vhsm login
Learn to authenticate users to vHSM server.
The vhsm login command authenticates users to vHSM using the provided credentials. A successful login generates a token, which functions similarly to a session token on a website. By default, this token is cached on the local machine for future use.
Usage
vhsm login [options] [TOKEN]If no token is provided, authentication defaults to the
tokenmethod and prompts for a token input.Other authentication methods (such as
userpass,github, orcert) can be specified using the-methodflag.If an authentication method is enabled at a non-standard path, use
-pathto specify it.
Examples
1. Login Using the default token method
vhsm loginInput Prompt
Token (will be hidden):Output
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.
Key Value
--- -----
token s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor JLUIXJ6ltUftTt2UYRl2lTAC
token_duration ∞
token_renewable false
token_policies ["root"]
identity_policies []
policies ["root"]2. Login using a token from the command line
vhsm login s.3jnbMAKl1i4YS3QoKdbHzGXqOutput
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token
Key Value
--- -----
token s.3jnbMAKl1i4YS3QoKdbHzGXq
token_accessor 7Uod1Rm0ejUAz77Oh7SxpAM0
token_duration 767h59m49s
token_renewable true
token_policies ["admin" "default"]
identity_policies []
policies ["admin" "default"]3. Login using the userpass authentication method
userpass authentication methodvhsm login -method=userpass username=my-usernameInput Prompt
Password (will be hidden):Output
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.
Key Value
--- -----
token s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor JLUIXJ6ltUftTt2UYRl2lTAC
token_duration 768h
token_renewable true
token_policies ["default"]
identity_policies []
policies ["default"]
token_meta_username my-username4. Login using the github authentication method at a custom path
github authentication method at a custom pathvhsm login -method=github -path=github-prodOutput
Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.
stored in the token helper. Future requests will use this token automatically.
Key Value
--- -----
token s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor JLUIXJ6ltUftTt2UYRl2lTAC
token_duration 768h
token_renewable true
token_policies ["default"]
identity_policies []
policies ["default"]
token_meta_org hashicorp
token_meta_username my-usernameCommand Options
-method
<string>
Specifies the authentication method (e.g., userpass, ldap). Defaults to token.
-path
<string>
Specifies the remote vHSM path where the auth method is enabled. Defaults to the method name (e.g., userpass -> userpass/).
-no-print
<boolean>
Prevents the token from being displayed. The token is still stored in the configured token helper.
-no-store
<boolean>
Prevents the token from being saved for future requests. It will only be displayed in the command output.
-token-only
<boolean>
Outputs only the token without verification (equivalent to -field=token -no-store).
Output Options
-field
<string>
Prints only a specific field (e.g., token) in the format specified by -format.
-format
<string>
Specifies output format: table, json, or yaml. Default: table. (VAULT_FORMAT environment variable can be used.)
Last updated
Was this helpful?