website: fixing lots of references to vault help
This commit is contained in:
parent
7be012b8b6
commit
3042452def
|
@ -85,7 +85,7 @@ Demo.DemoStepController = Ember.ObjectController.extend({
|
|||
this.set('fullscreen', true);
|
||||
break;
|
||||
case "help":
|
||||
this.get('controllers.demo').appendLog('You can use `vault help <command>` ' +
|
||||
this.get('controllers.demo').appendLog('You can use `vault path-help <command>` ' +
|
||||
'to learn more about specific Vault commands, or `next` ' +
|
||||
'and `previous` to navigate. Or, `fu` to go fullscreen.', false);
|
||||
break;
|
||||
|
|
|
@ -89,7 +89,7 @@ token/ token token based credentials
|
|||
|
||||
To use the App ID auth backend, an operator must configure it with
|
||||
the set of App IDs, user IDs, and the mapping between them. An
|
||||
example is shown below, use `vault help` for more details.
|
||||
example is shown below, use `vault path-help` for more details.
|
||||
|
||||
```
|
||||
$ vault write auth/app-id/map/app-id/foo value=root display_name=foo
|
||||
|
|
|
@ -54,7 +54,7 @@ token/ token token based credentials
|
|||
|
||||
To use the "cert" auth backend, an operator must configure it with
|
||||
trusted certificates that are allowed to authenticate. An example is shown below.
|
||||
Use `vault help` for more details.
|
||||
Use `vault path-help` for more details.
|
||||
|
||||
```
|
||||
$ vault write auth/cert/certs/web display_name=web policies=web,prod certificate=@web-cert.pem lease=3600
|
||||
|
|
|
@ -83,7 +83,7 @@ token/ token token based credentials
|
|||
|
||||
To use the "ldap" auth backend, an operator must configure it with
|
||||
the address of the LDAP server that is to be used. An example is shown below.
|
||||
Use `vault help` for more details.
|
||||
Use `vault path-help` for more details.
|
||||
|
||||
```
|
||||
$ vault write auth/ldap/config url="ldap://ldap.forumsys.com" \
|
||||
|
|
|
@ -80,7 +80,7 @@ userpass/ userpass
|
|||
|
||||
To use the "userpass" auth backend, an operator must configure it with
|
||||
users that are allowed to authenticate. An example is shown below.
|
||||
Use `vault help` for more details.
|
||||
Use `vault path-help` for more details.
|
||||
|
||||
```
|
||||
$ vault write auth/userpass/users/mitchellh password=foo policies=root
|
||||
|
|
|
@ -21,8 +21,8 @@ organization. For example, you can authenticate using GitHub, certs, etc.
|
|||
|
||||
There are many authentication backends available for Vault. They
|
||||
are enabled using `vault auth-enable`. After they're enabled, you can
|
||||
learn more about them using `vault help auth/<name>`. For example,
|
||||
if you enable GitHub, you can use `vault help auth/github` to learn more
|
||||
learn more about them using `vault path-help auth/<name>`. For example,
|
||||
if you enable GitHub, you can use `vault path-help auth/github` to learn more
|
||||
about how to configure it and login.
|
||||
|
||||
Multiple authentication backends can be enabled, but only one is required
|
||||
|
@ -76,11 +76,11 @@ must be used.
|
|||
#### Via the API
|
||||
|
||||
API authentication is generally used for machine authentication. Each
|
||||
auth backend implements is own login endpoint. Use the `vault help`
|
||||
auth backend implements is own login endpoint. Use the `vault path-help`
|
||||
mechanism to find the proper endpoint.
|
||||
|
||||
For example, the GitHub login endpoint is located at `auth/github/login`.
|
||||
And to determine the arguments needed, `vault help auth/github/login` can
|
||||
And to determine the arguments needed, `vault path-help auth/github/login` can
|
||||
be used.
|
||||
|
||||
## Auth Leases
|
||||
|
|
|
@ -16,7 +16,7 @@ be generated on the fly, and are automatically revoked when the Vault
|
|||
lease is expired.
|
||||
|
||||
This page will show a quick start for this backend. For detailed documentation
|
||||
on every path, use `vault help` after mounting the backend.
|
||||
on every path, use `vault path-help` after mounting the backend.
