DocumentationTutorials

vhsm auth

Learn about managing the authentication methods with vHSM

vhsm auth

The vhsm auth command provides administrative functions for managing authentication methods within vHSM. It allows operators to enable, disable, move, tune, and view configured auth methods.

Note: This command is for managing auth methods. To authenticate and log in to vHSM, use the vhsm login command instead.

vhsm auth list

Lists all enabled authentication methods in vHSM.

Usage:

vhsm auth list [options]

Example:

The following command lists all active auth methods.

$ vhsm auth list

Path          Type        Accessor                  Description
----          ----        --------                  -----------
github/       github      auth_github_e3b0c442      n/a
token/        token       auth_token_a1b2c3d4       token based authentication
userpass/     userpass    auth_userpass_f5e6a7b8    n/a

vhsm auth enable

Enables a new authentication method at a given path.

Usage:

vhsm auth enable [options] <type>

  • <type> - The type of auth method to enable such as userpass, github, or oidc.

Option
Value
Description

-path

<string>

The path to enable the auth method at. Defaults to the method type. For more information see, Enable rATLS Auth Method.

-description

<string>

A human-readable description for the auth method.

Examples:

  • Enable the userpass auth method at its default path (userpass/).

$ vhsm auth enable userpass

Success! Enabled userpass auth method at: userpass/

  • Enable the github auth method at a custom path with a description.

$ vhsm auth enable -path=github-corp -description="Corporate GitHub Auth" github

Success! Enabled github auth method at: github-corp/

vhsm auth disable

Disables an auth method at a given path.

Usage:

vhsm auth disable <path>

  • <path> - The path of the auth method to disable.

Example:

Disable the userpass auth method.

$ vhsm auth disable userpass

Success! Disabled auth method at: userpass/

vhsm auth help

Prints detailed help and authentication examples for a specific auth method. This is useful for end-users who need to know how to authenticate.

Usage:

vhsm auth help <path>

  • <path> - The path of the auth method to get help for.

Example:

Get instructions on how to log in using the github auth method.

$ vhsm auth help github

## GitHub Authentication

The GitHub auth method allows users to authenticate using a GitHub
  personal access token. Users can generate a personal access token from the
  settings page on their GitHub account.

  Authenticate using a GitHub token:

      $ vhsm login -method=github token=abcd1234

Configuration:

  mount=<string>
      Path where the GitHub credential method is mounted. This is usually
      provided via the -path flag in the "vhsm login" command, but it can be
      specified here as well. If specified here, it takes precedence over the
      value for -path. The default value is "github".

  token=<string>
      GitHub personal access token to use for authentication. If not provided,
      vHSM will prompt for the value.

vhsm auth move

Moves an existing auth method from one path to another.

Usage:

vhsm auth move <from> <to>

  • <from> - The current path of the auth method.

  • <to> - The new path for the auth method.

Example:

Move an existing userpass mount to a new path.

$ vhsm auth move userpass/ legacy-userpass/

Success! Moved auth method from "userpass/" to "legacy-userpass/"

vhsm auth tune

Tunes configuration parameters for an existing auth method.

Usage:

vhsm auth tune [options] <path>

  • <path> - The path of the auth method to tune.

Option
Value
Description

-default-lease-ttl

<duration>

The default lease TTL for tokens issued by this method.

-max-lease-ttl

<duration>

The maximum lease TTL for tokens issued by this method.

Example:

Update the default lease TTL for tokens issued by the userpass method.

$ vhsm auth tune -default-lease-ttl=8h userpass/

Success! Tuned configuration for auth method at: userpass/

Last updated

Was this helpful?