Skip to main content
In this lesson, we’ll move beyond the basics of Vault and explore its authentication (auth) methods in depth. Properly choosing and implementing an auth method is vital for secure access to Vault. Here’s what we’ll cover:

What You’ll Learn

1A. Describe Vault Auth Methods

  • Define Vault’s auth methods and key terminology
  • Walk through the full authentication workflow: submitting credentials to Vault and receiving a token
  • Explain entities and groups: their roles and significance in Vault
The image is a section overview with three objectives related to authentication methods, including descriptions, use cases, and differentiating human versus system methods.

1B. Choose an Auth Method Based on Use Case

  • Evaluate common scenarios: automation, cloud-based requests, and human users (UI/CLI)
  • Determine which auth method best fits each scenario
Use CaseRecommended Auth MethodExample
Automated CI/CDAppRolevault write auth/approle/role/ci-role
AWS WorkloadsAWS IAMvault auth enable aws
Human UsersUserpass or LDAPvault auth enable userpass

1C. Differentiate Human vs. System Auth Methods

  • Compare methods tailored for human users versus system workloads
  • Discuss:
    • Human access through the CLI or UI
    • Workloads on AWS, Azure, and GCP
    • Machine-to-machine interactions across on-premises, cloud, and hybrid environments
The image is a section overview with three objectives related to authentication methods, including descriptions, use cases, and differentiating human versus system methods.
CategoryAuth MethodAccess Pattern
HumanUserpass, LDAP, GitHubInteractive CLI / UI login
SystemAppRole, AWS IAM, Azure MSI, GCP IAMToken exchange via API
With these goals in place, we’ll dive into each auth method, answer frequently asked questions, and guide you in selecting the right approach for your environment. Let’s get started!
Entities in Vault represent human or machine identities, while groups allow you to bundle entities for policy management.

Watch Video