Vault Username/Password Authentication Configuration
Source:R/vault_client_auth_userpass.R
vault_client_auth_userpass.Rd
Vault Username/Password Authentication Configuration
Vault Username/Password Authentication Configuration
Details
Interact with vault's username/password authentication backend. This backend can be used to configure basic username+password authentication, suitable for human users. For more information, please see the vault documentation https://developer.hashicorp.com/vault/docs/auth/userpass
Super class
vaultr::vault_client_object
-> vault_client_auth_userpass
Methods
Inherited methods
Method new()
Create a vault_client_userpass
object. Not typically
called by users.
Usage
vault_client_auth_userpass$new(api_client, mount)
Arguments
api_client
A vault_api_client object
mount
Mount point for the backend
Method custom_mount()
Set up a vault_client_auth_userpass
object at a
custom mount. For example, suppose you mounted the
userpass
authentication backend at /userpass2
you might
use up <- vault$auth$userpass2$custom_mount("/userpass2")
-
this pattern is repeated for other secret and authentication
backends.
Method write()
Create or update a user.
Usage
vault_client_auth_userpass$write(
username,
password = NULL,
policies = NULL,
ttl = NULL,
max_ttl = NULL,
bound_cidrs = NULL
)
Arguments
username
Username for the user
password
Password for the user (required when creating a user only)
policies
Character vector of policies for the user
ttl
The lease duration which decides login expiration
max_ttl
Maximum duration after which login should expire
bound_cidrs
Character vector of CIDRs. If set, restricts usage of the login and token to client IPs falling within the range of the specified CIDR(s).
Method login()
Log into the vault using username/password
authentication. Normally you would not call this directly
but instead use $login
with method = "userpass"
and
proving the username
argument and optionally the password
argument. This function returns a vault token but does not
set it as the client token.
Examples
server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
root <- server$client()
# The userpass authentication backend is not enabled by default,
# so we need to enable it first
root$auth$enable("userpass")
# Then we can add users:
root$auth$userpass$write("alice", "p4ssw0rd")
# Create a new client and login with this user:
alice <- vaultr::vault_client(
addr = server$addr,
login = "userpass",
username = "alice",
password = "p4ssw0rd")
# (it is not recommended to login with the password like this as
# it will end up in the command history, but in interactive use
# you will be prompted securely for password)
# Alice has now logged in and has only "default" policies
alice$auth$token$lookup_self()$policies
# (wheras our original root user has the "root" policy)
root$auth$token$lookup_self()$policies
}
#> ok, duration: 2764800 s (~32d)
#> [1] "root"