Skip to main content

Hashicorp Vault AppRole Authentication

Description

General

  • Documentation: https://developer.hashicorp.com/vault/docs/auth/approle

  • Summary: HashiCorp Vault provides secure authentication and access to secrets using various methods. AppRole is an authentication method designed for automation and machine authentication, using a combination of a Role ID and a Secret ID. This detector identifies leaked credentials used for Vault AppRole authentication.

  • IPs allowlist: This feature is not available.

  • Scopes: An AppRole can be restricted to specific capabilities via policies or custom constraints.

Revoke the secret

A Secret ID can be revoked using the auth/approle/role/<role-name>/secret-id/destroy endpoint.

Check for suspicious activity

This feature is not available.

Details for Hashicorp vault approle auth

  • Family: Other

  • Category: Secret management

  • Company: HashiCorp

  • High recall: False

  • Validity check available: False

  • Analyzer available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 1.22

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - approle
    - vault
- type: ContentWhitelistPreValidator
  patterns:
    - role_id
- type: ContentWhitelistPreValidator
  patterns:
    - secret_id

Examples

- text: |
    $ vault write auth/approle/login \
      role_id=db02de05-fa39-4855-059b-67221c5c2f63 \
      secret_id=6a174c20-f6de-a53c-74d2-6018fcceff64
  role_id: db02de05-fa39-4855-059b-67221c5c2f63
  secret_id: 6a174c20-f6de-a53c-74d2-6018fcceff64

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status