Difficulty: beginner
Estimated Time: 5 minutes

Logo

Vault's auth methods perform authentication to verify the user or machine-supplied information. Some of the supported auth methods are targeted towards users while others are targeted toward machines or apps. For example, LDAP auth method enables user authentication using an existing LDAP server while AppRole auth method is recommended for machines or apps.

The Getting Started guide walks you through how to enable the GitHub auth method for user authentication.

This scenario demonstrates the userpass auth method which allows users to authenticate with Vault using a username and password combination.

Vault Authentication

Step 1 of 3

Enable an Auth Method

The username/password combinations are configured directly to the auth method using the users/ path. This method cannot read usernames and passwords from an external source.

Login with root token.

Click on the command () will automatically copy it into the terminal and execute it.

vault login root

Execute the following command to list which authentication methods have been enabled:

vault auth list

Userpass auth method allows users to login with username and password. Execute the following command to enable the userpass auth method:

vault auth enable userpass

Now, when you list the enabled auth methods, you should see userpass.

vault auth list


Everything in Vault is path based, and you can enable the same method at multiple paths. The data is isolated at path that they are not shared between paths even among the same auth method.

Execute the following command to enable userpass at a different path, training-userpass:

vault auth enable -path=training-userpass -description="userpass at a different path" userpass

Now, the enabled auth method list should include userpass and training-userpass:

vault auth list


Path                  Type        Accessor                  Description
----                  ----        --------                  -----------
token/                token       auth_token_1d355601       token based credentials
training-userpass/    userpass    auth_userpass_67c0850b    userpass at a different path
userpass/             userpass    auth_userpass_08620fee    n/a