'Is there a way to allow a user to change it's own password on Hashicorp's Vault UI
I wanted to let users change their own password within HashiCorp's Vault (assuming, we're using userpass auth).
I don't find any way to do so. Can anyone Help?
Solution 1:[1]
I believe this link has your answer.
It would look something like this
path "auth/userpass/users/{{identity.entity.aliases.auth_userpass_6671d643.name}}" {
capabilities = [ "update" ]
allowed_parameters = {
"password" = []
}
}
where auth_userpass_6671d643 is the mount of your userpass authentication and can be retrieved via vault auth list command.
Solution 2:[2]
To make it possible to not create different policy for each user, it might be handy to use next policy:
path "auth/userpass/users/{{identity.entity.name}}" {
capabilities = [ "update" ]
allowed_parameters = {
"password" = []
}
}
It also requires admins to change entity names for each user to be equal to the username (lower-cased), but it looks more handy then another solutions.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | taskinoor |
| Solution 2 | Limmy |