[DOCS] Tweak the new CLI partials (#28964)

* save for stash pop

* fix anchor IDs and wrap parameters in links for easier use

website/content/partials/cli/README.md

@@ -1,22 +1,108 @@
+## Terminology
+
+non-runnable    a command with no side-effects other than printing help text.
+command tree    a hierarchical graph of CLI commands where internal nodes are
+                non-runnable and leaf nodes represent runnable CLI commands.
+root command    the root node in a tree or subtree of CLI commands. For example,
+                `plugin` is the root node for all plugin commands and
+                `plugin runtime` is the root node for runtime commands.
+command family - the top-most root command for a collection of CLI commands.
+                 For example `audit` or `plugin`.
+
+### Exceptions :(
+
+The `agent` family of commands is malformed. Rather than having a root node
+(`agent`) with two subcommands (`agent start` and `agent generate-config`), the
+root command is runnable.
+
+
+## Why partials?
 
 We document CLI command arguments, options, and flags as partials:
 
 - as a first step toward templatizing and autogenerating the CLI command pages.
-- to make it easier to include and maintain elements shared across commands in
+- to make it easier to include and maintain parameters shared across commands in
   the same family.
-- to make it easier to include and maintain elements shared across command
+- to make it easier to include and maintain parameters shared across command
   families.
 - to make it easier to include information about standard flags on the command
   pages.
 
 
-Partial template for CLI elements (required elements use <required> in place of
-a default value):
+## Directory structure
 
-<a id="COMMAND-[arg | option | flag]-NAME" />
+partials/cli/<command-family>          partials specific to a command family
+partials/cli/<command-family>/args     command-family arguments
+partials/cli/<command-family>/flags    command-family flags
+partials/cli/<command-family>/options  command-family options
 
-**`-NAME (TYPE : DEFAULT)`**
+partials/cli/shared          partials for parameters shared across some, but not all, command families
+partials/cli/shared/args     shared arguments (does not exist yet)
+partials/cli/shared/flags    shared flags
+partials/cli/shared/options  shared options (does not exist yet)
+
+partials/global-settings        partials for standard/global parameters
+partials/global-settings/flags  global flags (e.g., `-header`)
+partials/global-settings/env    global environment variables (e.g., `VAULT_LICENSE`)
+partials/global-settings/both   parameters that exits as flags and variables
+
+## Partial templates
+
+- Use the parameter name as the file name and "NAME" in the anchor definition,
+  even if the use of dashes or underscores is inconsistent with other parameters
+  or partial names. For example, if the flag is `-my_weird_flag`, make the
+  partial filename `my_weird_flag.mdx` and the anchor ID
+  `COMMAND-flag-my_weird_flag`.
+- If the parameter is shared across command families, but not applicable to **all**
+  command families, it belongs under `partials/cli/shared`
+- If the parameter is a flag with a cooresponding environment variable but
+  **does not** apply to all commands, talk with a technical writer before
+  creating your partials.
+- If the parameter is required, use `<required>` for the default entry.
+- Include `-` as part of the name for flag names **except for anchor IDs**.
+- Use `=` in example text for options
+- Omit `=` in example text for flags
+
+### Template 1 - command-specific parameters
+
+Use the following template for parameters that exist as command-exclusively
+arguments, flags, or options. "ANCHOR_ID" is the ID defined in the `<a id=...>`
+HTML tag.
+
+-- Template (start) --
+
+<a id="COMMAND_ROOT-[arg | option | flag]-NAME" />
+
+
+<a href="#ANCHOR_ID" style={{textDecorationLine:'none'}}>
+
+**`NAME (TYPE : DEFAULT)`**
+
+</a>
 
