vishalnayak/totpMFA.sh

## totpMFA.sh
#!/bin/bash
set -aex
vault auth enable userpass
accessor=$(vault auth list -detailed -format json | jq -r '.["token/"].accessor')
vault write sys/mfa/method/totp/my_totp issuer=Vault
vault policy write totp-policy -<<EOF
path "auth/token/create" {
  capabilities = ["create", "update"]
  mfa_methods  = ["my_totp"]
}
EOF
vault write auth/userpass/users/testuser password=testpassword policies=totp-policy
clientToken=$(vault write -format json auth/userpass/login/testuser password=testpassword | jq -r '.auth.client_token')
entityID=$(vault token lookup -format json $clientToken | jq -r '.data.entity_id')
url=$(vault write -format json sys/mfa/method/totp/my_totp/admin-generate entity_id=$entityID | jq -r '.data.url')
vault secrets enable totp
vault write totp/keys/my_totp url=$url
totpCode=$(vault read -format json totp/code/my_totp | jq -r '.data.code')
VAULT_TOKEN=$clientToken vault write -f -mfa my_totp:$totpCode auth/token/create
	#!/bin/bash
	set -aex
	vault auth enable userpass
	accessor=$(vault auth list -detailed -format json \| jq -r '.["token/"].accessor')
	vault write sys/mfa/method/totp/my_totp issuer=Vault
	vault policy write totp-policy -<<EOF
	path "auth/token/create" {
	capabilities = ["create", "update"]
	mfa_methods = ["my_totp"]
	}
	EOF
	vault write auth/userpass/users/testuser password=testpassword policies=totp-policy
	clientToken=$(vault write -format json auth/userpass/login/testuser password=testpassword \| jq -r '.auth.client_token')
	entityID=$(vault token lookup -format json $clientToken \| jq -r '.data.entity_id')
	url=$(vault write -format json sys/mfa/method/totp/my_totp/admin-generate entity_id=$entityID \| jq -r '.data.url')
	vault secrets enable totp
	vault write totp/keys/my_totp url=$url
	totpCode=$(vault read -format json totp/code/my_totp \| jq -r '.data.code')
	VAULT_TOKEN=$clientToken vault write -f -mfa my_totp:$totpCode auth/token/create