Auth methods
Auth methods are the components in Vault that perform authentication and are responsible for assigning identity and policies to a user.
Use case
Identity-based access
Authenticate and access different clouds, systems, and endpoints using trusted identities.
Challenge
Securing access with static IPs and ephemeral infrastructure at scale is complex
The move to cloud involves a shift in operating model for infrastructure. Traditionally we had a relatively static world of dedicated servers, static IP addresses, and a clear network perimeter. In the cloud, we have ephemeral and elastic pools of infrastructure with dynamic IP addresses and no clear perimeter.
In a static world, we established a network perimeter and managed access based on IP address. For security teams, the cloud requires a fundamentally different approach: starting with understanding the network as inherently "low trust" and moving to the idea of securing infrastructure and application services themselves, based on trusted identities and encrypting all secrets and application data.
Solution
Leverage any trusted identity provider, such as cloud IAM platforms, Kubernetes, and Active Directory, to authenticate into Vault. Identity is scale independent, unlike IP addresses, which require complex firewall rules and frequent updates.
Resources
Docs
Explore all
Tutorials
Explore all
Auth methods
Vault clients must authenticate with Vault first and acquire a valid token.
Identity: Entities and groups
Vault supports multiple authentication methods and also allows enabling the same type of authentication method on different mount paths.
OIDC auth method
The OIDC auth method enables a user's browser to redirect to an identity provider, complete a login, and then be routed back to Vault with a newly created token.
Why use identity-based security?
Learn why IP-based identity is not suitable for the cloud — and the one key strategy for effective cloud security.
Armon Dadgar
Co-founder & CTO