luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/docs/auth/index.mdx
Ashlee M Boyer f3df55ad58
docs: Migrate link formats (#18696) 
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 16:12:15 -08:00

56 lines
2.3 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Auth Methods
description: Auth methods are mountable methods that perform authentication for Vault.
---
# Auth Methods
Auth methods are the components in Vault that perform authentication and are
responsible for assigning identity and a set of policies to a user. In all cases,
Vault will enforce authentication as part of the request processing. In most cases,
Vault will delegate the authentication administration and decision to the relevant configured
external auth method (e.g., Amazon Web Services, GitHub, Google Cloud Platform, Kubernetes, Microsoft
Azure, Okta ...).
Having multiple auth methods enables you to use an auth method that makes the
most sense for your use case of Vault and your organization.
For example, on developer machines, the [GitHub auth method](/vault/docs/auth/github)
is easiest to use. But for servers the [AppRole](/vault/docs/auth/approle)
method is the recommended choice.
To learn more about authentication, see the
[authentication concepts page](/vault/docs/concepts/auth).
## Enabling/Disabling Auth Methods
Auth methods can be enabled/disabled using the CLI or the API.
```shell-session
$ vault auth enable userpass
```
When enabled, auth methods are similar to [secrets engines](/vault/docs/secrets):
they are mounted within the Vault mount table and can be accessed
and configured using the standard read/write API. All auth methods are mounted underneath the `auth/` prefix.
By default, auth methods are mounted to `auth/<type>`. For example, if you
enable "github", then you can interact with it at `auth/github`. However, this
path is customizable, allowing users with advanced use cases to mount a single
auth method multiple times.
```shell-session
$ vault auth enable -path=my-login userpass
```
When an auth method is disabled, all users authenticated via that method are
automatically logged out.
## External Auth Method Considerations
When using an external auth method (e.g., GitHub), Vault will call the external service
at the time of authentication and for any subsequent token renewals. This means that issued tokens
are valid for their entire duration, and are not invalidated until a renewal or user re-authentication
occurs. Operators should ensure appropriate [token TTLs](/vault/docs/concepts/tokens#the-general-case)
are set when using these auth methods.
Reference in a new issue View git blame Copy permalink