vault auth enable: Enable an Auth Method
vault auth enable turns on an authentication method such as approle, jwt, kubernetes, or aws so workloads can log in.
Tokens are how Vault authorizes, but something has to issue them. auth enable adds the login method your CI uses, whether AppRole, JWT/OIDC, or a cloud identity.
What it does
vault auth enable mounts an auth method at a path under auth/ (default path equals the method name). After enabling, you configure it (for example vault write auth/jwt/config ...) and create roles. CI then logs in against that method to receive a token.
Common usage
vault auth enable approle
vault auth enable jwt
# enable a second JWT mount on a custom path
vault auth enable -path=github jwt
vault auth list -detailedOptions
| Flag | What it does |
|---|---|
| -path=<path> | Mount path under auth/ (defaults to the type) |
| -description=<text> | Human description for the mount |
| -type=<type> | Explicit method type when path differs from type |
In CI
Use -path to host multiple instances of the same method, for example a separate auth/github JWT mount dedicated to GitHub Actions OIDC, kept apart from other JWT issuers. Record the path because role and config writes must use the same one.
Common errors in CI
"path is already in use at 'jwt/'" means the method is already enabled there; bootstrap scripts should check vault auth list first. "permission denied" means the token lacks sys/auth access. Logging in later with "no handler for route 'auth/<path>/login'" means you are using a path the method was not enabled on.