 DESCRIPTION
 
 **Example**: `EXAMPLE_OF_VALID_USE`
+
+-- Template (end) --
+
+
+
+### Template 2 - shared parameters
+
+Use the following template for parameters that exist as arguments, flags, or
+options that are not global but are shared across more than one command family.
+"ANCHOR_ID" is the ID defined in the `<a id=...>` HTML tag.
+
+<a id="shared-[arg | option | flag]-NAME" />
+
+
+<a href="#ANCHOR_ID" style={{textDecorationLine:'none'}}>
+
+**`NAME (TYPE : DEFAULT)`**
+
+</a>
+
+DESCRIPTION
+
+**Example**: `EXAMPLE_OF_VALID_USE`

website/content/partials/cli/agent/args/file_path.mdx

@@ -1,7 +1,11 @@
 <a id="agent-arg-file_path" />
 
+<a href="#agent-arg-file_path" style={{textDecorationLine:'none'}}>
+
 **`file_path (string : "./agent.hcl")`**
 
+</a>
+
 The path where Vault should save the generated configuration file.
 
 **Example**: `"./agent/custom-config.hcl"`

website/content/partials/cli/agent/flags/config.mdx

@@ -1,7 +1,12 @@
 <a id="agent-flag-config" />
 
+<a href="#agent-flag-config" style={{textDecorationLine:'none'}}>
+
 **`-config (string : <required>)`**
 
+</a>
+
+
 Path to a single
 [Vault Agent configuration file](/vault/docs/agent-and-proxy/agent#configuration-file-options)
 or directory of configuration files with agent directives. Repeat the `-config`

website/content/partials/cli/agent/flags/exec.mdx

@@ -1,7 +1,11 @@
 <a id="agent-flag-exec" />
 
+<a href="#agent-flag-exec" style={{textDecorationLine:'none'}}>
+
 **`-exec (string : "")`**
 
+</a>
+
 Path to the command for child processes with optional arguments. Relative paths
 start from the current working directory when executed. Corresponds to
 `exec.command` in the Vault Agent configuration file.

website/content/partials/cli/agent/flags/exit-after-auth.mdx

@@ -1,7 +1,11 @@
 <a id="agent-flag-exit-after-auth" />
 
+<a href="#agent-flag-exit-after-auth" style={{textDecorationLine:'none'}}>
+
 **`-exit-after-auth (bool : false)`**
 
+</a>
+
 Exit with code `0` after a single successful auth. Success indicates successful
 token retrieval and write to sink.
 

website/content/partials/cli/agent/flags/path.mdx

@@ -1,7 +1,11 @@
 <a id="agent-flag-path" />
 
+<a href="#agent-flag-path" style={{textDecorationLine:'none'}}>
+
 **`-path (string : "")`**
 
+</a>
+
 Path to one or more `kv` secrets store. Paths that end with a wildcard (`*`)
 include all secrets under that path.
 

website/content/partials/cli/agent/flags/type.mdx

@@ -1,7 +1,11 @@
 <a id="agent-flag-type" />
 
+<a href="#agent-flag-type" style={{textDecorationLine:'none'}}>
+
 **`-type (enum : <required>)`**
 
+</a>
+
 The configuration file entry to create.
 
 Enum           | Description

website/content/partials/cli/audit/args/device_path.mdx

@@ -1,7 +1,11 @@
-<a id="audit-arg-path" />
+<a id="audit-arg-device_path" />
+
+<a href="#audit-arg-device_path" style={{textDecorationLine:'none'}}>
 
 **`device_path (string : <required>)`**
 
+</a>
+
 The internal path where Vault accesses the audit device. Audit device paths are
 unique across all audit devices.
 

website/content/partials/cli/audit/args/device_type.mdx

@@ -1,6 +1,10 @@
-<a id="audit-device-type" />
+<a id="audit-arg-device_type" />
 
-**`device_type (enum : <required>)`**
+<a href="#ANCHOR_ID" style={{textDecorationLine:'none'}}>
+
+**`audit-arg-device_type (enum : <required>)`**
+
+</a>
 
 The audit device type to create.
 

website/content/partials/cli/audit/args/file/file_path.mdx

@@ -1,7 +1,11 @@
-<a id="audit-file-file_path" />
+<a id="audit-arg-file-file_path" />
+
+<a href="#audit-arg-file-file_path" style={{textDecorationLine:'none'}}>
 
