diff --git a/vault/policies/cert-manager.hcl b/vault/policies/cert-manager.hcl
index 778f5b6..7bed5a5 100644
--- a/vault/policies/cert-manager.hcl
+++ b/vault/policies/cert-manager.hcl
@@ -7,3 +7,6 @@ path "kv/data/namecheap" {
 path "kv/data/aws" {
   capabilities = ["read"]
 }
+path "pki_int/sign/masked-dot-name" {
+  capabilities = [ "create", "read", "list", "update" ]
+}