# vhsm login

The `vhsm login` command authenticates users to vHSM using the provided credentials. A successful login generates a token, which functions similarly to a session token on a website. By default, this token is cached on the local machine for future use.

### **Usage**

```sh
vhsm login [options] [TOKEN]
```

* If no token is provided, authentication defaults to the `token` method and prompts for a token input.
* Other authentication methods (such as `userpass`, `github`, or `cert`) can be specified using the `-method` flag.
* If an authentication method is enabled at a non-standard path, use `-path` to specify it.

### **Examples**

#### **1. Login Using the default token method**

```sh
vhsm login
```

**Input Prompt**

```
Token (will be hidden):
```

**Output**

```
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.

Key                  Value
---                  -----
token                s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor       JLUIXJ6ltUftTt2UYRl2lTAC
token_duration       ∞
token_renewable      false
token_policies       ["root"]
identity_policies    []
policies             ["root"]
```

#### **2. Login using a token from the command line**

```sh
vhsm login s.3jnbMAKl1i4YS3QoKdbHzGXq
```

**Output**

```
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token

Key                  Value
---                  -----
token                s.3jnbMAKl1i4YS3QoKdbHzGXq
token_accessor       7Uod1Rm0ejUAz77Oh7SxpAM0
token_duration       767h59m49s
token_renewable      true
token_policies       ["admin" "default"]
identity_policies    []
policies             ["admin" "default"]
```

#### **3. Login using the `userpass` authentication method**

```sh
vhsm login -method=userpass username=my-username
```

**Input Prompt**

```
Password (will be hidden):
```

**Output**

```
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.

Key                    Value
---                    -----
token                  s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor         JLUIXJ6ltUftTt2UYRl2lTAC
token_duration         768h
token_renewable        true
token_policies         ["default"]
identity_policies      []
policies               ["default"]
token_meta_username    my-username
```

#### **4. Login using the `github` authentication method at a custom path**

```sh
vhsm login -method=github -path=github-prod
```

**Output**

```
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.
stored in the token helper. Future requests will use this token automatically.

Key                    Value
---                    -----
token                  s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor         JLUIXJ6ltUftTt2UYRl2lTAC
token_duration         768h
token_renewable        true
token_policies         ["default"]
identity_policies      []
policies               ["default"]
token_meta_org         hashicorp
token_meta_username    my-username
```

***

### **Command Options**

| Option        | Type        | Description                                                                                                                   |
| ------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------- |
| `-method`     | `<string>`  | Specifies the authentication method (e.g., `userpass`, `ldap`). Defaults to `token`.                                          |
| `-path`       | `<string>`  | Specifies the remote vHSM path where the auth method is enabled. Defaults to the method name (e.g., `userpass -> userpass/`). |
| `-no-print`   | `<boolean>` | Prevents the token from being displayed. The token is still stored in the configured token helper.                            |
| `-no-store`   | `<boolean>` | Prevents the token from being saved for future requests. It will only be displayed in the command output.                     |
| `-token-only` | `<boolean>` | Outputs only the token without verification (equivalent to `-field=token -no-store`).                                         |

### **Output Options**

| Option    | Type       | Description                                                                                                               |
| --------- | ---------- | ------------------------------------------------------------------------------------------------------------------------- |
| `-field`  | `<string>` | Prints only a specific field (e.g., `token`) in the format specified by `-format`.                                        |
| `-format` | `<string>` | Specifies output format: `table`, `json`, or `yaml`. Default: `table`. (`VAULT_FORMAT` environment variable can be used.) |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/virtual-hsm/cli/authentication-and-authorization/vhsm-login.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.