open-vault/website/content/api-docs/auth/userpass.mdx

281 lines
6.2 KiB
Plaintext
Raw Normal View History

2017-08-08 16:28:17 +00:00
---
layout: api
page_title: Userpass - Auth Methods - HTTP API
2017-08-08 16:28:17 +00:00
description: |-
This is the API documentation for the Vault username and password
auth method.
2017-08-08 16:28:17 +00:00
---
# Userpass Auth Method (HTTP API)
2017-08-08 16:28:17 +00:00
This is the API documentation for the Vault Username & Password auth method. For
general information about the usage and operation of the Username and Password method, please
see the [Vault Userpass method documentation](/docs/auth/userpass).
2017-08-08 16:28:17 +00:00
This documentation assumes the Username & Password method is mounted at the `/auth/userpass`
2017-09-21 21:14:40 +00:00
path in Vault. Since it is possible to enable auth methods at any location,
2017-08-08 16:28:17 +00:00
please update your API calls accordingly.
## Create/Update User
Create a new user or update an existing user. This path honors the distinction between the `create` and `update` capabilities inside ACL policies.
| Method | Path |
| :----- | :------------------------------- |
| `POST` | `/auth/userpass/users/:username` |
2017-08-08 16:28:17 +00:00
### Parameters
- `username` `(string: <required>)` The username for the user. Accepted characters: alphanumeric plus "_", "-", "." (underscore, hyphen and period); username cannot begin with a hyphen, nor can it begin or end with a period.
- `password` `(string: <required>)` - The password for the user. Only required
2017-08-08 16:28:17 +00:00
when creating the user.
@include 'tokenfields.mdx'
2017-08-08 16:28:17 +00:00
### Sample Payload
```json
{
"password": "superSecretPassword",
"token_policies": ["admin", "default"],
"token_bound_cidrs": ["127.0.0.1/32", "128.252.0.0/16"]
2017-08-08 16:28:17 +00:00
}
```
### Sample Request
```shell-session
2017-08-08 16:28:17 +00:00
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
2017-08-08 16:28:17 +00:00
```
## Read User
Reads the properties of an existing username.
| Method | Path |
| :----- | :------------------------------- |
| `GET` | `/auth/userpass/users/:username` |
2017-08-08 16:28:17 +00:00
### Sample Request
```shell-session
2017-08-08 16:28:17 +00:00
$ curl \
--header "X-Vault-Token: ..." \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
2017-08-08 16:28:17 +00:00
```
### Sample Response
```json
{
"request_id": "0ad1be52-9398-4b3c-f58b-98e427406471",
2017-08-08 16:28:17 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": 0,
2017-08-08 16:28:17 +00:00
"data": {
"token_bound_cidrs": [
"127.0.0.1",
"128.252.0.0/16"
],
"token_explicit_max_ttl": 0,
"token_max_ttl": 0,
"token_no_default_policy": false,
"token_num_uses": 0,
"token_period": 0,
"token_policies": [
"admin",
"default"
],
"token_ttl": 0,
"token_type": "default"
2017-08-08 16:28:17 +00:00
},
"wrap_info": null,
"warnings": null,
"auth": null
2017-08-08 16:28:17 +00:00
}
```
## Delete User
This endpoint deletes the user from the method.
2017-08-08 16:28:17 +00:00
| Method | Path |
| :------- | :------------------------------- |
| `DELETE` | `/auth/userpass/users/:username` |
2017-08-08 16:28:17 +00:00
### Parameters
- `username` `(string: <required>)` - The username for the user.
### Sample Request
```shell-session
2017-08-08 16:28:17 +00:00
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
2017-08-08 16:28:17 +00:00
```
## Update Password on User
Update password for an existing user.
| Method | Path |
| :----- | :---------------------------------------- |
| `POST` | `/auth/userpass/users/:username/password` |
2017-08-08 16:28:17 +00:00
### Parameters
- `username` `(string: <required>)` The username for the user.
- `password` `(string: <required>)` - The password for the user.
### Sample Payload
```json
{
"password": "superSecretPassword2"
2017-08-08 16:28:17 +00:00
}
```
### Sample Request
```shell-session
2017-08-08 16:28:17 +00:00
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh/password
2017-08-08 16:28:17 +00:00
```
## Update Policies on User
Update policies for an existing user.
| Method | Path |
| :----- | :---------------------------------------- |
| `POST` | `/auth/userpass/users/:username/policies` |
2017-08-08 16:28:17 +00:00
### Parameters
- `username` `(string: <required>)` The username for the user.
- `token_policies` `(array: [] or comma-delimited string: "")` - List of
policies to encode onto generated tokens. Depending on the auth method, this
list may be supplemented by user/group/other values.
2017-08-08 16:28:17 +00:00
### Sample Payload
```json
{
"token_policies": ["policy1", "policy2"]
2017-08-08 16:28:17 +00:00
}
```
### Sample Request
```shell-session
2017-08-08 16:28:17 +00:00
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh/policies
2017-08-08 16:28:17 +00:00
```
## List Users
List available userpass users.
| Method | Path |
| :----- | :--------------------- |
| `LIST` | `/auth/userpass/users` |
2017-08-08 16:28:17 +00:00
### Sample Request
```shell-session
2017-08-08 16:28:17 +00:00
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/auth/userpass/users
2017-08-08 16:28:17 +00:00
```
### Sample Response
```json
{
"data": {
"keys": ["mitchellh", "armon"]
2017-08-08 16:28:17 +00:00
}
}
```
## Login
Login with the username and password.
| Method | Path |
| :----- | :------------------------------- |
| `POST` | `/auth/userpass/login/:username` |
2017-08-08 16:28:17 +00:00
### Parameters
- `username` `(string: <required>)` The username for the user.
- `password` `(string: <required>)` - The password for the user.
### Sample Payload
```json
{
"password": "superSecretPassword2"
2017-08-08 16:28:17 +00:00
}
```
### Sample Request
```shell-session
2017-08-08 16:28:17 +00:00
$ curl \
--request POST \
--data @payload.json \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/auth/userpass/login/mitchellh
2017-08-08 16:28:17 +00:00
```
### Sample Response
```json
{
"request_id": "ae1882ba-f60a-7629-ce1a-6618c482de3e",
2017-08-08 16:28:17 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
2017-08-08 16:28:17 +00:00
"warnings": null,
"auth": {
"client_token": "hvs.CAESIJyeFmhLYRWVXPJStT3fDP1ZdFkon_otuk1sJUpkfk_WGh4KHGh2cy5xdW9XVHBnVUwwbzB1ZEhzZkpkRmVoU08",
"accessor": "iP2Lw1JXpjlALbgJSeIx51n7",
"policies": [
"default",
"policy1",
"policy2"
],
"token_policies": [
"default",
"policy1",
"policy2"
],
2017-08-08 16:28:17 +00:00
"metadata": {
"username": "mitchellh"
},
"lease_duration": 2764800,
"renewable": true,
"entity_id": "0660dce5-4f2c-926a-8b15-158901557d9d",
"token_type": "service",
"orphan": true,
"mfa_requirement": null,
"num_uses": 0
2017-08-08 16:28:17 +00:00
}
}
```