What type of access policy allows users to read but not modify secrets?

A read-only policy is designed specifically to permit users to retrieve and view data or secrets but prohibits any modifications or deletions of those secrets. This type of policy is essential in scenarios where users need to access sensitive information, such as credentials or configuration settings, without the ability to alter that information, thereby reducing the risk of accidental or malicious changes.

In contrast, a write-only policy would allow users to create or update data but not read it, which doesn't align with the requirement of needing read access. An admin policy typically includes comprehensive permissions, often allowing both read and write access, which goes beyond the specific need for a read-only approach. Access policy is a more general term and could encompass various configurations, but it does not specifically denote a policy focused solely on granting read access without modification rights.

Thus, the read-only policy is the most precise choice for limiting access to viewing secrets while maintaining their integrity by preventing any changes.