I have setup the LoginMFA and related enforcemnt for an opensource instance of vault 1.14.2. It looks like the next step is to generate the QR code so my authenticator app can be configured to create the one time code. What is the syntax/endpoint for generating the QR?
Ok to answer my own question…
vault write /identity/mfa/method/totp/admin-generate method_id=ef2e8185-62bf-eed6-53e0-eldkjfldjf9 entity_id=78c45cb3-352f-2fe2-516c-7598934839bd9c0
This will create the “secret” for the user specified by entity_id. Once you have that there is a base64 encoded image that is the QR code. I used a sketchy website to render the image and get it scanned into my authenticator app.
Reference /identity/mfa/method/totp - HTTP API | Vault | HashiCorp Developer
Sure would be nice to have a learn doc on this and some supporting web UI for users.