vault_client_auth_userpass: Vault Username/Password Authentication Configuration

Description Methods Examples

Description

Interact with vault's username/password authentication backend. This backend can be used to configure basic username+password authentication, suitable for human users. For more information, please see the vault documentation https://www.vaultproject.io/docs/auth/userpass.html

Methods

custom_mount

Set up a vault_client_auth_userpass object at a custom mount. For example, suppose you mounted the userpass authentication backend at /userpass2 you might use up <- vault$auth$userpass2$custom_mount("/userpass2") - this pattern is repeated for other secret and authentication backends.
Usage:

custom_mount(mount)

Arguments:

  • mount: String, indicating the path that the engine is mounted at.

write

Create or update a user.
Usage:

write(username, password = NULL, policies = NULL, ttl = NULL,
      max_ttl = NULL, bound_cidrs = NULL)

Arguments:

  • username: Username for the user

  • password: Password for the user (required when creating a user only)

  • policies: Character vector of policies for the user

  • ttl: The lease duration which decides login expiration

  • max_ttl: Maximum duration after which login should expire

  • bound_cidrs: Character vector of CIDRs. If set, restricts usage of the login and token to client IPs falling within the range of the specified CIDR(s).

read

Reads the properties of an existing username.
Usage:

read(username)

Arguments:

  • username: Username to read

delete

Delete a user
Usage:

delete(username)

Arguments:

  • username: Username to delete

update_password

Update password for a user
Usage:

update_password(username, password)

Arguments:

  • username: Username for the user to update

  • password: New password for the user

update_policies

Update vault policies for a user
Usage:

update_policies(username, policies)

Arguments:

  • username: Username for the user to update

  • policies: Character vector of policies for this user

list

List users known to vault
Usage:

list()
login

Log into the vault using username/password authentication. Normally you would not call this directly but instead use $login with method = "userpass" and proving the username argument and optionally the password argument. This function returns a vault token but does not set it as the client token.
Usage:

login(username, password = NULL)

Arguments:

  • username: Username to authenticate with

  • password: Password to authenticate with. If omitted or NULL and the session is interactive, the password will be prompted for.

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
  root <- server$client()

  # The userpass authentication backend is not enabled by default,
  # so we need to enable it first
  root$auth$enable("userpass")

  # Then we can add users:
  root$auth$userpass$write("alice", "p4ssw0rd")

  # Create a new client and login with this user:
  alice <- vaultr::vault_client(addr = server$addr)
  # it is not recommended to login with the password like this as
  # it will end up in the command history, but in interactive use
  # you will be prompted securely for password
  alice$login(method = "userpass",
              username = "alice", password = "p4ssw0rd")
  # Alice has now logged in and has only "default" policies
  alice$auth$token$lookup_self()$policies

  # (wheras our original root user has the "root" policy)
  root$auth$token$lookup_self()$policies
}

vimc/vaultr documentation built on Nov. 8, 2019, 6:23 p.m.