Hashicorp Vault - Login to the vault using the REST API
by
Jeremy Canfield |
Updated: February 25 2024
| Hashicorp Vault articles
This assumes you have installed the Hashicorp vault and that the vault is up and running and that you have unsealed the vault.
A POST request can be submitted to the /v1/auth/approle/login endpoint to login to the Hashicorp Vault. Here is an example using cURL.
curl \
--request POST \
--url https://vault.example.com/v1/auth/approle/login \
--data '{"role_id": "abc123ef-456a-abcd-1234-abcdefg12345", "secret_id": "xyz123xy-z123-xyz1-23xy-z123xyz123xy" }'
Something like this should be returned.
{
"request_id":"5fa03d55-3a98-5eac-c477-15749d3e1554",
"lease_id":"",
"renewable":false,
"lease_duration":0,
"data":null,
"wrap_info":null,
"warnings":null,
"auth":{
"client_token":"hvs.CAESIM-sHUpvPJCeoSHl1dI26p8q3-ZO3_OhDVZbTw65IaGFGiUKHGh2cy53WUFVY25NZ1ZqRjBFOW1GMHlWMFkweTQQh5iAAxgF",
"accessor":"WFA7VlSkLgNvhFwE2w9lGzfG",
"policies":["default","my_policy"],
"token_policies":["default","my_policy"],
"metadata":{"role_name":"my-role"},
"lease_duration":7200,
"renewable":true,
"entity_id":"57e8744f-ff37-6127-5565-2a53d1dd4200",
"token_type":"service",
"orphan":true,
"mfa_requirement":null,"num_uses":0
}
}
Notice in this example that the client_token is hvs.CAESIM-sHUpvPJCeoSHl1dI26p8q3-ZO3_OhDVZbTw65IaGFGiUKHGh2cy53WUFVY25NZ1ZqRjBFOW1GMHlWMFkweTQQh5iAAxgF. You would use the client token is subsequent requests. For example, in a GET request to retrieve a secret.
curl \
--request GET \
--header "X-Vault-Token: hvs.CAESIM-sHUpvPJCeoSHl1dI26p8q3-ZO3_OhDVZbTw65IaGFGiUKHGh2cy53WUFVY25NZ1ZqRjBFOW1GMHlWMFkweTQQh5iAAxgF" \
--url https://vault.example.com/v1/my_team/data/my_secret
Did you find this article helpful?
If so, consider buying me a coffee over at