mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 23:21:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/commands/auth/enable.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

102 lines
4.6 KiB
Plaintext
Raw Permalink Blame History

---
layout: docs
page_title: auth enable - Command
description: |-
The "auth enable" command enables an auth method at a given path. If an auth
method already exists at the given path, an error is returned. After the auth
method is enabled, it usually needs configuration.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# auth enable
The `auth enable` command enables an auth method at a given path. If an auth
method already exists at the given path, an error is returned. After the auth
method is enabled, it usually needs configuration. The configuration varies by
auth method.
An auth method is responsible for authenticating users or machines and assigning
them policies and a token with which they can access Vault. Authentication is
usually mapped to policy. Please see the [policies
concepts](/vault/docs/concepts/policies) page for more information.
## Examples
Enable the auth method "userpass" enabled at "userpass/":
```shell-session
$ vault auth enable userpass
Success! Enabled the userpass auth method at: userpass/
```
Create a user:
```shell-session
$ vault write auth/userpass/users/sethvargo password=secret
Success! Data written to: auth/userpass/users/sethvargo
```
For more information on the specific configuration options and paths, please see
the [auth method](/vault/docs/auth) documentation.
## Usage
The following flags are available in addition to the [standard set of
flags](/vault/docs/commands) included on all commands.
- `-audit-non-hmac-request-keys` `(string: "")` - Key that will not be HMAC'd
by audit devices in the request data object. Note that multiple keys may be
specified by providing this option multiple times, each time with 1 key.
An example of this is provided in the [tune section](/vault/docs/commands/auth/tune).
- `-audit-non-hmac-response-keys` `(string: "")` - Key that will not be HMAC'd
by audit devices in the response data object. Note that multiple keys may be
specified by providing this option multiple times, each time with 1 key.
- `-default-lease-ttl` `(duration: "")` - The default lease TTL for this auth
method. If unspecified, this defaults to the Vault server's globally
configured default lease TTL, or a previously configured value for the auth
method. Uses [duration format strings](/vault/docs/concepts/duration-format).
- `-passthrough-request-headers` `(string: "")` - request header values that will
be sent to the auth method. Note that multiple keys may be
specified by providing this option multiple times, each time with 1 key.
- `-allowed-response-headers` `(string: "")` - response header values that the auth
method will be allowed to set. Note that multiple keys may be
specified by providing this option multiple times, each time with 1 key.
- `-description` `(string: "")` - Human-friendly description for the purpose of
this auth method.
- `-listing-visibility` `(string: "")` - The flag to toggle whether to show the
mount in the UI-specific listing endpoint. Valid values are `"unauth"` or `"hidden"`,
with the default `""` being equivalent to `"hidden"`.
- `-local` `(bool: false)` - Mark the auth method as local-only. Local auth
methods are not replicated nor removed by replication.
- `-max-lease-ttl` `(string: "")` - The maximum lease duration, specified as
a string duration like "5s" or "30m".
- `-path` `(string: "")` - Place where the auth method will be accessible. This
must be unique across all auth methods. This defaults to the "type" of the
auth method. The auth method will be accessible at `/auth/<path>`.
- `-seal-wrap` `(bool: false)` - Enable seal wrapping for the mount, causing
values stored by the mount to be wrapped by the seal's encryption capability.
- `-token-type` `(string: "")` - Specifies the type of tokens that should be
returned by the auth method.
- `-trim-request-trailing-slashes` `(bool: false)` - If true, requests to
this mount with trailing slashes will have those slashes trimmed.
Necessary for some standards based APIs handled by Vault.
- `-plugin-version` `(string: "")` - Configures the semantic version of the plugin
to use. If unspecified, implies the built-in or any matching unversioned plugin
that may have been registered.
Reference in New Issue View Git Blame Copy Permalink