Create a new entity, entity alias and obtain a token for authentication using the API

1,187 views
Skip to first unread message

Antón Rodríguez

unread,
Feb 22, 2019, 6:52:34 PM2/22/19
to Vault
I would like to create a new entity in Vault and generate a new token to give access to an user to the UI using the API.

So, I am generating the entity using /v1/identity/entity/name/:name, then consulting the mount accessor in /v1/sys/auth and creating a new entity alias with /v1/identity/entity-alias

I am not adding any policy, that's something I will do later, first I just want to give access to the UI.

So now I create the token /v1/auth/token/create, but I don't find a way to associate that token to the previously created entity.

How do I associate the token to the entity?

mic...@hashicorp.com

unread,
Feb 25, 2019, 3:45:10 AM2/25/19
to Vault
Hi,

it is currently not possible to associate entities directly with tokens. All auth methods are supported except the token auth.
Please use a different auth method, for example the userpass auth method: https://www.vaultproject.io/docs/auth/userpass.html

Cheers,
Michel

Antón R. Yuste

unread,
Feb 25, 2019, 3:52:11 AM2/25/19
to vault...@googlegroups.com, mic...@hashicorp.com

Hi Michel,

Thank you! I will try with Username/Password but when I consult the API:

https://www.vaultproject.io/api/auth/userpass/index.html

The Create user method doesn't use an EntityId so how do I associate the Entity or the AliasEntity and the Username/password created using the API?.

Best regards,

Antón

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to a topic in the Google Groups "Vault" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/JTHx_OqoqR8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/311175e4-3d23-4aef-a0eb-475f1d10f0d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

mic...@hashicorp.com

unread,
Feb 25, 2019, 3:59:19 AM2/25/19
to Vault
Hi,

the entity alias creates the associaten between the entity and the corresponding auth method.
I recommend the IAM identity learning for this. It includes a good example with the userpass auth method: https://learn.hashicorp.com/vault/identity-access-management/iam-identity

Cheers,
Michel

Antón R. Yuste

unread,
Feb 25, 2019, 9:59:13 AM2/25/19
to vault...@googlegroups.com, mic...@hashicorp.com

Hi Michel,

I didn't see the relation between the entity alias and the auth method but I got it now. Thanks!

I've created a couple of PRs just to avoid other users to figure out it:

https://github.com/hashicorp/vault/pull/6288

https://github.com/hashicorp/vault/pull/6289

Best regards,

Antón

Reply all
Reply to author
Forward
0 new messages