Skip to content
Latchkey

vault auth list: Show Enabled Auth Methods

vault auth list shows every enabled auth method, its mount path, type, and accessor.

When a login fails with a routing error, the first check is whether the method is enabled and on which path. auth list answers that and surfaces the accessor used in policy templating.

What it does

vault auth list enumerates the auth methods mounted under auth/. With -detailed it adds the accessor, TTLs, and configuration flags. The mount accessor (like auth_jwt_0a1b2c3d) is what you reference in templated policies and entity aliases.

Common usage

Terminal
vault auth list
vault auth list -detailed
# JSON to extract the accessor for a method
vault auth list -format=json | jq -r '."jwt/".accessor'

Options

FlagWhat it does
-detailedShow accessor, TTLs, and config flags
-format=jsonOutput as JSON for scripting

In CI

Use the JSON output to fetch a method accessor when configuring identity aliases or templated policies, rather than hardcoding the accessor string that changes per environment. It is also the quickest way to confirm a bootstrap step actually enabled the method.

Common errors in CI

"permission denied" means the token lacks read on sys/auth; many least-privilege CI tokens cannot list methods, which is expected. If a method you enabled is missing, you are likely pointed at a different Vault address or namespace; check VAULT_ADDR and VAULT_NAMESPACE.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →