Clarify ssh/public_key response, recommend -format=raw (#17745)

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

builtin/logical/ssh/path_fetch.go

@@ -16,7 +16,7 @@ func pathFetchPublicKey(b *backend) *framework.Path {
 		},
 
 		HelpSynopsis:    `Retrieve the public key.`,
-		HelpDescription: `This allows the public key, that this backend has been configured with, to be fetched.`,
+		HelpDescription: `This allows the public key, that this backend has been configured with, to be fetched. This is a raw response endpoint without JSON encoding; use -format=raw or an external tool (e.g., curl) to fetch this value.`,
 	}
 }
 

website/content/api-docs/secret/pki.mdx

@@ -3488,5 +3488,5 @@ operations behave the same, with no other special configuration or parameters re
 ## Vault CLI with DER/PEM responses
 
 The Vault CLI can only display JSON responses. For APIs that return non-JSON formatted
-data such as DER and PEM formats, `vault read` will fail and another client such as curl
-must be used.
+data such as DER and PEM formats, `vault read` will fail without the `-format=raw`
+option added in Vault 1.13 or another client such as `curl` must be used.

website/content/api-docs/secret/ssh.mdx

@@ -769,7 +769,11 @@ $ curl \
 This endpoint returns the configured/generated public key. This is an unauthenticated
 endpoint.
 
-| Method | Path              |
+~> Note: this is a raw response endpoint without JSON encoding; use
+   `vault read -format=raw` or an external tool (e.g., `curl`) to fetch this
+   value.
+
+| Method | Path              | Content-Type     |
 | :----- | :---------------- | ---------------- |
 | `GET`  | `/ssh/public_key` | `200 text/plain` |