281 lines
6.2 KiB
Plaintext
281 lines
6.2 KiB
Plaintext
---
|
||
layout: api
|
||
page_title: Userpass - Auth Methods - HTTP API
|
||
description: |-
|
||
This is the API documentation for the Vault username and password
|
||
auth method.
|
||
---
|
||
|
||
# Userpass Auth Method (HTTP API)
|
||
|
||
This is the API documentation for the Vault Username & Password auth method. For
|
||
general information about the usage and operation of the Username and Password method, please
|
||
see the [Vault Userpass method documentation](/docs/auth/userpass).
|
||
|
||
This documentation assumes the Username & Password method is mounted at the `/auth/userpass`
|
||
path in Vault. Since it is possible to enable auth methods at any location,
|
||
please update your API calls accordingly.
|
||
|
||
## Create/Update User
|
||
|
||
Create a new user or update an existing user. This path honors the distinction between the `create` and `update` capabilities inside ACL policies.
|
||
|
||
| Method | Path |
|
||
| :----- | :------------------------------- |
|
||
| `POST` | `/auth/userpass/users/:username` |
|
||
|
||
### Parameters
|
||
|
||
- `username` `(string: <required>)` – The username for the user. Accepted characters: alphanumeric plus "_", "-", "." (underscore, hyphen and period); username cannot begin with a hyphen, nor can it begin or end with a period.
|
||
- `password` `(string: <required>)` - The password for the user. Only required
|
||
when creating the user.
|
||
|
||
@include 'tokenfields.mdx'
|
||
|
||
### Sample Payload
|
||
|
||
```json
|
||
{
|
||
"password": "superSecretPassword",
|
||
"token_policies": ["admin", "default"],
|
||
"token_bound_cidrs": ["127.0.0.1/32", "128.252.0.0/16"]
|
||
}
|
||
```
|
||
|
||
### Sample Request
|
||
|
||
```shell-session
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request POST \
|
||
--data @payload.json \
|
||
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
|
||
```
|
||
|
||
## Read User
|
||
|
||
Reads the properties of an existing username.
|
||
|
||
| Method | Path |
|
||
| :----- | :------------------------------- |
|
||
| `GET` | `/auth/userpass/users/:username` |
|
||
|
||
### Sample Request
|
||
|
||
```shell-session
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
|
||
```
|
||
|
||
### Sample Response
|
||
|
||
```json
|
||
{
|
||
"request_id": "0ad1be52-9398-4b3c-f58b-98e427406471",
|
||
"lease_id": "",
|
||
"renewable": false,
|
||
"lease_duration": 0,
|
||
"data": {
|
||
"token_bound_cidrs": [
|
||
"127.0.0.1",
|
||
"128.252.0.0/16"
|
||
],
|
||
"token_explicit_max_ttl": 0,
|
||
"token_max_ttl": 0,
|
||
"token_no_default_policy": false,
|
||
"token_num_uses": 0,
|
||
"token_period": 0,
|
||
"token_policies": [
|
||
"admin",
|
||
"default"
|
||
],
|
||
"token_ttl": 0,
|
||
"token_type": "default"
|
||
},
|
||
"wrap_info": null,
|
||
"warnings": null,
|
||
"auth": null
|
||
}
|
||
```
|
||
|
||
## Delete User
|
||
|
||
This endpoint deletes the user from the method.
|
||
|
||
| Method | Path |
|
||
| :------- | :------------------------------- |
|
||
| `DELETE` | `/auth/userpass/users/:username` |
|
||
|
||
### Parameters
|
||
|
||
- `username` `(string: <required>)` - The username for the user.
|
||
|
||
### Sample Request
|
||
|
||
```shell-session
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request DELETE \
|
||
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
|
||
```
|
||
|
||
## Update Password on User
|
||
|
||
Update password for an existing user.
|
||
|
||
| Method | Path |
|
||
| :----- | :---------------------------------------- |
|
||
| `POST` | `/auth/userpass/users/:username/password` |
|
||
|
||
### Parameters
|
||
|
||
- `username` `(string: <required>)` – The username for the user.
