Vault
hcp connect
The hcp connect
command authenticates users and machines to HCP with explicit
credentials or an HCP token and interactive browser login.
By default, the hcp connect
command uses interactive authentication that requires
users to log into the HashiCorp Cloud Platform with a browser.
Non-interactive login requires a service principal credential that was previously generated through the HCP portal. The service principal must have access to the requested organization, project, and HCP Vault Dedicated cluster.
If authentication succeeds, the Vault CLI saves the returned HCP token and HCP Vault address in the local cache.
Examples
Connect to HCP interactively:
$ vault hcp connect
The default web browser has been opened at <auth_url>. Please continue the login in the web browser.
Success!
Usage
The following flags are available in addition to the standard set of flags included on all commands.
Command options
-client-id
(string: "")
- Client ID belonging to a service principal credential generated in the HCP Portal. Required for non-interactive authentication.-secret-id
(string: "")
- Secret ID belonging to a service principal credential previously generated in the HCP Portal. Required for non-interactive authentication.-organization-id
(string: "")
- Optional ID of the desired HCP organization. Iforganization-id
is empty and the user is associated with multiple HCP organizations, the CLI prompts the user to select from a list of available organizations.-project-id
(string: "")
- Optional ID of the desired HCP project. Ifproject-id
is empty and the user is associated with more than one HCP project, the CLI prompts the user to select from a list of available projects.-cluster-id
(string: "")
- Optional ID of the desired HCP Vault Dedicated cluster. Ifcluster-id
is empty and the user is associated with multiple HCP clusters, the CLI prompts the user to select from a list of available clusters.