luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/source/intro/getting-started/help.html.md
Jeff Escalante a3dfde5cec New Docs Website (#5535) 
* conversion stage 1

* correct image paths

* add sidebar title to frontmatter

* docs/concepts and docs/internals

* configuration docs and multi-level nav corrections

* commands docs, index file corrections, small item nav correction

* secrets converted

* auth

* add enterprise and agent docs

* add extra dividers

* secret section, wip

* correct sidebar nav title in front matter for apu section, start working on api items

* auth and backend, a couple directory structure fixes

* remove old docs

* intro side nav converted

* reset sidebar styles, add hashi-global-styles

* basic styling for nav sidebar

* folder collapse functionality

* patch up border length on last list item

* wip restructure for content component

* taking middleman hacking to the extreme, but its working

* small css fix

* add new mega nav

* fix a small mistake from the rebase

* fix a content resolution issue with middleman

* title a couple missing docs pages

* update deps, remove temporary markup

* community page

* footer to layout, community page css adjustments

* wip downloads page

* deps updated, downloads page ready

* fix community page

* homepage progress

* add components, adjust spacing

* docs and api landing pages

* a bunch of fixes, add docs and api landing pages

* update deps, add deploy scripts

* add readme note

* update deploy command

* overview page, index title

* Update doc fields

Note this still requires the link fields to be populated -- this is solely related to copy on the description fields

* Update api_basic_categories.yml

Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.

* Add bottom hero, adjust CSS, responsive friendly

* Add mega nav title

* homepage adjustments, asset boosts

* small fixes

* docs page styling fixes

* meganav title

* some category link corrections

* Update API categories page

updated to reflect the second level headings for api categories

* Update docs_detailed_categories.yml

Updated to represent the existing docs structure

* Update docs_detailed_categories.yml

* docs page data fix, extra operator page remove

* api data fix

* fix makefile

* update deps, add product subnav to docs and api landing pages

* Rearrange non-hands-on guides to _docs_

Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.

* WIP Redirects for guides to docs

* content and component updates

* font weight hotfix, redirects

* fix guides and intro sidenavs

* fix some redirects

* small style tweaks

* Redirects to learn and internally to docs

* Remove redirect to `/vault`

* Remove `.html` from destination on redirects

* fix incorrect index redirect

* final touchups

* address feedback from michell for makefile and product downloads
2018-10-19 08:40:11 -07:00

119 lines
4.2 KiB
Markdown
Raw Blame History

---
layout: "intro"
page_title: "Built-in Help - Getting Started"
sidebar_title: "Built-in Help"
sidebar_current: "gettingstarted-help"
description: |-
Vault has a built-in help system to learn about the available paths in Vault and how to use them.
---
# Built-in Help
You've now worked with `vault write` and `vault read` for multiple paths: the
`kv` secrets engine with `kv/` and dynamic AWS credentials with the AWS secrets
engine provider at `aws/`. In both cases, the structure and usage of each
secrets engines differed, for example the AWS backend has special paths like
`aws/config`.
Instead of having to memorize or reference documentation constantly to determine
what paths to use, Vault has a built-in help system. This help system can be
accessed via the API or the command-line and generates human-readable help for
any path.
## Secrets Engines Overview
This section assumes you have the AWS secrets engine enabled at `aws/`. If you
do not, enable it before continuing:
```text
$ vault secrets enable -path=aws aws
```
With the secrets engine enabled, learn about it with the `vault path-help`
command:
```text
$ vault path-help aws
## DESCRIPTION
The AWS backend dynamically generates AWS access keys for a set of
IAM policies. The AWS access keys have a configurable lease set and
are automatically revoked at the end of the lease.
After mounting this backend, credentials to generate IAM keys must
be configured with the "root" path and policies must be written using
the "roles/" endpoints before any access keys can be generated.
## PATHS
The following paths are supported by this backend. To view help for
any of the paths below, use the help command with any route matching
the path pattern. Note that depending on the policy of your auth token,
you may or may not be able to access certain paths.
^config/lease$
Configure the default lease information for generated credentials.
^config/root$
Configure the root credentials that are used to manage IAM.
^creds/(?P<name>\w+)$
Generate an access key pair for a specific role.
^roles/(?P<name>\w+)$
Read and write IAM policies that access keys can be made for.
```
The `vault path-help` command takes a path. By specifying a root path, it will
give us the overview of that secrets engine. Notice how the help not only
contains a description, but also the exact regular expressions used to match
routes for this backend along with a brief description of what the route is for.
## Path Help
After seeing the overview, we can continue to dive deeper by getting help for an
individual path. For this, just use `vault path-help` with a path that would
match the regular expression for that path. Note that the path doesn't need to
actually _work_. For example, we'll get the help below for accessing
`aws/creds/my-non-existent-role`, even though we never created the role:
```text
$ vault path-help aws/creds/my-non-existent-role
Request: creds/my-non-existent-role
Matching Route: ^creds/(?P<name>\w(([\w-.]+)?\w)?)$
Generate an access key pair for a specific role.
## PARAMETERS
name (string)
Name of the role
## DESCRIPTION
This path will generate a new, never before used key pair for
accessing AWS. The IAM policy used to back this key pair will be
the "name" parameter. For example, if this backend is mounted at "aws",
then "aws/creds/deploy" would generate access keys for the "deploy" role.
The access keys will have a lease associated with them. The access keys
can be revoked by using the lease ID.
```
Within a path, we are given the parameters that this path requires. Some
parameters come from the route itself. In this case, the `name` parameter is a
named capture from the route regular expression. There is also a description of
what that path does.
Go ahead and explore more paths! Enable other secrets engines, traverse their
help systems, and learn about what they do.
## Next
The help system may not be the most exciting feature of Vault, but it is
indispensable in day-to-day usage. The help system lets you learn about how to
use any backend within Vault without leaving the command line.
Next, we will learn about
[authentication](/intro/getting-started/authentication.html).
Reference in a new issue View git blame Copy permalink