salt.auth.sharedsecret

Provide authentication using configured shared secret

external_auth:
  sharedsecret:
    fred:
      - .*
      - '@jobs'

The shared secret should be added to the master configuration, for example in /etc/salt/master.d/sharedsecret.conf (make sure that file is only readable by the user running the master):

sharedsecret: OIUHF_CHANGE_THIS_12h88

This auth module should be used with caution. It was initially designed to work with a frontal that takes care of authentication (for example kerberos) and places the shared secret in the HTTP headers to the salt-api call. This salt-api call should really be done on localhost to avoid someone eavesdropping on the shared secret.

See the documentation for cherrypy to setup the headers in your frontal.

New in version 2015.8.0.

salt.auth.sharedsecret.auth(username, password)

Shared secret authentication

Generated on September 18, 2025 at 19:37:48 UTC.

You are viewing docs for the previous stable release, 3006.16. Switch to docs for the latest stable release, 3007.8, or to a recent doc build from the master branch.


saltproject.io

© 2025 VMware, Inc. | Privacy Policy