2015-04-18 20:35:55 +00:00
|
|
|
---
|
|
|
|
|
layout: "docs"
|
|
|
|
|
page_title: "Auth Backend: Token"
|
|
|
|
|
sidebar_current: "docs-auth-token"
|
|
|
|
|
description: |-
|
|
|
|
|
The token store auth backend is used to authenticate using tokens.
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# Auth Backend: Token
|
|
|
|
|
|
|
|
|
|
The token backend is the only auth backend that is built-in and
|
2015-04-26 03:21:59 +00:00
|
|
|
automatically available at `/auth/token` as well as with first-class
|
2015-04-18 20:35:55 +00:00
|
|
|
built-in CLI methods such as `vault token-create`. It allows users to
|
|
|
|
|
authenticate using a token, as well to create new tokens, revoke
|
|
|
|
|
secrets by token, and more.
|
|
|
|
|
|
|
|
|
|
When any other auth backend returns an identity, Vault core invokes the
|
|
|
|
|
token backend to create a new unique token for that identity.
|
|
|
|
|
|
|
|
|
|
The token store can also be used to bypass any other auth backend:
|
|
|
|
|
you can create tokens directly, as well as perform a variety of other
|
|
|
|
|
operations on tokens such as renewal and revocation.
|
|
|
|
|
|
2015-04-18 20:45:50 +00:00
|
|
|
Please see the [token concepts](/docs/concepts/tokens.html) page dedicated
|
2015-04-18 20:35:55 +00:00
|
|
|
to tokens.
|
|
|
|
|
|
|
|
|
|
## Authentication
|
|
|
|
|
|
2017-08-08 16:28:17 +00:00
|
|
|
### Via the CLI
|
2015-04-18 20:35:55 +00:00
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ vault auth <token>
|
|
|
|
|
...
|
|
|
|
|
```
|
|
|
|
|
|
2017-08-08 16:28:17 +00:00
|
|
|
### Via the API
|
2015-04-18 20:35:55 +00:00
|
|
|
|
2015-09-03 14:36:59 +00:00
|
|
|
The token is set directly as a header for the HTTP API. The name
|
|
|
|
|
of the header should be "X-Vault-Token" and the value should be the token.
|
2015-04-18 20:35:55 +00:00
|
|
|
|
|
|
|
|
## API
|
|
|
|
|
|
2017-08-08 16:28:17 +00:00
|
|
|
The Token authentication backend has a full HTTP API. Please see the
|
|
|
|
|
[Token auth backend API](/api/auth/token/index.html) for more
|
|
|
|
|
details.
|
