Vaultx.Auth.UserPass (Vaultx v0.7.0)

Username & Password authentication method for HashiCorp Vault.

This module implements the Username & Password authentication method for Vault, providing secure credential-based authentication with comprehensive support for user management, password policies, and enterprise features.

Features

Simple Authentication: Username and password-based authentication
User Management: Support for user creation, updates, and deletion
Password Policies: Integration with Vault password policies
Multi-Factor Authentication: Support for MFA when configured
Audit Integration: Comprehensive audit logging for security compliance
Enterprise Ready: Supports all Vault enterprise features

API Compliance

Fully implements HashiCorp Vault Username & Password authentication:

Usage Examples

Basic Authentication

{:ok, auth_response} = Vaultx.Auth.UserPass.authenticate(%{
  username: "myuser",
  password: "mypassword"
})

Authentication with Custom Mount Path

{:ok, auth_response} = Vaultx.Auth.UserPass.authenticate(%{
  username: "myuser",
  password: "mypassword"
}, mount_path: "custom-userpass")

Authentication with Additional Options

{:ok, auth_response} = Vaultx.Auth.UserPass.authenticate(%{
  username: "myuser",
  password: "mypassword"
}, [
  mount_path: "userpass",
  timeout: 30_000,
  retry_attempts: 3
])

Vault Configuration

Before using this authentication method, configure it in Vault:

# Enable userpass auth method
vault auth enable userpass

# Create a user
vault write auth/userpass/users/myuser \
  password="mypassword" \
  policies="default,myapp"

# Update user policies
vault write auth/userpass/users/myuser/policies \
  policies="default,myapp,admin"

Security Considerations

Use strong passwords and enforce password policies
Implement account lockout policies to prevent brute force attacks
Monitor authentication events in Vault audit logs
Consider implementing MFA for additional security
Regularly review and update user permissions
Use least privilege principle for policy assignments