Update credential help
Use "vault login" instead of "vault auth" and use "method" consistently over provider.
This commit is contained in:
parent
d85c6a43c0
commit
7b8c472e22
|
@ -108,9 +108,9 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
|
|||
|
||||
func (h *CLIHandler) Help() string {
|
||||
help := `
|
||||
Usage: vault auth -method=aws [CONFIG K=V...]
|
||||
Usage: vault login -method=aws [CONFIG K=V...]
|
||||
|
||||
The AWS authentication provider allows users to authenticate with AWS IAM
|
||||
The AWS authentication method allows users to authenticate with AWS IAM
|
||||
credentials. The AWS IAM credentials may be specified in a number of ways,
|
||||
listed in order of precedence below:
|
||||
|
||||
|
@ -124,11 +124,11 @@ Usage: vault auth -method=aws [CONFIG K=V...]
|
|||
|
||||
Authenticate using locally stored credentials:
|
||||
|
||||
$ vault auth -method=aws
|
||||
$ vault login -method=aws
|
||||
|
||||
Authenticate by passing keys:
|
||||
|
||||
$ vault auth -method=aws aws_access_key_id=... aws_secret_access_key=...
|
||||
$ vault login -method=aws aws_access_key_id=... aws_secret_access_key=...
|
||||
|
||||
Configuration:
|
||||
|
||||
|
@ -145,14 +145,13 @@ Configuration:
|
|||
Value for the x-vault-aws-iam-server-id header in requests
|
||||
|
||||
mount=<string>
|
||||
Path where the AWS credential provider is mounted. This is usually
|
||||
provided via the -path flag in the "vault auth" command, but it can be
|
||||
specified here as well. If specified here, it takes precedence over
|
||||
the value for -path. The default value is "aws".
|
||||
Path where the AWS credential method is mounted. This is usually provided
|
||||
via the -path flag in the "vault login" command, but it can be specified
|
||||
here as well. If specified here, it takes precedence over the value for
|
||||
-path. The default value is "aws".
|
||||
|
||||
role=<string>
|
||||
Name of the role to request a token against
|
||||
|
||||
`
|
||||
|
||||
return strings.TrimSpace(help)
|
||||
|
|
|
@ -40,22 +40,21 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
|
|||
|
||||
func (h *CLIHandler) Help() string {
|
||||
help := `
|
||||
Usage: vault auth -method=cert [CONFIG K=V...]
|
||||
Usage: vault login -method=cert [CONFIG K=V...]
|
||||
|
||||
The certificate authentication provider allows uers to authenticate with a
|
||||
The certificate authentication method allows uers to authenticate with a
|
||||
client certificate passed with the request. The -client-cert and -client-key
|
||||
flags are included with the "vault auth" command, NOT as configuration to
|
||||
the authentication provider.
|
||||
flags are included with the "vault login" command, NOT as configuration to the
|
||||
authentication method.
|
||||
|
||||
Authenticate using a local client certificate:
|
||||
|
||||
$ vault auth -method=cert -client-cert=cert.pem -client-key=key.pem
|
||||
$ vault login -method=cert -client-cert=cert.pem -client-key=key.pem
|
||||
|
||||
Configuration:
|
||||
|
||||
name=<string>
|
||||
Certificate role to authenticate against.
|
||||
|
||||
`
|
||||
|
||||
return strings.TrimSpace(help)
|
||||
|
|
|
@ -39,23 +39,23 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
|
|||
|
||||
func (h *CLIHandler) Help() string {
|
||||
help := `
|
||||
Usage: vault auth -method=github [CONFIG K=V...]
|
||||
Usage: vault login -method=github [CONFIG K=V...]
|
||||
|
||||
The GitHub authentication provider allows users to authenticate using a
|
||||
GitHub personal access token. Users can generate a personal access token
|
||||
from the settings page on their GitHub account.
|
||||
The GitHub authentication method allows users to authenticate using a GitHub
|
||||
personal access token. Users can generate a personal access token from the
|
||||
settings page on their GitHub account.
|
||||
|
||||
Authenticate using a GitHub token:
|
||||
|
||||
$ vault auth -method=github token=abcd1234
|
||||
$ vault login -method=github token=abcd1234
|
||||
|
||||
Configuration:
|
||||
|
||||
mount=<string>
|
||||
Path where the GitHub credential provider is mounted. This is usually
|
||||
provided via the -path flag in the "vault auth" command, but it can be
|
||||
specified here as well. If specified here, it takes precedence over
|
||||
the value for -path. The default value is "github".
|
||||
Path where the GitHub credential method is mounted. This is usually
|
||||
provided via the -path flag in the "vault login" command, but it can be
|
||||
specified here as well. If specified here, it takes precedence over the
|
||||
value for -path. The default value is "github".
|
||||
|
||||
token=<string>
|
||||
GitHub personal access token to use for authentication.
|
||||
|
|
|
@ -62,24 +62,24 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
|
|||
|
||||
func (h *CLIHandler) Help() string {
|
||||
help := `
|
||||
Usage: vault auth -method=ldap [CONFIG K=V...]
|
||||
Usage: vault login -method=ldap [CONFIG K=V...]
|
||||
|
||||
The LDAP authentication provider allows users to authenticate using LDAP or
|
||||
The LDAP authentication method allows users to authenticate using LDAP or
|
||||
Active Directory.
