Demo UserPass Auth Method

In this tutorial, you’ll learn how to enable and use the userpass authentication method in HashiCorp Vault. This approach is ideal for simple username/password scenarios.

Prerequisites

• Vault CLI installed and configured
• Vault server unsealed and reachable
• A Vault token with root or sudo privileges

For more details on installing Vault, see the Vault Installation Guide.

1. Verify Existing Auth Methods

Before enabling new methods, check which authentication backends are active:

vault auth list

Example output:

2. Enable the Userpass Auth Method

Activate the userpass backend at its default path:

vault auth enable userpass

Expected response:

Success! Enabled userpass auth method at: userpass/

3. Create Userpass Users

Add individual users under auth/userpass/users. Each user can be assigned one or more policies.

3.1 Create User “frank”

vault write auth/userpass/users/frank \
    password=vault \
    policies=bryan

3.2 Create User “jamie”

vault write auth/userpass/users/jamie \
    password=cloud \
    policies=bryan

4. List and Inspect User Configurations

4.1 List All Users

vault list auth/userpass/users

Example output:

Keys
----
frank
jamie

4.2 Read a User’s Settings

Inspect configuration for user jamie:

vault read auth/userpass/users/jamie

Key settings include token TTLs, policies, and CIDR restrictions.

5. Authenticate with Userpass

After creating users, log in using the userpass method. Each login issues a distinct Vault token.

5.1 Login as “jamie”

vault login -method=userpass username=jamie

Enter password when prompted:

Password (will be hidden): cloud
Success! You are now authenticated.

5.2 Login as “frank”

vault login -method=userpass username=frank

Enter password:

Password (will be hidden): vault
Success! You are now authenticated.

Each session returns token details:

References

• Vault Userpass Auth Method
• Vault Authentication Overview
• Vault CLI Commands