Update credential help

Use "vault login" instead of "vault auth" and use "method" consistently over provider.
This commit is contained in:
Seth Vargo 2017-09-06 10:02:15 -04:00
parent d85c6a43c0
commit 7b8c472e22
No known key found for this signature in database
GPG key ID: C921994F9C27E0FF
7 changed files with 46 additions and 51 deletions

View file

@ -108,9 +108,9 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
func (h *CLIHandler) Help() string {
help := `
Usage: vault auth -method=aws [CONFIG K=V...]
Usage: vault login -method=aws [CONFIG K=V...]
The AWS authentication provider allows users to authenticate with AWS IAM
The AWS authentication method allows users to authenticate with AWS IAM
credentials. The AWS IAM credentials may be specified in a number of ways,
listed in order of precedence below:
@ -124,11 +124,11 @@ Usage: vault auth -method=aws [CONFIG K=V...]
Authenticate using locally stored credentials:
$ vault auth -method=aws
$ vault login -method=aws
Authenticate by passing keys:
$ vault auth -method=aws aws_access_key_id=... aws_secret_access_key=...
$ vault login -method=aws aws_access_key_id=... aws_secret_access_key=...
Configuration:
@ -145,14 +145,13 @@ Configuration:
Value for the x-vault-aws-iam-server-id header in requests
mount=<string>
Path where the AWS credential provider is mounted. This is usually
provided via the -path flag in the "vault auth" command, but it can be
specified here as well. If specified here, it takes precedence over
the value for -path. The default value is "aws".
Path where the AWS credential method is mounted. This is usually provided
via the -path flag in the "vault login" command, but it can be specified
here as well. If specified here, it takes precedence over the value for
-path. The default value is "aws".
role=<string>
Name of the role to request a token against
`
return strings.TrimSpace(help)

View file

@ -40,22 +40,21 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
func (h *CLIHandler) Help() string {
help := `
Usage: vault auth -method=cert [CONFIG K=V...]
Usage: vault login -method=cert [CONFIG K=V...]
The certificate authentication provider allows uers to authenticate with a
The certificate authentication method allows uers to authenticate with a
client certificate passed with the request. The -client-cert and -client-key
flags are included with the "vault auth" command, NOT as configuration to
the authentication provider.
flags are included with the "vault login" command, NOT as configuration to the
authentication method.
Authenticate using a local client certificate:
$ vault auth -method=cert -client-cert=cert.pem -client-key=key.pem
$ vault login -method=cert -client-cert=cert.pem -client-key=key.pem
Configuration:
name=<string>
Certificate role to authenticate against.
`
return strings.TrimSpace(help)

View file

@ -39,23 +39,23 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
func (h *CLIHandler) Help() string {
help := `
Usage: vault auth -method=github [CONFIG K=V...]
Usage: vault login -method=github [CONFIG K=V...]
The GitHub authentication provider allows users to authenticate using a
GitHub personal access token. Users can generate a personal access token
from the settings page on their GitHub account.
The GitHub authentication method allows users to authenticate using a GitHub
personal access token. Users can generate a personal access token from the
settings page on their GitHub account.
Authenticate using a GitHub token:
$ vault auth -method=github token=abcd1234
$ vault login -method=github token=abcd1234
Configuration:
mount=<string>
Path where the GitHub credential provider is mounted. This is usually
provided via the -path flag in the "vault auth" command, but it can be
specified here as well. If specified here, it takes precedence over
the value for -path. The default value is "github".
Path where the GitHub credential method is mounted. This is usually
provided via the -path flag in the "vault login" command, but it can be
specified here as well. If specified here, it takes precedence over the
value for -path. The default value is "github".
token=<string>
GitHub personal access token to use for authentication.

View file

@ -62,24 +62,24 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
func (h *CLIHandler) Help() string {
help := `
Usage: vault auth -method=ldap [CONFIG K=V...]
Usage: vault login -method=ldap [CONFIG K=V...]
The LDAP authentication provider allows users to authenticate using LDAP or
The LDAP authentication method allows users to authenticate using LDAP or
Active Directory.
If MFA is enabled, a "method" and/or "passcode" may be required depending on
the MFA provider. To check which MFA is in use, run:
the MFA method. To check which MFA is in use, run:
$ vault read auth/<mount>/mfa_config
Authenticate as "sally":
$ vault auth -method=ldap username=sally
$ vault login -method=ldap username=sally
Password (will be hidden):
Authenticate as "bob":
$ vault auth -method=ldap username=bob password=password
$ vault login -method=ldap username=bob password=password
Configuration:
@ -95,7 +95,6 @@ Configuration:
username=<string>
LDAP username to use for authentication.
`
return strings.TrimSpace(help)

View file

@ -53,18 +53,18 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
// Help method for okta cli
func (h *CLIHandler) Help() string {
help := `
Usage: vault auth -method=okta [CONFIG K=V...]
Usage: vault login -method=okta [CONFIG K=V...]
The OKTA authentication provider allows users to authenticate using OKTA.
The OKTA authentication method allows users to authenticate using OKTA.
Authenticate as "sally":
$ vault auth -method=okta username=sally
$ vault login -method=okta username=sally
Password (will be hidden):
Authenticate as "bob":
$ vault auth -method=okta username=bob password=password
$ vault login -method=okta username=bob password=password
Configuration:

View file

@ -63,15 +63,15 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
func (h *CLIHandler) Help() string {
help := `
Usage: vault auth TOKEN [CONFIG K=V...]
Usage: vault login TOKEN [CONFIG K=V...]
The token authentication provider allows logging in directly with a token.
This can be a token from the "token-create" command or API. There are no
configuration options for this authentication provider.
The token authentication method allows logging in directly with a token. This
can be a token from the "token-create" command or API. There are no
configuration options for this authentication method.
Authenticate using a token:
$ vault auth 96ddf4bc-d217-f3ba-f9bd-017055595017
$ vault login 96ddf4bc-d217-f3ba-f9bd-017055595017
This token usually comes from a different source such as the API or via the
built-in "vault token-create" command.
@ -80,8 +80,7 @@ Configuration:
token=<string>
The token to use for authentication. This is usually provided directly
via the "vault auth" command.
via the "vault login" command.
`
return strings.TrimSpace(help)

View file

@ -66,24 +66,24 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
func (h *CLIHandler) Help() string {
help := `
Usage: vault auth -method=userpass [CONFIG K=V...]
Usage: vault login -method=userpass [CONFIG K=V...]
The userpass authentication provider allows users to authenticate using
Vault's internal user database.
The userpass authentication method allows users to authenticate using Vault's
internal user database.
If MFA is enabled, a "method" and/or "passcode" may be required depending on
the MFA provider. To check which MFA is in use, run:
the MFA method. To check which MFA is in use, run:
$ vault read auth/<mount>/mfa_config
Authenticate as "sally":
$ vault auth -method=userpass username=sally
$ vault login -method=userpass username=sally
Password (will be hidden):
Authenticate as "bob":
$ vault auth -method=userpass username=bob password=password
$ vault login -method=userpass username=bob password=password
Configuration:
@ -94,12 +94,11 @@ Configuration:
MFA OTP/passcode.
password=<string>
Password to use for authentication. If not provided, the CLI will
prompt for this on stdin.
Password to use for authentication. If not provided, the CLI will prompt
for this on stdin.
username=<string>
Username to use for authentication.
`
return strings.TrimSpace(help)