diff --git a/jupyterhub/jupyterhub-admin-policy.hcl b/jupyterhub/jupyterhub-admin-policy.hcl
index 348f52d..a163f10 100644
--- a/jupyterhub/jupyterhub-admin-policy.hcl
+++ b/jupyterhub/jupyterhub-admin-policy.hcl
@@ -34,16 +34,26 @@ path "auth/token/renew-self" {
   capabilities = ["update"]
 }
 
-# Create user-specific policies dynamically
+# Create user-specific policies dynamically (new API)
 path "sys/policies/acl/jupyter-user-*" {
   capabilities = ["create", "read", "update", "delete"]
 }
 
-# Read user policies to allow token creation with these policies
+# Create user-specific policies dynamically (old API for hvac compatibility)
+path "sys/policy/*" {
+  capabilities = ["create", "read", "update", "delete", "sudo"]
+}
+
+# Read user policies to allow token creation with these policies (new API)
 path "sys/policies/acl/*" {
   capabilities = ["read", "list"]
 }
 
+# Read user policies to allow token creation with these policies (old API for hvac compatibility)
+path "sys/policy/*" {
+  capabilities = ["read", "list"]
+}
+
 # System capabilities check
 path "sys/capabilities-self" {
   capabilities = ["read"]