2017-09-08 02:07:15 +00:00
|
|
|
---
|
2020-01-18 00:18:09 +00:00
|
|
|
layout: docs
|
|
|
|
page_title: auth tune - Command
|
2017-09-08 02:07:15 +00:00
|
|
|
description: |-
|
|
|
|
The "auth tune" command tunes the configuration options for the auth method at
|
|
|
|
the given PATH.
|
|
|
|
---
|
|
|
|
|
|
|
|
# auth tune
|
|
|
|
|
|
|
|
The `auth tune` command tunes the configuration options for the auth method at
|
|
|
|
the given PATH. **The argument corresponds to the PATH where the auth method is
|
|
|
|
enabled, not the TYPE!**
|
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
2021-09-03 00:03:55 +00:00
|
|
|
Before tuning the auth method configuration, view the current configuration of the
|
|
|
|
auth method enabled at "github/".
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ vault read sys/auth/github/tune
|
|
|
|
Key Value
|
|
|
|
--- -----
|
|
|
|
default_lease_ttl 768h
|
|
|
|
description n/a
|
|
|
|
force_no_cache false
|
|
|
|
max_lease_ttl 768h
|
|
|
|
token_type default-service
|
|
|
|
```
|
|
|
|
|
|
|
|
The default lease for the auth method enabled at "github/" is currently set to
|
|
|
|
768 hours. Tune this value to 72 hours.
|
2017-09-08 02:07:15 +00:00
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
```shell-session
|
2017-09-08 02:07:15 +00:00
|
|
|
$ vault auth tune -default-lease-ttl=72h github/
|
|
|
|
Success! Tuned the auth method at: github/
|
|
|
|
```
|
|
|
|
|
2021-09-03 00:03:55 +00:00
|
|
|
You can specify multiple audit non-hmac request keys.
|
2020-10-06 17:43:32 +00:00
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ vault auth tune -audit-non-hmac-request-keys=value1 -audit-non-hmac-request-keys=value2 github/
|
2021-09-03 00:03:55 +00:00
|
|
|
Success! Tuned the auth method at: github/
|
2020-10-06 17:43:32 +00:00
|
|
|
```
|
|
|
|
|
2017-09-08 02:07:15 +00:00
|
|
|
## Usage
|
|
|
|
|
|
|
|
The following flags are available in addition to the [standard set of
|
2020-01-22 20:05:41 +00:00
|
|
|
flags](/docs/commands) included on all commands.
|
2017-09-08 02:07:15 +00:00
|
|
|
|
2021-08-09 19:37:03 +00:00
|
|
|
- `-allowed-response-headers` `(string: "")` - response header values that the auth
|
|
|
|
method will be allowed to set.
|
|
|
|
|
2020-10-06 17:43:32 +00:00
|
|
|
- `-audit-non-hmac-request-keys` `(string: "")` - Key that will not be HMAC'd
|
|
|
|
by audit devices in the request data object. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|
2020-03-02 16:36:10 +00:00
|
|
|
|
2020-10-06 17:43:32 +00:00
|
|
|
- `-audit-non-hmac-response-keys` `(string: "")` - Key that will not be HMAC'd
|
|
|
|
by audit devices in the response data object. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|
2020-03-02 16:36:10 +00:00
|
|
|
|
2017-09-08 02:07:15 +00:00
|
|
|
- `-default-lease-ttl` `(duration: "")` - The default lease TTL for this auth
|
|
|
|
method. If unspecified, this defaults to the Vault server's globally
|
|
|
|
configured default lease TTL, or a previously configured value for the auth
|
|
|
|
method.
|
|
|
|
|
2021-08-09 19:37:03 +00:00
|
|
|
- `-description` `(string: "")` - Specifies the description of the auth method.
|
|
|
|
This overrides the current stored value, if any.
|
|
|
|
|
|
|
|
- `-listing-visibility` `(string: "")` - The flag to toggle whether to show the
|
|
|
|
mount in the UI-specific listing endpoint.
|
|
|
|
|
2017-09-08 02:07:15 +00:00
|
|
|
- `-max-lease-ttl` `(duration: "")` - The maximum lease TTL for this auth
|
|
|
|
method. If unspecified, this defaults to the Vault server's globally
|
2021-10-12 12:24:07 +00:00
|
|
|
configured [maximum lease TTL](/docs/configuration#max_lease_ttl), or a
|
|
|
|
previously configured value for the auth method. This value is allowed to
|
|
|
|
override the server's global max TTL; it can be longer or shorter.
|
2021-08-09 19:37:03 +00:00
|
|
|
|
|
|
|
- `-passthrough-request-headers` `(string: "")` - request header values that will
|
|
|
|
be sent to the auth method. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|
|
|
|
|
|
|
|
- `-token-type` `(string: "")` - Specifies the type of tokens that should be
|
|
|
|
returned by the auth method. Note that multiple keys may be
|
|
|
|
specified by providing this option multiple times, each time with 1 key.
|