vhsm auth
Learn to manage authentication methods for vHSM server.
The auth command in vHSM provides a set of subcommands for managing authentication methods. Users can enable, disable, list, and tune authentication methods.
For further details, refer to the authentication concepts and auth method documentation.
Usage
Available Subcommands
Enables a new auth method
Disables an auth method
Lists enabled auth methods
Tunes an auth method configuration
Prints usage details for an auth method
vhsm auth enable
vhsm auth enableThe enable subcommand enables an authentication method at a specified path. If the auth method already exists at the path, an error is returned. Configuration of the auth method is required post-enablement.
Usage
Example
Enable the userpass authentication method:
Output
Options
-allowed-response-headers
string
Response header values that the auth method will be allowed to set. Multiple keys may be specified by providing this option multiple times.
-audit-non-hmac-request-keys
string
Key that will not be HMAC'd by audit devices in the request data object. Multiple keys may be specified.
-audit-non-hmac-response-keys
string
Key that will not be HMAC'd by audit devices in the response data object. Multiple keys may be specified.
-default-lease-ttl
duration
The default lease TTL for this auth method. Defaults to the vHSM server's global default lease TTL if unspecified.
-description
string
Specifies the description of the auth method. Overrides the current stored value, if any.
-listing-visibility
string
Toggles whether to show the mount in the UI listing. Valid values: "unauth" or "hidden". An empty string keeps the current setting unchanged.
-max-lease-ttl
duration
The maximum lease TTL for this auth method. Defaults to the global maximum lease TTL unless specified. Can override the server’s global max TTL.
-passthrough-request-headers
string
Request header values that will be sent to the auth method. Multiple keys may be specified.
-token-type
string
Specifies the type of tokens that should be returned by the auth method.
-plugin-version
string
Configures the semantic version of the plugin to use. The new version takes effect only after the mount is reloaded.
-user-lockout-threshold
string
Number of failed login attempts after which the user is locked out.
-user-lockout-duration
duration
Duration for which a user will be locked out.
-user-lockout-counter-reset-duration
duration
Duration after which the lockout counter is reset if there are no failed login attempts.
-user-lockout-disable
bool
If set to true, disables the user lockout feature.
vhsm auth disable
vhsm auth disableThe disable subcommand removes an authentication method at a specified path. All access tokens associated with the disabled method are immediately revoked.
Usage
Example
Disable the userpass authentication method:
Output
vhsm auth list
vhsm auth listThe list subcommand displays all enabled authentication methods.
Usage
Example
List enabled authentication methods:
Output
List detailed information:
Options
-format=<format>
Output format: table, json, or yaml.
-detailed
Displays additional configuration details.
vhsm auth tune
vhsm auth tuneThe tune subcommand adjusts the configuration of an authentication method at a given path.
Usage
Example
Set the default lease TTL to 30 minutes for userpass:
Output
Options
-default-lease-ttl
duration
Sets the default lease TTL.
-max-lease-ttl
duration
Defines the maximum lease duration.
-audit-non-hmac-request-keys
key
Excludes specified request keys from HMAC auditing.
-token-type
string
Defines the type of tokens issued.
-user-lockout-threshold
int
Specifies the number of failed login attempts before user lockout.
-user-lockout-duration
duration
Defines how long a user remains locked out.
vhsm auth help
vhsm auth helpThe help subcommand provides usage details for a specified authentication method.
Usage
Example
Get help for the userpass authentication method:
Output
Last updated
Was this helpful?