chainkindle.com

Vault Authentication Methods

General Jul 05, 2019

We can authenticate into vault via several methods, here is a few syntax that can be used to manage vault authentication

List Enabled Authentication Methods
To list all authentication methods enabled, this can be done with the command below

vault auth list

Enabling an Authentication Method
To enable an authentication method in vault can also be done with the command below

vault auth enable ldap #enabling ldap authentication
vault auth enable userpass #enabling userpass authentication

Disabling an Authentication Method

vault auth disable ldap

Adding a role to an Authentication Method

Adding a new user to Authentication Method Userpass
We can add a user John with the command below. enabling him access to vault via username and password

vault write auth/userpass/users/john password=john

List all users having access to Vault
We can list all users having access to vault with the command below

vault list auth/userpass/users

Logging in via an authentication method
We can login to vault from the command line via an authentication method using the commands below

vault login -method=userpass username=john password=john #via userpass
vault login -method=ldap username=john password=john #via ldap
#via API
curl --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data '{"username": "john", "password":"john"}' $VAULT_ADDR/v1/auth/userpass/login/john

reset password in userpass Authentication in vault
To change a users password depending on the situation this can be done with the following commands

#N.B: except the user has the desired rights should be done by root user
vault write auth/userpass/users/john/password password=johnnew
#via API
curl --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data '{"password":"johnnew"}' $VAULT_ADDR/v1/auth/userpass/users/john/password

Deleting a Userpass account
Deleting a user from Userpass can be done with the command below

vault delete auth/userpass/users/john
#via API
curl --header "X-Vault-Token: $VAULT_TOKEN" --request DELETE $VAULT_ADDR/v1/auth/userpass/users/john

more information about Vault authentication can be found in the official documentation in the link below:
https://www.vaultproject.io/docs/auth/

John Adebayo

Recommended for you

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
#