|
||||
|
||||
## Quick Start
|
||||
|
||||
|
@ -143,7 +143,7 @@ The root credentials need permission to perform various IAM actions. These are t
|
|||
|
||||
Note that this policy example is unrelated to the policy you wrote to `aws/roles/deploy`. This policy example should be applied to the IAM user (or role) associated with the root credentials that you wrote to `aws/config/root`. You have to apply it yourself in IAM. The policy you wrote to `aws/roles/deploy` is the policy you want the AWS secret backend to apply to the temporary credentials it returns from `aws/creds/deploy`.
|
||||
|
||||
If you get stuck at any time, simply run `vault help aws` or with a subpath for
|
||||
If you get stuck at any time, simply run `vault path-help aws` or with a subpath for
|
||||
interactive help output.
|
||||
|
||||
## API
|
||||
|
|
|
@ -87,7 +87,7 @@ that trusted operators can manage the role definitions, and both
|
|||
users and applications are restricted in the credentials they are
|
||||
allowed to read.
|
||||
|
||||
If you get stuck at any time, simply run `vault help cassandra` or with a
|
||||
If you get stuck at any time, simply run `vault path-help cassandra` or with a
|
||||
subpath for interactive help output.
|
||||
|
||||
## API
|
||||
|
|
|
@ -15,7 +15,7 @@ The Consul secret backend for Vault generates
|
|||
API tokens dynamically based on Consul ACL policies.
|
||||
|
||||
This page will show a quick start for this backend. For detailed documentation
|
||||
on every path, use `vault help` after mounting the backend.
|
||||
on every path, use `vault path-help` after mounting the backend.
|
||||
|
||||
## Quick Start
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ with regards to mounting:
|
|||
were created at. The data stored for the backend won't be deleted.
|
||||
|
||||
Once a secret backend is mounted, you can interact with it directly
|
||||
at its mount point according to its own API. You can use the `vault help`
|
||||
at its mount point according to its own API. You can use the `vault path-help`
|
||||
system to determine the paths it responds to.
|
||||
|
||||
## Barrier View
|
||||
|
|
|
@ -24,7 +24,7 @@ Vault makes use of its own internal revocation system to ensure that users
|
|||
become invalid within a reasonable time of the lease expiring.
|
||||
|
||||
This page will show a quick start for this backend. For detailed documentation
|
||||
on every path, use `vault help` after mounting the backend.
|
||||
on every path, use `vault path-help` after mounting the backend.
|
||||
|
||||
## Quick Start
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ By keeping leases relatively short, revocations are less likely to be needed, ke
|
|||
|
||||
In addition, by allowing revocation to mostly be forgone, this backend allows for ephemeral certificates; certificates can be fetched and stored in memory upon application startup and discarded upon shutdown, without ever being written to disk.
|
||||
|
||||
This page will show a quick start for this backend. For detailed documentation on every path, use `vault help` after mounting the backend.
|
||||
This page will show a quick start for this backend. For detailed documentation on every path, use `vault path-help` after mounting the backend.
|
||||
|
||||
## Considerations
|
||||
|
||||
|
@ -127,7 +127,7 @@ Vault has now generated a new set of credentials using the `example-dot-com` rol
|
|||
|
||||
Using ACLs, it is possible to restrict using the pki backend such that trusted operators can manage the role definitions, and both users and applications are restricted in the credentials they are allowed to read.
|
||||
|
||||
If you get stuck at any time, simply run `vault help pki` or with a subpath for interactive help output.
|
||||
If you get stuck at any time, simply run `vault path-help pki` or with a subpath for interactive help output.
|
||||
|
||||
## API
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ Vault makes use both of its own internal revocation system as well as the
|
|||
become invalid within a reasonable time of the lease expiring.
|
||||
|
||||
This page will show a quick start for this backend. For detailed documentation
|
||||
on every path, use `vault help` after mounting the backend.
|
||||
on every path, use `vault path-help` after mounting the backend.
|
||||
|
||||
## Quick Start
|
||||
|
||||
|
@ -104,7 +104,7 @@ that trusted operators can manage the role definitions, and both
|
|||
users and applications are restricted in the credentials they are
|
||||
allowed to read.
|
||||
|
||||
If you get stuck at any time, simply run `vault help postgresql` or with a
|
||||
If you get stuck at any time, simply run `vault path-help postgresql` or with a
|
||||
subpath for interactive help output.
|
||||
|
||||
## API
|
||||
|
|
|
@ -30,7 +30,7 @@ Additionally, since encrypt/decrypt operations must enter the audit log,
|
|||
any decryption event is recorded.
