Vault: Vault UI Feature Request: Don't Show all login methods in Vault UI Login Page

Yeah, right now it’s a chicken or the egg problem because you have to be authenticated to read the auth mounts, so these are hard coded (that’s also why you have to specify the mount path). We do have plans for this, but ui support for it will come after the 0.10 release. I’ll keep this open for now and keep you up to date when it ships.

Maybe just expose a subkey in the Vault config of what Auth methods to enable.

It's already there: https://www.vaultproject.io/api/system/mounts.html#listing_visibility-1

@meirish marked this as UI for tracking since it also isn't milestoned, I don't think there's anything left to do here but want confirmation before closing.

Weird, on the cluster I just upgraded to 0.10.2 it has Okta and GitHub listed on login which we don't even have mounted.

I think if we cannot get a specific list we just offer all of them.

We don’t take advantage of this in the UI just yet so we should keep it open.

Can the list simply be made configurable? I don't need the UI to dynamically detect the enabled auth mechanisms, which creates the chicken and egg thing. I am fine if the default is all of them but having something customizable in the configuration would be my preference.

Even though we have Token auth enabled for applications, I may not want Token auth enabled for the UI. I may want my human users to use another form of auth than Token and having it configurable would be nice.

+1 - Having a whole bunch of irrelevant auth methods which are irrelevant to our users often causes confusion, especially given we force internal LDAP auth as I suspect many others do.

when can we hope this to be implemented?