Which external sources may Vault validate clients against?

Vault can validate clients against several external identity sources to enhance security and access management. GitHub, LDAP, and AppRole are supported methods for authentication in Vault.

Using GitHub for authentication allows users to leverage their GitHub credentials, making it a convenient option for organizations that already use GitHub for collaboration and identity management. LDAP (Lightweight Directory Access Protocol) integration allows Vault to authenticate against existing organizational user directories, ensuring that client access is closely tied to the organization’s existing authentication mechanisms.

AppRole is a specific authentication method used for machines or applications that require access to Vault. It allows for the creation of distinct role IDs and secret IDs that applications can use to authenticate securely and programmatically. This method provides a structured way to manage credentials for applications, enabling automation while maintaining strict control over permissions.

The other options provided do not align with Vault's authentication methods. Active Directory and SQL databases, while commonly used in many systems, are not direct authentication methods available in Vault's implementation. Cloud storage and local servers, as well as network configuration and firewall settings, are not relevant to the client validation process within Vault, as they deal primarily with infrastructure and security posture rather than direct client identity validation.