|
||||
|
||||
This page will show a quick start for this backend. For detailed documentation
|
||||
on every path, use `vault help` after mounting the backend.
|
||||
on every path, use `vault path-help` after mounting the backend.
|
||||
|
||||
## Quick Start
|
||||
|
||||
|
|
|
@ -107,7 +107,7 @@ Vault is the single policy authority, unlike auth where you can mount
|
|||
multiple backends. Any mounted auth backend must map identities to these
|
||||
core policies.
|
||||
|
||||
Use the `vault help` system with your auth backend to determine how the
|
||||
Use the `vault path-help` system with your auth backend to determine how the
|
||||
mapping is done, since it is specific to each backend. For example,
|
||||
with GitHub, it is done by team using the `map/teams/<team>` path:
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ Successfully enabled 'github' at 'github'!
|
|||
|
||||
Auth backends are mounted, just like secret backends, except auth
|
||||
backends are always prefixed with `auth/`. So the GitHub backend we just
|
||||
mounted can be accessed at `auth/github`. You can use `vault help` to
|
||||
mounted can be accessed at `auth/github`. You can use `vault path-help` to
|
||||
learn more about it.
|
||||
|
||||
With the backend enabled, we first have to configure it. For GitHub,
|
||||
|
|
|
@ -28,10 +28,10 @@ For this, we'll assume you have the AWS backend mounted. If not, mount
|
|||
it with `vault mount aws`. Even if you don't have an AWS account, you
|
||||
can still mount the AWS backend.
|
||||
|
||||
With the backend mounted, let's learn about it with `vault help`:
|
||||
With the backend mounted, let's learn about it with `vault path-help`:
|
||||
|
||||
```
|
||||
$ vault help aws
|
||||
$ vault path-help aws
|
||||
## DESCRIPTION
|
||||
|
||||
The AWS backend dynamically generates AWS access keys for a set of
|
||||
|
@ -62,7 +62,7 @@ you may or may not be able to access certain paths.
|
|||
Read and write IAM policies that access keys can be made for.
|
||||
```
|
||||
|
||||
The `vault help` command takes a path. By specifying the root path for
|
||||
The `vault path-help` command takes a path. By specifying the root path for
|
||||
a mount, it will give us the overview of that mount. Notice how the help
|
||||
not only contains a description, but also the exact regular expressions
|
||||
used to match routes for this backend along with a brief description
|
||||
|
@ -71,14 +71,14 @@ of what the route is for.
|
|||
## Path Help
|
||||
|
||||
After seeing the overview, we can continue to dive deeper by getting
|
||||
help for an individual path. For this, just use `vault help` with a path
|
||||
help for an individual path. For this, just use `vault path-help` with a path
|
||||
that would match the regular expression for that path. Note that the path
|
||||
doesn't need to actually _work_. For example, we'll get the help below
|
||||
for accessing `aws/creds/operator`, even though we never created the `operator`
|
||||
role:
|
||||
|
||||
```
|
||||
$ vault help aws/creds/operator
|
||||
$ vault path-help aws/creds/operator
|
||||
Request: creds/operator
|
||||
Matching Route: ^creds/(?P<name>\w+)$
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ usage: vault [-version] [-help] <command> [args]
|
|||
|
||||
Common commands:
|
||||
delete Delete operation on secrets in Vault
|
||||
help Look up the help for a path
|
||||
path-help Look up the help for a path
|
||||
read Read data or secrets from Vault
|
||||
renew Renew the lease of a secret
|
||||
revoke Revoke a secret.
|
||||
|
@ -58,12 +58,15 @@ All other commands:
|
|||
auth-disable Disable an auth provider
|
||||
auth-enable Enable a new auth provider
|
||||
init Initialize a new Vault server
|
||||
key-status Provides information about the active encryption key
|
||||
mount Mount a logical backend
|
||||
mounts Lists mounted backends in Vault
|
||||
policies List the policies on the server
|
||||
policy-delete Delete a policy from the server
|
||||
policy-write Write a policy to the server
|
||||
rekey Rekeys Vault to generate new unseal keys
|
||||
remount Remount a secret backend to a new path
|
||||
rotate Rotates the backend encryption key used to persist data
|
||||
seal Seals the vault server
|
||||
token-create Create a new auth token
|
||||
token-renew Renew an auth token
|
||||
|
|
Loading…
Reference in a new issue