Skip to main content
Arupa stores users and group membership in the configuration file. Users provide the identities that can sign in to Arupa, while groups organize those identities for the rest of the system.

Users

The Users table maps each username to its password hash:
Arupa stores bcrypt password hashes rather than plain-text passwords. The username is the key used during login and when Arupa resolves the identity of an authenticated request.

Add or update a user from the CLI

You can create a user or update an existing user’s password with the Arupa binary:
The command uses config.toml in the current directory by default. It writes a bcrypt password hash to the Users table and exits after updating the configuration; it does not start the server. Use -config to select another configuration file:
The -user and -password flags must be provided together, and the password must not be empty.

Groups

The Groups table maps a group name to a list of usernames:
A user can belong to more than one group. After authentication, the Kernel looks up the user’s groups and makes that membership available to the host and the plugins. Users and groups describe who a user is and which groups they belong to. They do not grant access by themselves. To learn how groups are used in access rules, see Access control.