| vault_client_auth_userpass {vaultr} | R Documentation |
Vault Username/Password Authentication Configuration
Description
Vault Username/Password Authentication Configuration
Vault Username/Password Authentication Configuration
Details
Interact with vault's username/password authentication backend. This backend can be used to configure basic username+password authentication, suitable for human users. For more information, please see the vault documentation https://developer.hashicorp.com/vault/docs/auth/userpass
Super class
vaultr::vault_client_object -> vault_client_auth_userpass
Methods
Public methods
Inherited methods
Method new()
Create a vault_client_userpass object. Not typically
called by users.
Usage
vault_client_auth_userpass$new(api_client, mount)
Arguments
api_clientA vault_api_client object
mountMount point for the backend
Method custom_mount()
Set up a vault_client_auth_userpass object at a
custom mount. For example, suppose you mounted the
userpass authentication backend at /userpass2 you might
use up <- vault$auth$userpass2$custom_mount("/userpass2") -
this pattern is repeated for other secret and authentication
backends.
Usage
vault_client_auth_userpass$custom_mount(mount)
Arguments
mountString, indicating the path that the engine is mounted at.
Method write()
Create or update a user.
Usage
vault_client_auth_userpass$write( username, password = NULL, policies = NULL, ttl = NULL, max_ttl = NULL, bound_cidrs = NULL )
Arguments
usernameUsername for the user
passwordPassword for the user (required when creating a user only)
policiesCharacter vector of policies for the user
ttlThe lease duration which decides login expiration
max_ttlMaximum duration after which login should expire
bound_cidrsCharacter vector of CIDRs. If set, restricts usage of the login and token to client IPs falling within the range of the specified CIDR(s).
Method read()
Reads the properties of an existing username.
Usage
vault_client_auth_userpass$read(username)
Arguments
usernameUsername to read
Method delete()
Delete a user
Usage
vault_client_auth_userpass$delete(username)
Arguments
usernameUsername to delete
Method update_password()
Update password for a user
Usage
vault_client_auth_userpass$update_password(username, password)
Arguments
usernameUsername for the user to update
passwordNew password for the user
Method update_policies()
Update vault policies for a user
Usage
vault_client_auth_userpass$update_policies(username, policies)
Arguments
usernameUsername for the user to update
policiesCharacter vector of policies for this user
Method list()
List users known to vault
Usage
vault_client_auth_userpass$list()
Method login()
Log into the vault using username/password
authentication. Normally you would not call this directly
but instead use $login with method = "userpass" and
proving the username argument and optionally the password
argument. This function returns a vault token but does not
set it as the client token.
Usage
vault_client_auth_userpass$login(username, password = NULL)
Arguments
usernameUsername to authenticate with
passwordPassword to authenticate with. If omitted or
NULLand the session is interactive, the password will be prompted for.
Examples
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
root <- server$client()
# The userpass authentication backend is not enabled by default,
# so we need to enable it first
root$auth$enable("userpass")
# Then we can add users:
root$auth$userpass$write("alice", "p4ssw0rd")
# Create a new client and login with this user:
alice <- vaultr::vault_client(
addr = server$addr,
login = "userpass",
username = "alice",
password = "p4ssw0rd")
# (it is not recommended to login with the password like this as
# it will end up in the command history, but in interactive use
# you will be prompted securely for password)
# Alice has now logged in and has only "default" policies
alice$auth$token$lookup_self()$policies
# (wheras our original root user has the "root" policy)
root$auth$token$lookup_self()$policies
}