How to specify multiple vault VMs in policy for use with SSH client and Split SSH

I am trying to setup Split SSH using the community guide here

I have two vaults, vault-1 and vault-2. I would like do something like this in my SSH policy file:

qubes.SshAgent * ssh-client vault-1,vault-2 ask target=vault-1

The idea being that the ssh-client VM can access both vault VMs and I can select the vault VM to use when calling SSH (for lack of a better description)

You can try to create the separate policies like this:

qubes.SshAgent * ssh-client vault-1 ask target=vault-1
qubes.SshAgent * ssh-client vault-2 ask target=vault-1

Or use qvm-tags command to add tag to vault-1 and vault-2:

qvm-tags add vault-1 SshAgent_ssh-client
qvm-tags add vault-2 SshAgent_ssh-client
And then use this tag as destination in policy:

qubes.SshAgent * ssh-client @tag:SshAgent_ssh-client ask target=vault-1

Thanks. You’ve helped me confirm if I could have multiple lines in the policy.
I will opt for that for now. If I get more vaults, I may switch to using tags