Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Usage
  • Examples
  • Command Options
  • Output Options

Was this helpful?

  1. vHSM CLI
  2. Authentication and Authorization

vhsm login

Learn to authenticate users to vHSM server.

The vhsm login command authenticates users to vHSM using the provided credentials. A successful login generates a token, which functions similarly to a session token on a website. By default, this token is cached on the local machine for future use.

Usage

vhsm login [options] [TOKEN]
  • If no token is provided, authentication defaults to the token method and prompts for a token input.

  • Other authentication methods (such as userpass, github, or cert) can be specified using the -method flag.

  • If an authentication method is enabled at a non-standard path, use -path to specify it.

Examples

1. Login Using the default token method

vhsm login

Input Prompt

Token (will be hidden):

Output

Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.

Key                  Value
---                  -----
token                s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor       JLUIXJ6ltUftTt2UYRl2lTAC
token_duration       ∞
token_renewable      false
token_policies       ["root"]
identity_policies    []
policies             ["root"]

2. Login using a token from the command line

vhsm login s.3jnbMAKl1i4YS3QoKdbHzGXq

Output

Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token

Key                  Value
---                  -----
token                s.3jnbMAKl1i4YS3QoKdbHzGXq
token_accessor       7Uod1Rm0ejUAz77Oh7SxpAM0
token_duration       767h59m49s
token_renewable      true
token_policies       ["admin" "default"]
identity_policies    []
policies             ["admin" "default"]

3. Login using the userpass authentication method

vhsm login -method=userpass username=my-username

Input Prompt

Password (will be hidden):

Output

Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.

Key                    Value
---                    -----
token                  s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor         JLUIXJ6ltUftTt2UYRl2lTAC
token_duration         768h
token_renewable        true
token_policies         ["default"]
identity_policies      []
policies               ["default"]
token_meta_username    my-username

4. Login using the github authentication method at a custom path

vhsm login -method=github -path=github-prod

Output

Success! You are now authenticated. The token information displayed below is
already stored in the token helper. You do NOT need to run "vhsm login" again.
Future vHSM requests will automatically use this token.
stored in the token helper. Future requests will use this token automatically.

Key                    Value
---                    -----
token                  s.2f3c5L1MHtnqbuNCbx90utmC
token_accessor         JLUIXJ6ltUftTt2UYRl2lTAC
token_duration         768h
token_renewable        true
token_policies         ["default"]
identity_policies      []
policies               ["default"]
token_meta_org         hashicorp
token_meta_username    my-username

Command Options

Option
Type
Description

-method

<string>

Specifies the authentication method (e.g., userpass, ldap). Defaults to token.

-path

<string>

Specifies the remote vHSM path where the auth method is enabled. Defaults to the method name (e.g., userpass -> userpass/).

-no-print

<boolean>

Prevents the token from being displayed. The token is still stored in the configured token helper.

-no-store

<boolean>

Prevents the token from being saved for future requests. It will only be displayed in the command output.

-token-only

<boolean>

Outputs only the token without verification (equivalent to -field=token -no-store).

Output Options

Option
Type
Description

-field

<string>

Prints only a specific field (e.g., token) in the format specified by -format.

-format

<string>

Specifies output format: table, json, or yaml. Default: table. (VAULT_FORMAT environment variable can be used.)

PreviousAuthentication and AuthorizationNextvhsm auth

Last updated 2 months ago

Was this helpful?