vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault

User TOTP Auth Method for Vault

vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault. Create user accounts, add TOTP tokens (user supplied pin + totp), and have peace of mind using 2FA.

This plugin is also a drop-in replacement for the native userpass auth method, so stop using that and use this instead!

Install

Assuming you have an already running/configured Vault instance:

  1. Add plugin_directory = "" to your vault config
  2. Download the plugin from the releases page to the folder above
  3. Register the plugin in vault: vault plugin register -sha256=$(sha256sum | cut -d\ -f 1))
  4. Enable the plugin in vault: vault auth enable -path=userpass

Use

After installing the plugin:

Create Users

  1. vault write auth/userpass/users/ token_policies=""

Create User TOTP Tokens

  1. vault write auth/userpass/users//totp name= pin=
  2. The command will return a totp_secret value, this is the value you should add to your Google Authenticator. Alternatively, you can generate a QR code: qrencode -t ANSI256 -o - $(echo otpauth://totp/Vault%20()?secret=&issuer=Vault)

Delete Users

  1. vault delete auth/userpass/users/

Delete User TOTP Tokens

  1. vault delete auth/userpass/users//totpname=

List Users

  1. vault list auth/userpass/users

Read User (including TOTP Token names)

  1. vault read auth/userpass/users/
  2. Any TOTP tokens for the user will be listed under totp_token_names.

Build

Run make build

Similar Resources

Auth Middleware for session & white-listed routing

Auth Middleware for session & white-listed routing

Nov 4, 2021

Auth Go microservice for managing authentication sessions

cryptomath-go-auth Auth Go microservice for managing authentication sessions. Install dependencies $ make deps Build $ make vendor $ make build Databa

Mar 4, 2022

HTTP-server-with-auth# HTTP Server With Authentication

HTTP-server-with-auth# HTTP Server With Authentication Introduction You are to use gin framework package and concurrency in golang and jwt-go to imple

Nov 9, 2022

K8s controller to manage the aws-auth configmap

aws-auth-manager A kuberneres controller to manage the aws-auth configmap in EKS using a new AWSAuthItem CRD. The aws-auth configmap is used to give R

Jul 9, 2022

Auth microservice for PRPO subject at UNI LJ

prpo-auth microservice This repository contains a source code for user management microservice used in a demo project developed under PRPO subject at

Jan 7, 2022

JWT Auth in Golang

Credits This package used github.com/dgrijalva/jwt-go underhood and it heavily based on this post: http://www.inanzzz.com/index.php/post/kdl9/creating

Dec 12, 2021

Nsq http auth service for golang

nsq-auth nsq http auth service ./nsq-auth -h Usage: 2021/12/25 17:10:56 Usage:

Nov 21, 2022

Go Trakt Device Auth Library

 Go Trakt Device Auth Library

A Go library to allow an end user to authorize a third-party Trakt application access to their account using the device method.

Oct 10, 2022

Auth: a simple signup api for golang

auth This is a simple signup api You can access the db.go file and change the database credentials to your local postgres credentials. To run it prope

Oct 4, 2022
Vault Authentication Azure Auth Method Demo Application
Vault Authentication Azure Auth Method Demo Application

This application demonstrates how applications hosted on Azure VMs can use managed identity to authenticate with HashiCorp Vault using the Azure Auth Method.

Feb 10, 2022
Gets Firebase auth tokens (for development purposes only)Gets Firebase auth tokens

Firebase Token Gets Firebase auth tokens (for development purposes only) Getting started Create Firebase project Setup Firebase authentication Setup G

Nov 17, 2021
The boss of http auth.
The boss of http auth.

Authboss Authboss is a modular authentication system for the web. It has several modules that represent authentication and authorization features that

Jan 6, 2023
Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support
Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Sep 29, 2022
Validate Django auth session in Golang

GoDjangoSession Valid for django 3.0.5 Usage: package main import ( "encoding/base64" "fmt" "session/auth" "github.com/Kuzyashin/GoDjangoSession"

Aug 23, 2022
Golang Mongodb Jwt Auth Example Using Echo
Golang Mongodb Jwt Auth Example Using Echo

Golang Mongodb Jwt Auth Example Using Echo Golang Mongodb Rest Api Example Using Echo Prerequisites Golang 1.16.x Docker 19.03+ Docker Compose 1.25+ I

Nov 30, 2022
Durudex Auth Service

⚡️ Durudex Auth Service Durudex Auth Service ?? Prerequisites Go 1.17 migrate grpc ⚙️ Build & Run Create an .env file in the root directory and add th

Dec 13, 2022
Figma Auth service for Haiku Animator

Figma Auth service for Haiku Animator In order to use Haiku Animator's Figma integration, a service must be running to perform OAuth2 token exchange.

Dec 4, 2022
Golang Kalkancrypt Wrapper - simple digital signature auth service
Golang Kalkancrypt Wrapper - simple digital signature auth service

Golang Kalkancrypt Wrapper WIP ⭐ Star on GitHub — it motivates me a lot! Overview Golang Kalkancrypt Wrapper - это простой веб-сервис для аутентификац

Dec 1, 2022
Run multiple auth functions by relation

Relation Run multiple auth functions by relation. Signatures func New(relation string, conditions ...func(c *fiber.Ctx) bool) fiber.Handler Import imp

Oct 31, 2021