HashiCorp Developer AI Private beta now available Sign up today
Vault
Vault UI

Manage authentication methods

  • 8min
  • |
  • Vault

Authentication methods are the components in Vault that perform identity validation of Vault clients and responsible for assigning a set of policies to an authenticated client. In this step you will enable an authentication method and generate login credentials.

Note

This step assumes that you created the webapp policy in the Create Vault Policies with Vault UI step.

Enable authentication

  1. Select the Access view from the menu

    Access view

    This view is the index and displays all authentication methods, entities, groups, and leases. The token authentication method was enabled when Vault was initialized and cannot be disabled.

  2. Select the Enable new method action from within the view.

    Access view focused on Enable new method

    This view displays all of the authentication methods that this version of Vault supports.

  3. Choose the Username & Password method and select Next.

    userpass method with default options

    This view displays the path and the ability to configure the auth method. The path defaults to "userpass."

    User lockout

    As of Vault 1.13, the User lockout feature is enabled by default for the userpass, approle, and ldap auth methods.

  4. Toggle Method Options to display the method options interface.

    expanded method options

  5. Check the List method when unauthenticated option.

    method option selected

  6. Select Enable Method.

    The authentication method is created. The view displays its configuration page.

    userpass method configuration page

Create credentials

The User & Password authentication method, abbreviated as userpass, enables the creation of credentials for individual users.

  1. Select the View method action from within the view.

    Userpass method view

    This view displays the users created for this authentication methods. There are no users.

  2. Select the Create user action from within the view.

    create username and password fields

    This view displays the ability to create a custom login for a user.

  3. Enter webapp in the Username field. Enter password in the Password field.

    create username and password populated

  4. Toggle Tokens to display the token interface.

    policy added to token

  5. Enter webapp in the Generated Token's Policies. Select Add.

    policy added to token

    Note

    The policies added to this authentication method are not checked against available policies.

  6. Select Save.

    The authentication method for this user is created.

Authenticate with credentials

You are currently logged in with the root token. To login with these user credentials requires you to log out.

  1. Open the Profile submenu. Select Sign Out.

    profile submenu open

    You are now logged out of the server.

  2. Choose userpass from the Method list.

    sign in to vault token view

    The view changes to show a username and password login interface.

  3. Enter webapp in the Username field. Enter password in the Password field. Select Sign in.

    signed in with userpass

    You are now logged through the userpass authentication method. The capabilities of this user are limited to the policies assigned to this user's auth method.

Next steps

You enabled an authentication method. The authenticated users have access to the secrets you specify in your policy. Learn how to manage secrets engines with Vault UI.

You enabled the userpass authentication method. This auth method is designed for human operators. Vault provides additional methods for other operators to authenticate with Vault. Learn more about other authentication methods.

Previous

Create Vault policies

 Next

Manage secrets engines