Traiano Welcome
Reputation: 846
Create a Vault UI user using the vault CLI
I would like to create a hashicorp vault UI login user before ever having to login to the GUI with the root token.
Initially I have the root token and CLI access to the vault.
How can I create a GUI login username+password and grant complete read rights via the CLI exclusively?
The vault is newly installed, essentially unconfigured with any policies.
This is intended to be part of a BASH script.
Upvotes: 2
Views: 348
Answers (1)
Matthew Schuchard
Reputation: 28854
- Authenticate with the root token.
vault login <root token>
- Enable the
userpassauthentication method.
vault auth enable userpass
- Create a Vault policy for global read permissions.
# read-only.hcl
path "*" {
capabilities = ["read", "list"]
}
vault policy write read-only read-only.hcl
- Create an user with the read permissions policy attached.
vault write auth/userpass/users/<username> password=<password> policies=read-only
- Login to the GUI with the
userpassmethod with the created user.
Upvotes: 2
Related Questions
- Catch 22 installing Windows nuget packages, using Choco, from J-frog repo, requiring credentials from Vault
- Unsupported operation when trying to remotely create new MySQL user via HashiCorp Vault
- Vault direct integration or via a microservice
- Hashicorp Vault: Readonly policy not working
- vault token create after vault login -method ldap
- Vault Admin Policy not allowed to create new policies