Search code examples
hashicorp-vaultvault

Create a Vault UI user using the vault CLI

I would like to create a hashicorp vault UI login user before ever having to login to the GUI with the root token.

Initially I have the root token and CLI access to the vault.

How can I create a GUI login username+password and grant complete read rights via the CLI exclusively?

The vault is newly installed, essentially unconfigured with any policies.

This is intended to be part of a BASH script.

Solution
    • Authenticate with the root token.

    vault login <root token>

    • Enable the userpass authentication method.

    vault auth enable userpass

    • Create a Vault policy for global read permissions.
    # read-only.hcl
path "*" {
  capabilities = ["read", "list"]
}

    vault policy write read-only read-only.hcl
    • Create an user with the read permissions policy attached.

    vault write auth/userpass/users/<username> password=<password> policies=read-only

    • Login to the GUI with the userpass method with the created user.