Skip to contents

Vault Authentication Configuration

Vault Authentication Configuration

Details

Interact with vault's authentication backends.

Super class

vaultr::vault_client_object -> vault_client_auth

Public fields

approle

Interact with vault's AppRole authentication. See vault_client_auth_approle for more information.

github

Interact with vault's GitHub authentication. See vault_client_auth_github for more information.

token

Interact with vault's token authentication. See vault_client_token for more information.

userpass

Interact with vault's username/password based authentication. See vault_client_auth_userpass for more information.

ldap

Interact with vault's LDAP based authentication. See vault_client_auth_ldap for more information.

Methods

Inherited methods


Method new()

Create a vault_client_auth object. Not typically called by users.

Usage

vault_client_auth$new(api_client)

Arguments

api_client

A vault_api_client object


Method backends()

Return a character vector of supported authentication backends. If a backend x is present, then you can access it with $auth$x. Note that vault calls these authentication methods but we use backends here to differentiate with R6 methods. Note that these are backends supported by vaultr and not necessarily supported by the server - the server may not have enabled some of these backends, and may support other authentication backends not directly supported by vaultr. See the $list() method to query what the server supports.

Usage

vault_client_auth$backends()


Method list()

List authentication backends supported by the vault server, including information about where these backends are mounted.

Usage

vault_client_auth$list(detailed = FALSE)

Arguments

detailed

Logical, indicating if detailed information should be returned


Method enable()

Enable an authentication backend in the vault server.

Usage

vault_client_auth$enable(type, description = NULL, local = FALSE, path = NULL)

Arguments

type

The type of authentication backend (e.g., userpass, github, ldap)

description

Human-friendly description of the backend; will be returned by $list()

local

Specifies if the auth method is local only. Local auth methods are not replicated nor (if a secondary) removed by replication.

path

Specifies the path in which to enable the auth method. Defaults to be the same as type.


Method disable()

Disable an active authentication backend.

Usage

vault_client_auth$disable(path)

Arguments

path

The path of the authentication backend to disable.

Examples

server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
  client <- server$client()

  # List configured authentication backends
  client$auth$list()

  # cleanup
  server$kill()
}