luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/source/docs/auth/userpass.html.md
Seth Vargo 50f720bc06 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
2015-10-12 12:10:22 -04:00

95 lines
2 KiB
Markdown
Raw Blame History

---
layout: "docs"
page_title: "Auth Backend: Username & Password"
sidebar_current: "docs-auth-userpass"
description: |-
The "userpass" auth backend allows users to authenticate with Vault using a username and password.
---
# Auth Backend: Username & Password
Name: `userpass`
The "userpass" auth backend allows users to authenticate with Vault using
a username and password combination.
The username/password combinations are configured directly to the auth
backend using the `users/` path. This backend cannot read usernames and
passwords from an external source.
## Authentication
#### Via the CLI
```
$ vault auth -method=userpass \
username=foo \
password=bar
```
#### Via the API
The endpoint for the login is `auth/userpass/login/<username>`.
The password should be sent in the POST body encoded as JSON.
```shell
$ curl $VAULT_ADDR/v1/auth/userpass/login/mitchellh \
-d '{ "password": "foo" }'
```
The response will be in JSON. For example:
```javascript
{
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"auth": {
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
"policies": [
"root"
],
"metadata": {
"username": "mitchellh"
},
"lease_duration": 0,
"renewable": false
}
}
```
## Configuration
First, you must enable the username/password auth backend:
```
$ vault auth-enable userpass
Successfully enabled 'userpass' at 'userpass'!
```
Now when you run `vault auth -methods`, the username/password backend is
available:
```
Path Type Description
token/ token token based credentials
userpass/ userpass
```
To use the "userpass" auth backend, an operator must configure it with
users that are allowed to authenticate. An example is shown below.
Use `vault path-help` for more details.
```
$ vault write auth/userpass/users/mitchellh \
password=foo \
policies=root
...
```
The above creates a new user "mitchellh" with the password "foo" that
will be associated with the "root" policy. This is the only configuration
necessary.
Reference in a new issue View git blame Copy permalink