vault auth list: Show Enabled Auth Methods
vault auth list shows every enabled auth method, its mount path, type, and accessor.
When a login fails with a routing error, the first check is whether the method is enabled and on which path. auth list answers that and surfaces the accessor used in policy templating.
What it does
vault auth list enumerates the auth methods mounted under auth/. With -detailed it adds the accessor, TTLs, and configuration flags. The mount accessor (like auth_jwt_0a1b2c3d) is what you reference in templated policies and entity aliases.
Common usage
vault auth list
vault auth list -detailed
# JSON to extract the accessor for a method
vault auth list -format=json | jq -r '."jwt/".accessor'Options
| Flag | What it does |
|---|---|
| -detailed | Show accessor, TTLs, and config flags |
| -format=json | Output as JSON for scripting |
In CI
Use the JSON output to fetch a method accessor when configuring identity aliases or templated policies, rather than hardcoding the accessor string that changes per environment. It is also the quickest way to confirm a bootstrap step actually enabled the method.
Common errors in CI
"permission denied" means the token lacks read on sys/auth; many least-privilege CI tokens cannot list methods, which is expected. If a method you enabled is missing, you are likely pointed at a different Vault address or namespace; check VAULT_ADDR and VAULT_NAMESPACE.