|
||
- `password` `(string: <required>)` - The password for the user.
|
||
|
||
### Sample Payload
|
||
|
||
```json
|
||
{
|
||
"password": "superSecretPassword2"
|
||
}
|
||
```
|
||
|
||
### Sample Request
|
||
|
||
```shell-session
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request POST \
|
||
--data @payload.json \
|
||
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh/password
|
||
```
|
||
|
||
## Update Policies on User
|
||
|
||
Update policies for an existing user.
|
||
|
||
| Method | Path |
|
||
| :----- | :---------------------------------------- |
|
||
| `POST` | `/auth/userpass/users/:username/policies` |
|
||
|
||
### Parameters
|
||
|
||
- `username` `(string: <required>)` – The username for the user.
|
||
- `token_policies` `(array: [] or comma-delimited string: "")` - List of
|
||
policies to encode onto generated tokens. Depending on the auth method, this
|
||
list may be supplemented by user/group/other values.
|
||
|
||
### Sample Payload
|
||
|
||
```json
|
||
{
|
||
"token_policies": ["policy1", "policy2"]
|
||
}
|
||
```
|
||
|
||
### Sample Request
|
||
|
||
```shell-session
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request POST \
|
||
--data @payload.json \
|
||
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh/policies
|
||
```
|
||
|
||
## List Users
|
||
|
||
List available userpass users.
|
||
|
||
| Method | Path |
|
||
| :----- | :--------------------- |
|
||
| `LIST` | `/auth/userpass/users` |
|
||
|
||
### Sample Request
|
||
|
||
```shell-session
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request LIST \
|
||
http://127.0.0.1:8200/v1/auth/userpass/users
|
||
```
|
||
|
||
### Sample Response
|
||
|
||
```json
|
||
{
|
||
"data": {
|
||
"keys": ["mitchellh", "armon"]
|
||
}
|
||
}
|
||
```
|
||
|
||
## Login
|
||
|
||
Login with the username and password.
|
||
|
||
| Method | Path |
|
||
| :----- | :------------------------------- |
|
||
| `POST` | `/auth/userpass/login/:username` |
|
||
|
||
### Parameters
|
||
|
||
- `username` `(string: <required>)` – The username for the user.
|
||
- `password` `(string: <required>)` - The password for the user.
|
||
|
||
### Sample Payload
|
||
|
||
```json
|
||
{
|
||
"password": "superSecretPassword2"
|
||
}
|
||
```
|
||
|
||
### Sample Request
|
||
|
||
```shell-session
|
||
$ curl \
|
||
--request POST \
|
||
--data @payload.json \
|
||
http://127.0.0.1:8200/v1/auth/userpass/login/mitchellh
|
||
```
|
||
|
||
### Sample Response
|
||
|
||
```json
|
||
{
|
||
"request_id": "ae1882ba-f60a-7629-ce1a-6618c482de3e",
|
||
"lease_id": "",
|
||
"renewable": false,
|
||
"lease_duration": 0,
|
||
"data": null,
|
||
"wrap_info": null,
|
||
"warnings": null,
|
||
"auth": {
|
||
"client_token": "hvs.CAESIJyeFmhLYRWVXPJStT3fDP1ZdFkon_otuk1sJUpkfk_WGh4KHGh2cy5xdW9XVHBnVUwwbzB1ZEhzZkpkRmVoU08",
|
||
"accessor": "iP2Lw1JXpjlALbgJSeIx51n7",
|
||
"policies": [
|
||
"default",
|
||
"policy1",
|
||
"policy2"
|
||
],
|
||
"token_policies": [
|
||
"default",
|
||
"policy1",
|
||
"policy2"
|
||
],
|
||
"metadata": {
|
||
"username": "mitchellh"
|
||
},
|
||
"lease_duration": 2764800,
|
||
"renewable": true,
|
||
"entity_id": "0660dce5-4f2c-926a-8b15-158901557d9d",
|
||
"token_type": "service",
|
||
"orphan": true,
|
||
"mfa_requirement": null,
|
||
"num_uses": 0
|
||
}
|
||
}
|
||
```
|