Vault
Manage authentication methods
Authentication methods are the components in Vault that perform identity validation of Vault clients and responsible for assigning a set of policies to an authenticated client. In this step you will enable an authentication method and generate login credentials.
Note
This step assumes that you created the webapp policy in the Create Vault Policies with Vault UI step.
Enable authentication
Select the Access view from the menu
This view is the index and displays all authentication methods, entities, groups, and leases. The token authentication method was enabled when Vault was initialized and cannot be disabled.
Select the Enable new method action from within the view.
This view displays all of the authentication methods that this version of Vault supports.
Choose the Username & Password method and select Next.
This view displays the path and the ability to configure the auth method. The path defaults to "userpass."
User lockout
As of Vault 1.13, the User lockout feature is enabled by default for the
userpass
,approle
, andldap
auth methods.Toggle Method Options to display the method options interface.
Check the List method when unauthenticated option.
Select Enable Method.
The authentication method is created. The view displays its configuration page.
Create credentials
The User & Password authentication method, abbreviated as userpass, enables the creation of credentials for individual users.
Select the View method action from within the view.
This view displays the users created for this authentication methods. There are no users.
Select the Create user action from within the view.
This view displays the ability to create a custom login for a user.
Enter
webapp
in the Username field. Enterpassword
in the Password field.Toggle Tokens to display the token interface.
Enter
webapp
in the Generated Token's Policies. Select Add.Note
The policies added to this authentication method are not checked against available policies.
Select Save.
The authentication method for this user is created.
Authenticate with credentials
You are currently logged in with the root token. To login with these user credentials requires you to log out.
Open the Profile submenu. Select Sign Out.
You are now logged out of the server.
Choose userpass from the Method list.
The view changes to show a username and password login interface.
Enter
webapp
in the Username field. Enterpassword
in the Password field. Select Sign in.You are now logged through the userpass authentication method. The capabilities of this user are limited to the policies assigned to this user's auth method.
Next steps
You enabled an authentication method. The authenticated users have access to the secrets you specify in your policy. Learn how to manage secrets engines with Vault UI.
You enabled the userpass authentication method. This auth method is designed for human operators. Vault provides additional methods for other operators to authenticate with Vault. Learn more about other authentication methods.