14:17:19 -0400
Subject: [PATCH] docs/debug: add example policy for debug command (#20232)

---
 website/content/docs/commands/debug.mdx | 28 +++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/website/content/docs/commands/debug.mdx b/website/content/docs/commands/debug.mdx
index 3330ff44120a..0d020f4c95f4 100644
--- a/website/content/docs/commands/debug.mdx
+++ b/website/content/docs/commands/debug.mdx
@@ -36,6 +36,34 @@ query the matching endpoint in order to get a proper response. Any errors
 encountered during capture due to permissions or otherwise will be logged in the
 index file.
 
+The following policy can be used for generating debug packages with all targets:
+
+```hcl
+path "auth/token/lookup-self" {
+  capabilities = ["read"]
+}
+
+path "sys/pprof/*" {
+  capabilities = ["read"]
+}
+
+path "sys/config/state/sanitized" {
+  capabilities = ["read"]
+}
+
+path "sys/monitor" {
+  capabilities = ["read"]
+}
+
+path "sys/host-info" {
+  capabilities = ["read"]
+}
+
+path "sys/in-flight-req" {
+  capabilities = ["read"]
+}
+```
+
 ## Capture Targets
 
 The `-target` flag can be specified multiple times to capture specific