Add command line flag for create-from-role

command/agent/command.go

@@ -120,6 +120,7 @@ func (c *Command) readConfig() *Config {
 	}), "vault-allow-unauthenticated", "")
 	flags.StringVar(&cmdConfig.Vault.Token, "vault-token", "", "")
 	flags.StringVar(&cmdConfig.Vault.Addr, "vault-address", "", "")
+	flags.StringVar(&cmdConfig.Vault.Role, "vault-create-from-role", "", "")
 	flags.StringVar(&cmdConfig.Vault.TLSCaFile, "vault-ca-file", "", "")
 	flags.StringVar(&cmdConfig.Vault.TLSCaPath, "vault-ca-path", "", "")
 	flags.StringVar(&cmdConfig.Vault.TLSCertFile, "vault-cert-file", "", "")
@@ -934,6 +935,9 @@ Vault Options:
     This only needs to be set on Servers. Overrides the Vault token read from
     the VAULT_TOKEN environment variable.
 
+  -vault-create-from-role=<role>
+    The role name to create tokens for tasks from.
+
   -vault-allow-unauthenticated
     Whether to allow jobs to be sumbitted that request Vault Tokens but do not
     authentication. The flag only applies to Servers.

website/source/docs/commands/agent.html.md.erb

@@ -65,6 +65,7 @@ via CLI arguments. The `agent` command accepts the following arguments:
 * `-vault-token=<token>`: The Vault token used to derive tokens. Only needs to
   be set on Servers. Overrides the Vault token read from the VAULT_TOKEN
   environment variable.
+* `-vault-create-from-role=<role>`: The role name to create tokens for tasks from.
 * `-vault-ca-file=<path>`: Path to a PEM-encoded CA cert file used to verify the
   Vault server SSL certificate.
 * `-vault-ca-path=<path>`: Path to a directory of PEM-encoded CA cert files used