open-vault/website/source/docs/auth/userpass.html.md

---
layout: "docs"
page_title: "Auth Backend: Username & Password"
sidebar_current: "docs-auth-userpass"
description: |-
  The "userpass" auth backend allows users to authenticate with Vault using a username and password.
---

# Auth Backend: Username & Password

Name: `userpass`

The "userpass" auth backend allows users to authenticate with Vault using
a username and password combination.

The username/password combinations are configured directly to the auth
backend using the `users/` path. This backend cannot read usernames and
passwords from an external source.

## Authentication

#### Via the CLI

```
$ vault auth -method=userpass \
  username=foo \
  password=bar
```

#### Via the API

The endpoint for the login is `auth/userpass/login/<username>`.

The password should be sent in the POST body encoded as JSON.

```shell
$ curl $VAULT_ADDR/v1/auth/userpass/login/mitchellh \
    -d '{"password: "foo"}'
```

The response will be in JSON. For example:

```javascript
{
  "lease_id":"",
  "renewable":false,
  "lease_duration":0,
  "data":null,
  "auth":{
    "client_token":"c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
    "policies":[
      "root"
    ],
    "metadata":{
      "username":"mitchellh"
    },
    "lease_duration":0,
    "renewable":false
  }
}
```

## Configuration

First, you must enable the username/password auth backend:

```
$ vault auth-enable userpass
Successfully enabled 'userpass' at 'userpass'!
```

Now when you run `vault auth -methods`, the username/password backend is
available:

```
Path       Type      Description
token/     token     token based credentials
userpass/  userpass
```

To use the "userpass" auth backend, an operator must configure it with
users that are allowed to authenticate. An example is shown below.
Use `vault help` for more details.

```
$ vault write auth/userpass/users/mitchellh password=foo policies=root
...
```

The above creates a new user "mitchellh" with the password "foo" that
will be associated with the "root" policy. This is the only configuration
necessary.
website: doc userpass 2015-04-19 22:21:35 +00:00			`---`
			`layout: "docs"`
			`page_title: "Auth Backend: Username & Password"`
			`sidebar_current: "docs-auth-userpass"`
			`description: \|-`
			`The "userpass" auth backend allows users to authenticate with Vault using a username and password.`
			`---`

			`# Auth Backend: Username & Password`

			Name: `userpass`

			`The "userpass" auth backend allows users to authenticate with Vault using`
			`a username and password combination.`

			`The username/password combinations are configured directly to the auth`
			backend using the `users/` path. This backend cannot read usernames and
			`passwords from an external source.`

			`## Authentication`

			`#### Via the CLI`

			```
			`$ vault auth -method=userpass \`
Remove references to -var 2015-05-08 15:45:29 +00:00			`username=foo \`
			`password=bar`
website: doc userpass 2015-04-19 22:21:35 +00:00			```

			`#### Via the API`

Cleanup userpass docs 2015-05-08 15:49:58 +00:00			The endpoint for the login is `auth/userpass/login/<username>`.
Added more info about the userpass auth backend API endpoint 2015-05-08 09:45:21 +00:00
Cleanup userpass docs 2015-05-08 15:49:58 +00:00			`The password should be sent in the POST body encoded as JSON.`
Added more info about the userpass auth backend API endpoint 2015-05-08 09:45:21 +00:00
Cleanup userpass docs 2015-05-08 15:49:58 +00:00			```shell
			`$ curl $VAULT_ADDR/v1/auth/userpass/login/mitchellh \`
fix doc example to submit valid json in POST body I don't know if there is some version of curl that auto-generates json but the example didn't work for me on curl 7.32.0. Submitting the data as JSON works though. 2015-05-20 20:11:54 +00:00			`-d '{"password: "foo"}'`
Added more info about the userpass auth backend API endpoint 2015-05-08 09:45:21 +00:00			```

Cleanup userpass docs 2015-05-08 15:49:58 +00:00			`The response will be in JSON. For example:`

			```javascript
			`{`
			`"lease_id":"",`
			`"renewable":false,`
			`"lease_duration":0,`
			`"data":null,`
			`"auth":{`
			`"client_token":"c4f280f6-fdb2-18eb-89d3-589e2e834cdb",`
			`"policies":[`
			`"root"`
			`],`
			`"metadata":{`
			`"username":"mitchellh"`
			`},`
			`"lease_duration":0,`
			`"renewable":false`
			`}`
			`}`
Added more info about the userpass auth backend API endpoint 2015-05-08 09:45:21 +00:00			```
website: doc userpass 2015-04-19 22:21:35 +00:00
			`## Configuration`

Add instructions for enabling the auth first 2015-05-07 17:41:23 +00:00			`First, you must enable the username/password auth backend:`

			```
			`$ vault auth-enable userpass`
			`Successfully enabled 'userpass' at 'userpass'!`
			```

			Now when you run `vault auth -methods`, the username/password backend is
			`available:`

			```
			`Path Type Description`
			`token/ token token based credentials`
			`userpass/ userpass`
			```

website: doc userpass 2015-04-19 22:21:35 +00:00			`To use the "userpass" auth backend, an operator must configure it with`
website: address minor doc typos 2015-04-28 18:32:04 +00:00			`users that are allowed to authenticate. An example is shown below.`
website: doc userpass 2015-04-19 22:21:35 +00:00			Use `vault help` for more details.

			```
			`$ vault write auth/userpass/users/mitchellh password=foo policies=root`
			`...`
			```

			`The above creates a new user "mitchellh" with the password "foo" that`
			`will be associated with the "root" policy. This is the only configuration`
			`necessary.`