Which component of HashiCorp Vault matches a client against its security policies?

The component of HashiCorp Vault that matches a client against its security policies is authorization. Authorization is the process that determines what actions a client is permitted to perform based on the policies that have been defined within Vault. Once a client successfully authenticates, authorization ensures that the client has the appropriate permissions as defined in its security policies, enabling or denying access to specific secrets or operations based on those rules.

In this context, the authentication process primarily focuses on verifying the client’s identity to ensure that they are who they claim to be. After the client has been authenticated, it's the authorization component that takes over to enforce security measures based on the established policies. This two-step process of authentication followed by authorization ensures a robust security model, where access is not only about confirming identity but also about providing the right level of access according to the client’s assigned policies.