vault_client_auth_userpass: Vault Username/Password Authentication Configuration

Description

Interact with vault's username/password authentication backend. This backend can be used to configure basic username+password authentication, suitable for human users. For more information, please see the vault documentation https://www.vaultproject.io/docs/auth/userpass.html

Arguments

Methods

custom_mount

Set up a vault_client_auth_userpass object at a custom mount. For example, suppose you mounted the userpass authentication backend at /userpass2 you might use up <- vault$auth$userpass2$custom_mount("/userpass2") - this pattern is repeated for other secret and authentication backends. Usage:

custom_mount(mount)

Arguments:

mount: String, indicating the path that the engine is mounted at.

write

Create or update a user. Usage:

write(username, password = NULL, policies = NULL, ttl = NULL,
      max_ttl = NULL, bound_cidrs = NULL)

Arguments:

username: Username for the user
password: Password for the user (required when creating a user only)
policies: Character vector of policies for the user
ttl: The lease duration which decides login expiration
max_ttl: Maximum duration after which login should expire
bound_cidrs: Character vector of CIDRs. If set, restricts usage of the login and token to client IPs falling within the range of the specified CIDR(s).

read

Reads the properties of an existing username. Usage:

read(username)

Arguments:

username: Username to read

delete

Delete a user Usage:

delete(username)

Arguments:

username: Username to delete

update_password

Update password for a user Usage:

update_password(username, password)

Arguments:

username: Username for the user to update
password: New password for the user

update_policies

Update vault policies for a user Usage:

update_policies(username, policies)

Arguments:

username: Username for the user to update
policies: Character vector of policies for this user

list

List users known to vault Usage:

list()

login

Log into the vault using username/password authentication. Normally you would not call this directly but instead use $login with method = "userpass" and proving the username argument and optionally the password argument. This function returns a vault token but does not set it as the client token. Usage:

login(username, password = NULL)

Arguments:

username: Username to authenticate with
password: Password to authenticate with. If omitted or NULL and the session is interactive, the password will be prompted for.

Examples

Run this code

# NOT RUN {
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
  root <- server$client()

  # The userpass authentication backend is not enabled by default,
  # so we need to enable it first
  root$auth$enable("userpass")

  # Then we can add users:
  root$auth$userpass$write("alice", "p4ssw0rd")

  # Create a new client and login with this user:
  alice <- vaultr::vault_client(addr = server$addr)
  # it is not recommended to login with the password like this as
  # it will end up in the command history, but in interactive use
  # you will be prompted securely for password
  alice$login(method = "userpass",
              username = "alice", password = "p4ssw0rd")
  # Alice has now logged in and has only "default" policies
  alice$auth$token$lookup_self()$policies

  # (wheras our original root user has the "root" policy)
  root$auth$token$lookup_self()$policies
}
# }

Run the code above in your browser using DataLab