|
||||
|
||||
If MFA is enabled, a "method" and/or "passcode" may be required depending on
|
||||
the MFA provider. To check which MFA is in use, run:
|
||||
the MFA method. To check which MFA is in use, run:
|
||||
|
||||
$ vault read auth/<mount>/mfa_config
|
||||
|
||||
Authenticate as "sally":
|
||||
|
||||
$ vault auth -method=ldap username=sally
|
||||
$ vault login -method=ldap username=sally
|
||||
Password (will be hidden):
|
||||
|
||||
Authenticate as "bob":
|
||||
|
||||
$ vault auth -method=ldap username=bob password=password
|
||||
$ vault login -method=ldap username=bob password=password
|
||||
|
||||
Configuration:
|
||||
|
||||
|
@ -95,7 +95,6 @@ Configuration:
|
|||
|
||||
username=<string>
|
||||
LDAP username to use for authentication.
|
||||
|
||||
`
|
||||
|
||||
return strings.TrimSpace(help)
|
||||
|
|
|
@ -53,18 +53,18 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
|
|||
// Help method for okta cli
|
||||
func (h *CLIHandler) Help() string {
|
||||
help := `
|
||||
Usage: vault auth -method=okta [CONFIG K=V...]
|
||||
Usage: vault login -method=okta [CONFIG K=V...]
|
||||
|
||||
The OKTA authentication provider allows users to authenticate using OKTA.
|
||||
The OKTA authentication method allows users to authenticate using OKTA.
|
||||
|
||||
Authenticate as "sally":
|
||||
|
||||
$ vault auth -method=okta username=sally
|
||||
$ vault login -method=okta username=sally
|
||||
Password (will be hidden):
|
||||
|
||||
Authenticate as "bob":
|
||||
|
||||
$ vault auth -method=okta username=bob password=password
|
||||
$ vault login -method=okta username=bob password=password
|
||||
|
||||
Configuration:
|
||||
|
||||
|
@ -74,7 +74,7 @@ Configuration:
|
|||
|
||||
username=<string>
|
||||
OKTA username to use for authentication.
|
||||
`
|
||||
`
|
||||
|
||||
return strings.TrimSpace(help)
|
||||
}
|
||||
|
|
|
@ -63,15 +63,15 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
|
|||
|
||||
func (h *CLIHandler) Help() string {
|
||||
help := `
|
||||
Usage: vault auth TOKEN [CONFIG K=V...]
|
||||
Usage: vault login TOKEN [CONFIG K=V...]
|
||||
|
||||
The token authentication provider allows logging in directly with a token.
|
||||
This can be a token from the "token-create" command or API. There are no
|
||||
configuration options for this authentication provider.
|
||||
The token authentication method allows logging in directly with a token. This
|
||||
can be a token from the "token-create" command or API. There are no
|
||||
configuration options for this authentication method.
|
||||
|
||||
Authenticate using a token:
|
||||
|
||||
$ vault auth 96ddf4bc-d217-f3ba-f9bd-017055595017
|
||||
$ vault login 96ddf4bc-d217-f3ba-f9bd-017055595017
|
||||
|
||||
This token usually comes from a different source such as the API or via the
|
||||
built-in "vault token-create" command.
|
||||
|
@ -80,8 +80,7 @@ Configuration:
|
|||
|
||||
token=<string>
|
||||
The token to use for authentication. This is usually provided directly
|
||||
via the "vault auth" command.
|
||||
|
||||
via the "vault login" command.
|
||||
`
|
||||
|
||||
return strings.TrimSpace(help)
|
||||
|
|
|
@ -66,24 +66,24 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
|
|||
|
||||
func (h *CLIHandler) Help() string {
|
||||
help := `
|
||||
Usage: vault auth -method=userpass [CONFIG K=V...]
|
||||
Usage: vault login -method=userpass [CONFIG K=V...]
|
||||
|
||||
The userpass authentication provider allows users to authenticate using
|
||||
Vault's internal user database.
|
||||
The userpass authentication method allows users to authenticate using Vault's
|
||||
internal user database.
|
||||
|
||||
If MFA is enabled, a "method" and/or "passcode" may be required depending on
|
||||
the MFA provider. To check which MFA is in use, run:
|
||||
the MFA method. To check which MFA is in use, run:
|
||||
|
||||
$ vault read auth/<mount>/mfa_config
|
||||
|
||||
Authenticate as "sally":
|
||||
|
||||
$ vault auth -method=userpass username=sally
|
||||
$ vault login -method=userpass username=sally
|
||||
Password (will be hidden):
|
||||
|
||||
Authenticate as "bob":
|
||||
|
||||
$ vault auth -method=userpass username=bob password=password
|
||||
$ vault login -method=userpass username=bob password=password
|
||||
|
||||
Configuration:
|
||||
|
||||
|
@ -94,12 +94,11 @@ Configuration:
|
|||
MFA OTP/passcode.
|
||||
|
||||
password=<string>
|
||||
Password to use for authentication. If not provided, the CLI will
|
||||
prompt for this on stdin.
|
||||
Password to use for authentication. If not provided, the CLI will prompt
|
||||
for this on stdin.
|
||||
|
||||
username=<string>
|
||||
Username to use for authentication.
|
||||
|
||||
`
|
||||
|
||||
return strings.TrimSpace(help)
|
||||
|
|
Loading…
Reference in a new issue