Configuring Auth Methods using the API

Introduction
Prerequisites
1. Enable the AppRole Auth Method
2. Create an AppRole with Policies
3. Fetch the Role ID
4. Generate a Secret ID
Quick Reference Table
Links and References

Introduction

Learn how to configure the AppRole authentication method in HashiCorp Vault using direct API calls. This guide covers:

Enabling the AppRole auth method
Creating an AppRole with specific policies
Retrieving the Role ID and Secret ID
Authenticating with the generated credentials

Prerequisites

A running Vault server at http://127.0.0.1:8200
A valid Vault token exported as an environment variable:

export VAULT_TOKEN="s.TEKrNn3Cv53pZdbPh8xg4TPu"

Never commit your VAULT_TOKEN or any sensitive credentials to version control.

1. Enable the AppRole Auth Method

First, enable the AppRole authentication backend:

Create an auth.json file:
```
{
  "type": "approle"
}
```

Use curl to enable AppRole:

curl --header "X-Vault-Token: $VAULT_TOKEN" \
     --request POST \
     --data @auth.json \
     http://127.0.0.1:8200/v1/sys/auth/approle

Verify the mount:
```
vault auth list
```

You should see an entry for approle/.

2. Create an AppRole with Policies

Define which policies this AppRole will use:

Create policies.json:
```
{
  "policies": ["bryan"]
}
```

Create the AppRole named vaultcourse:

curl --header "X-Vault-Token: $VAULT_TOKEN" \
     --request POST \
     --data @policies.json \
     http://127.0.0.1:8200/v1/auth/approle/role/vaultcourse

A successful response confirms the role is created.

3. Fetch the Role ID

Each AppRole has a unique Role ID. Retrieve it:

curl --header "X-Vault-Token: $VAULT_TOKEN" \
     http://127.0.0.1:8200/v1/auth/approle/role/vaultcourse/role-id | jq

Inspect data.role_id in the JSON response.

4. Generate a Secret ID

Generate the Secret ID needed alongside the Role ID:

curl --header "X-Vault-Token: $VAULT_TOKEN" \
     --request POST \
     http://127.0.0.1:8200/v1/auth/approle/role/vaultcourse/secret-id | jq

The response returns:

data.secret_id
data.secret_id_accessor

With these credentials, you can log in:

curl --request POST \
     --data '{"role_id":"<ROLE_ID>","secret_id":"<SECRET_ID>"}' \
     http://127.0.0.1:8200/v1/auth/approle/login

Quick Reference Table

Step	Endpoint	Method	Description
1	`/v1/sys/auth/approle`	POST	Enable AppRole auth method
2	`/v1/auth/approle/role/vaultcourse`	POST	Create an AppRole with specified policies
3	`/v1/auth/approle/role/vaultcourse/role-id`	GET	Retrieve the AppRole `Role ID`
4	`/v1/auth/approle/role/vaultcourse/secret-id`	POST	Generate the `Secret ID`
5	`/v1/auth/approle/login`	POST	Authenticate using `Role ID` and `Secret ID`

Links and References

Watch Video

Demo Configuring Auth Methods using the CLI

Demo Configuring Auth Methods using the UI

Introduction

Introduction to Vault

Learning the Vault Architecture

Installing Vault

Compare Authentication Methods

Create Vault Policies

Assess Vault Tokens

Compare and Configure Secrets Engines

Vault Agent

Vault Replication

Configuring Auth Methods using the API

Introduction

Prerequisites

1. Enable the AppRole Auth Method

2. Create an AppRole with Policies

3. Fetch the Role ID

4. Generate a Secret ID

Quick Reference Table

Links and References

Watch Video

Introduction

Introduction to Vault

Learning the Vault Architecture

Installing Vault

Compare Authentication Methods

Create Vault Policies

Assess Vault Tokens

Compare and Configure Secrets Engines

Vault Agent

Vault Replication

Documentation Index

​Introduction

​Prerequisites

​1. Enable the AppRole Auth Method

​2. Create an AppRole with Policies

​3. Fetch the Role ID

​4. Generate a Secret ID

​Quick Reference Table

​Links and References

Watch Video

Introduction

Prerequisites

1. Enable the AppRole Auth Method

2. Create an AppRole with Policies

3. Fetch the Role ID

4. Generate a Secret ID

Quick Reference Table

Links and References