Added documentation for init service discovery

2016-07-21 17:12:54 -04:00 · 2016-07-21 17:12:54 -04:00 · 5316082675
parent f557457909
commit 5316082675
1 changed files with 50 additions and 26 deletions
--- a/command/init.go
+++ b/command/init.go
@ -257,39 +257,63 @@ General Options:
 ` + meta.GeneralOptionsUsage() + `
 Init Options:
-  -check                    Don't actually initialize, just check if Vault is
+  -check			Don't actually initialize, just check if Vault is
-                            already initialized. A return code of 0 means Vault
+				already initialized. A return code of 0 means Vault
-                            is initialized; a return code of 2 means Vault is not
+				is initialized; a return code of 2 means Vault is not
-                            initialized; a return code of 1 means an error was
+				initialized; a return code of 1 means an error was
-                            encountered.
+				encountered.
-  -key-shares=5             The number of key shares to split the master key
+  -key-shares=5			The number of key shares to split the master key
-                            into.
+				into.
-  -key-threshold=3          The number of key shares required to reconstruct
+  -key-threshold=3		The number of key shares required to reconstruct
-                            the master key.
+				the master key.
-  -stored-shares=0          The number of unseal keys to store. This is not
+  -stored-shares=0		The number of unseal keys to store. This is not
-                            normally available.
+				normally available.
-  -pgp-keys                 If provided, must be a comma-separated list of
+  -pgp-keys			If provided, must be a comma-separated list of
-                            files on disk containing binary- or base64-format
+				files on disk containing binary- or base64-format
-                            public PGP keys, or Keybase usernames specified as
+				public PGP keys, or Keybase usernames specified as
-                            "keybase:<username>". The number of given entries
+				"keybase:<username>". The number of given entries
-                            must match 'key-shares'. The output unseal keys will
+				must match 'key-shares'. The output unseal keys will
-                            be encrypted and hex-encoded, in order, with the
+				be encrypted and hex-encoded, in order, with the
-                            given public keys.  If you want to use them with the
+				given public keys.  If you want to use them with the
-                            'vault unseal' command, you will need to hex decode
+				'vault unseal' command, you will need to hex decode
-                            and decrypt; this will be the plaintext unseal key.
+				and decrypt; this will be the plaintext unseal key.
-  -recovery-shares=5        The number of key shares to split the recovery key
+  -recovery-shares=5		The number of key shares to split the recovery key
-                            into. This is not normally available.
+				into. This is not normally available.
-  -recovery-threshold=3     The number of key shares required to reconstruct
+  -recovery-threshold=3		The number of key shares required to reconstruct
-                            the recovery key. This is not normally available.
+				the recovery key. This is not normally available.
-  -recovery-pgp-keys        If provided, behaves like "pgp-keys" but for the
+  -recovery-pgp-keys		If provided, behaves like "pgp-keys" but for the
-                            recovery key shares. This is not normally available.
+				recovery key shares. This is not normally available.
  -auto				If set, performs service discovery using the underlying
 				Consul storage backend. When one or more Vault servers
 				are running on Consul storage backend (none else),
 				setting this flag will create a Consul client and
 				discovrs the nodes using the service name under which
 				Vault nodes are registered with Consul. Service name
 				should be supplied using 'consul-service' flag. This
 				option works well when each Vault cluster is registered
 				under a unique service name. Ensure that environment
 				variables required to communicate with Consul, like
 				(CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_HTTP_SSL,
 				et al) are properly set. If, only one Vault node is
 				discovered, then an initialization attempt will be made.
 				If more than one Vault nodes are discovered, they will
 				be listed on the output, requiring another execution of
 				this command with updated VAULT_ADDR environment variable.
  -consul-service		Service name under which the all nodes of Vault are
 				registered with Consul. When Vault is using Consul
 				as its storage backend, by default, it will auto register
 				itself with Consul under the default name of "vault".
 				This name can be modified in Vault's configuration file,
 				using the "service" option under Consul backend.
 `
 	return strings.TrimSpace(helpText)
 }