diff --git a/command/commands.go b/command/commands.go index f441c3ee1..21da8141b 100644 --- a/command/commands.go +++ b/command/commands.go @@ -704,6 +704,11 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co BaseCommand: getBaseCommand(), }, nil }, + "transit": func() (cli.Command, error) { + return &TransitCommand{ + BaseCommand: getBaseCommand(), + }, nil + }, "transit import": func() (cli.Command, error) { return &TransitImportCommand{ BaseCommand: getBaseCommand(), diff --git a/command/pki.go b/command/pki.go index 4212ee6f8..8ae5eae4a 100644 --- a/command/pki.go +++ b/command/pki.go @@ -13,7 +13,7 @@ type PKICommand struct { } func (c *PKICommand) Synopsis() string { - return "Interact with Vault's Key-Value storage" + return "Interact with Vault's PKI Secrets Engine" } func (c *PKICommand) Help() string { diff --git a/command/transit.go b/command/transit.go new file mode 100644 index 000000000..9b4b30501 --- /dev/null +++ b/command/transit.go @@ -0,0 +1,39 @@ +package command + +import ( + "strings" + + "github.com/mitchellh/cli" +) + +var _ cli.Command = (*TransitCommand)(nil) + +type TransitCommand struct { + *BaseCommand +} + +func (c *TransitCommand) Synopsis() string { + return "Interact with Vault's Transit Secrets Engine" +} + +func (c *TransitCommand) Help() string { + helpText := ` +Usage: vault transit [options] [args] + + This command has subcommands for interacting with Vault's Transit Secrets + Engine. Here are some simple examples, and more detailed examples are + available in the subcommands or the documentation. + + To import a key into the specified Transit or Transform mount: + + $ vault transit import transit/keys/newly-imported @path/to/key type=rsa-2048 + + Please see the individual subcommand help for detailed usage information. +` + + return strings.TrimSpace(helpText) +} + +func (c *TransitCommand) Run(args []string) int { + return cli.RunResultHelp +} diff --git a/command/transit_import_key.go b/command/transit_import_key.go index 7acc90f22..56e72f835 100644 --- a/command/transit_import_key.go +++ b/command/transit_import_key.go @@ -42,10 +42,11 @@ Usage: vault transit import PATH KEY [options...] the base64 encoded KEY (either directly on the CLI or via @path notation), into a new key whose API path is PATH. To import a new version into an existing key, use import_version. The remaining options after KEY (key=value - style) are passed on to the transit/transform create key endpoint. If your + style) are passed on to the Transit or Transform create key endpoint. If your system or device natively supports the RSA AES key wrap mechanism (such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it directly rather than this command. + ` + c.Flags().Help() return strings.TrimSpace(helpText) diff --git a/command/transit_import_key_version.go b/command/transit_import_key_version.go index 7e5a56019..7b38f7dc7 100644 --- a/command/transit_import_key_version.go +++ b/command/transit_import_key_version.go @@ -26,12 +26,13 @@ Usage: vault transit import-version PATH KEY [...] Using the Transit or Transform key wrapping system, imports key material from the base64 encoded KEY (either directly on the CLI or via @path notation), - into a new key whose API path is PATH. To import a new transit/transform + into a new key whose API path is PATH. To import a new Transit or Transform key, use the import command instead. The remaining options after KEY - (key=value style) are passed on to the transit/transform create key endpoint. + (key=value style) are passed on to the Transit or Transform create key endpoint. If your system or device natively supports the RSA AES key wrap mechanism (such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it directly rather than this command. + ` + c.Flags().Help() return strings.TrimSpace(helpText)