hashicorp-vaultvault

Create a Vault UI user using the vault CLI


I would like to create a hashicorp vault UI login user before ever having to login to the GUI with the root token.

Initially I have the root token and CLI access to the vault.

How can I create a GUI login username+password and grant complete read rights via the CLI exclusively?

The vault is newly installed, essentially unconfigured with any policies.

This is intended to be part of a BASH script.


Solution

  • vault login <root token>

    vault auth enable userpass

    # read-only.hcl
    path "*" {
      capabilities = ["read", "list"]
    }
    
    vault policy write read-only read-only.hcl
    

    vault write auth/userpass/users/<username> password=<password> policies=read-only