Which of the following features allows Vault to manage access to various secret engines?

Access policies are foundational to Vault's security model, enabling fine-grained control over who can access which secrets and operations within various secret engines. They define the specific permissions that users, applications, or systems have when interacting with Vault. By leveraging these policies, administrators can restrict actions such as reading, writing, or deleting secrets based on user roles or attributes.

When a request is made to access a secret, Vault evaluates the access policies associated with the caller against the requested operation and the path being accessed. This mechanism ensures that only authorized entities can interact with sensitive data, thereby enhancing the overall security posture of the environment.

Other features listed, while important in the context of secret management, do not directly facilitate access management across different secret engines. Tokenization pertains to transforming sensitive data into non-sensitive equivalents, secret rotation involves systematically updating secrets to enhance security, and audit logging keeps track of access and alterations to secrets for compliance and monitoring purposes. However, none of these directly manage access controls in the way that access policies do.