hcp connect

The hcp connect command authenticates users and machines to HCP with explicit credentials or an HCP token and interactive browser login.

By default, the hcp connect command uses interactive authentication that requires users to log into the HashiCorp Cloud Platform with a browser.

Non-interactive login requires a service principal credential that was previously generated through the HCP portal. The service principal must have access to the requested organization, project, and HCP Vault Dedicated cluster.

If authentication succeeds, the Vault CLI saves the returned HCP token and HCP Vault address in the local cache.

Examples

Connect to HCP interactively:

$ vault hcp connect
The default web browser has been opened at <auth_url>. Please continue the login in the web browser.
Success!

Usage

The following flags are available in addition to the standard set of flags included on all commands.

Command options

• -client-id (string: "") - Client ID belonging to a service principal credential generated in the HCP Portal. Required for non-interactive authentication.

• -secret-id (string: "") - Secret ID belonging to a service principal credential previously generated in the HCP Portal. Required for non-interactive authentication.

• -organization-id (string: "") - Optional ID of the desired HCP organization. If organization-id is empty and the user is associated with multiple HCP organizations, the CLI prompts the user to select from a list of available organizations.

• -project-id (string: "") - Optional ID of the desired HCP project. If project-id is empty and the user is associated with more than one HCP project, the CLI prompts the user to select from a list of available projects.

• -cluster-id (string: "") - Optional ID of the desired HCP Vault Dedicated cluster. If cluster-id is empty and the user is associated with multiple HCP clusters, the CLI prompts the user to select from a list of available clusters.