Vault offers a variety of means for users and systems to authenticate and receive a token. Aomi supports a handful of these.
The succesor to the AppID authentication type is AppRole. This is a mechanism which is meant for system usage. The aomi tool only supports provisioning of roles, it does not currently support manual creation of associated secret ids. If you wish to have that style of authentication it is best to stick with App ID for now.
You can currently associate policies, associated IP addresses, the number of uses for a created secret id, and how long the resulting tokens will last.
approles: - name: 'foo' policies: - 'default' - 'not_default' secret_users: 1 secret_ttl: 1
Vault supports basic user/password combinations. You can provision this with aomi as well. The
Secretfile contains the user and policy associations. The password is stored as a plain text file in the secrets directory.
users: - username: 'foo' password_file: 'foo-user.txt' policies: - 'default'
The aomi tool supports the Vault MFA intgration for user/password combinations.
duo: - backend: "userpass" creds: "duo.yml" host: "api-foo.duosecurity.com"
key: "foo" secret: "bar"