2017-09-08 02:07:01 +00:00
|
|
|
---
|
2020-01-18 00:18:09 +00:00
|
|
|
layout: docs
|
|
|
|
page_title: auth enable - Command
|
2017-09-08 02:07:01 +00:00
|
|
|
description: |-
|
|
|
|
The "auth enable" command enables an auth method at a given path. If an auth
|
|
|
|
method already exists at the given path, an error is returned. After the auth
|
|
|
|
method is enabled, it usually needs configuration.
|
|
|
|
---
|
|
|
|
|
|
|
|
# auth enable
|
|
|
|
|
|
|
|
The `auth enable` command enables an auth method at a given path. If an auth
|
|
|
|
method already exists at the given path, an error is returned. After the auth
|
|
|
|
method is enabled, it usually needs configuration. The configuration varies by
|
|
|
|
auth method.
|
|
|
|
|
|
|
|
An auth method is responsible for authenticating users or machines and assigning
|
|
|
|
them policies and a token with which they can access Vault. Authentication is
|
|
|
|
usually mapped to policy. Please see the [policies
|
2020-01-22 20:05:41 +00:00
|
|
|
concepts](/docs/concepts/policies) page for more information.
|
2017-09-08 02:07:01 +00:00
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
|
|
|
Enable the auth method "userpass" enabled at "userpass/":
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
```shell-session
|
2017-09-08 02:07:01 +00:00
|
|
|
$ vault auth enable userpass
|
|
|
|
Success! Enabled the userpass auth method at: userpass/
|
|
|
|
```
|
|
|
|
|
|
|
|
Create a user:
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
```shell-session
|
2017-09-08 02:07:01 +00:00
|
|
|
$ vault write auth/userpass/users/sethvargo password=secret
|
|
|
|
Success! Data written to: auth/userpass/users/sethvargo
|
|
|
|
```
|
|
|
|
|
|
|
|
For more information on the specific configuration options and paths, please see
|
2020-01-22 20:05:41 +00:00
|
|
|
the [auth method](/docs/auth) documentation.
|
2017-09-08 02:07:01 +00:00
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
The following flags are available in addition to the [standard set of
|
2020-01-22 20:05:41 +00:00
|
|
|
flags](/docs/commands) included on all commands.
|
2017-09-08 02:07:01 +00:00
|
|
|
|
2020-10-06 17:43:32 +00:00
|
|
|
- `-audit-non-hmac-request-keys` `(string: "")` - Key that will not be HMAC'd
|
|
|
|
by audit devices in the request data object. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|
|
|
|
An example of this is provided in the [tune section](/docs/commands/auth/tune).
|
|
|
|
|
|
|
|
- `-audit-non-hmac-response-keys` `(string: "")` - Key that will not be HMAC'd
|
|
|
|
by audit devices in the response data object. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|
2020-03-02 16:36:10 +00:00
|
|
|
|
|
|
|
- `-default-lease-ttl` `(duration: "")` - The default lease TTL for this auth
|
|
|
|
method. If unspecified, this defaults to the Vault server's globally
|
|
|
|
configured default lease TTL, or a previously configured value for the auth
|
2022-06-13 12:51:07 +00:00
|
|
|
method. Uses [duration format strings](/docs/concepts/duration-format).
|
2020-03-02 16:36:10 +00:00
|
|
|
|
2021-08-09 19:37:03 +00:00
|
|
|
- `-passthrough-request-headers` `(string: "")` - request header values that will
|
|
|
|
be sent to the auth method. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|
|
|
|
|
|
|
|
- `-allowed-response-headers` `(string: "")` - response header values that the auth
|
|
|
|
method will be allowed to set. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|
|
|
|
|
2017-09-08 02:07:01 +00:00
|
|
|
- `-description` `(string: "")` - Human-friendly description for the purpose of
|
|
|
|
this auth method.
|
|
|
|
|
2021-08-09 19:37:03 +00:00
|
|
|
- `-listing-visibility` `(string: "")` - The flag to toggle whether to show the
|
2022-06-07 13:49:13 +00:00
|
|
|
mount in the UI-specific listing endpoint. Valid values are `"unauth"` or `"hidden"`,
|
|
|
|
with the default `""` being equivalent to `"hidden"`.
|
|
|
|
|
2021-08-09 19:37:03 +00:00
|
|
|
|
2017-09-08 02:07:01 +00:00
|
|
|
- `-local` `(bool: false)` - Mark the auth method as local-only. Local auth
|
|
|
|
methods are not replicated nor removed by replication.
|
|
|
|
|
2021-08-09 19:37:03 +00:00
|
|
|
- `-max-lease-ttl` `(string: "")` - The maximum lease duration, specified as
|
|
|
|
a string duration like "5s" or "30m".
|
|
|
|
|
2017-09-08 02:07:01 +00:00
|
|
|
- `-path` `(string: "")` - Place where the auth method will be accessible. This
|
|
|
|
must be unique across all auth methods. This defaults to the "type" of the
|
2018-08-07 17:34:35 +00:00
|
|
|
auth method. The auth method will be accessible at `/auth/<path>`.
|
2021-08-09 19:37:03 +00:00
|
|
|
|
|
|
|
- `-seal-wrap` `(bool: false)` - Enable seal wrapping for the mount, causing
|
|
|
|
values stored by the mount to be wrapped by the seal's encryption capability.
|
2022-09-06 20:00:21 +00:00
|
|
|
|
|
|
|
- `-token-type` `(string: "")` - Specifies the type of tokens that should be
|
|
|
|
returned by the auth method.
|