 **`file_path (string : <required>)`**
 
+</a>
+
 Location on the audit log on the Vault server. Must be one of the following:
 
 Value                     | Description

website/content/partials/cli/audit/args/file/mode.mdx

@@ -1,7 +1,11 @@
-<a id="audit-file-mode" />
+<a id="audit-arg-file-mode" />
+
+<a href="#audit-arg-file-mode" style={{textDecorationLine:'none'}}>
 
 **`mode (string : "0600")`**
 
+</a>
+
 The `chmod`-style octal permissions for the audit file. Set `mode` to "0000" to
 prevent Vault from modifying the file mode. 
 

website/content/partials/cli/audit/args/socket/address.mdx

@@ -1,7 +1,11 @@
-<a id="audit-socket-address" />
+<a id="audit-arg-socket-address" />
+
+<a href="#audit-arg-socket-address" style={{textDecorationLine:'none'}}>
 
 **`address (string : "")`**
 
+</a>
+
 Location of the socket as a server IP and port or a local path.
 
 **Example**: `address="/tmp/audit.sock"`

website/content/partials/cli/audit/args/socket/socket_type.mdx

@@ -1,7 +1,11 @@
-<a id="audit-socket-socket_type" />
+<a id="audit-arg-socket-socket_type" />
+
+<a href="#audit-arg-socket-socket_type" style={{textDecorationLine:'none'}}>
 
 **`socket_type (string : "tcp")`**
 
+</a>
+
 Communication protocol expected by the socket. Vault can write to any
 [net.Dialer](https://pkg.go.dev/net#Dialer)-compatible socket. If a TCP socket
 stops responding, Vault may become unresponsive due to a

website/content/partials/cli/audit/args/socket/write_timeout.mdx

@@ -1,7 +1,11 @@
-<a id="audit-socket-write_timeout" />
+<a id="audit-arg-socket-write_timeout" />
+
+<a href="#audit-arg-socket-write_timeout" style={{textDecorationLine:'none'}}>
 
 **`write_timeout (string : "2s")`**
 
+</a>
+
 Duration in seconds that Vault will wait for a write to complete over the
 socket. Setting `write_timeout` to `0` disables time outs and forces Vault to
 always wait until the write completes.

website/content/partials/cli/audit/args/syslog/facility.mdx

@@ -1,7 +1,11 @@
-<a id="audit-syslog-facility" />
+<a id="audit-arg-syslog-facility" />
+
+<a href="#audit-arg-syslog-facility" style={{textDecorationLine:'none'}}>
 
 **`facility (string : "AUTH")`**
 
+</a>
+
 The process that generated the syslog entry (the syslog facility).
 
 **Example**: `facility="AUTO-AUTH"`

website/content/partials/cli/audit/args/syslog/tag.mdx

@@ -1,7 +1,11 @@
-<a id="audit-syslog-tag" />
+<a id="audit-arg-syslog-tag" />
+
+<a href="#audit-arg-syslog-tag" style={{textDecorationLine:'none'}}>
 
 **`tag (string : "vault")`**
 
+</a>
+
 The program that generated the syslog entry.
 
 **Example**: `tag="vault-agent"`

website/content/partials/cli/audit/flags/description.mdx

@@ -1,7 +1,11 @@
 <a id="audit-flag-description" />
 
+<a href="#audit-flag-description" style={{textDecorationLine:'none'}}>
+
 **`-description (string : "")`**
 
+</a>
+
 A human-friendly string that explains the purpose of the audit device.
 
 **Example**: `-description "KV request auditing"`

website/content/partials/cli/audit/flags/detailed.mdx

@@ -1,7 +1,11 @@
 <a id="audit-flag-detailed" />
 
+<a href="#audit-flag-detailed" style={{textDecorationLine:'none'}}>
+
 **`-detailed (bool : false)`**
 
+</a>
+
 Print detailed information such as options and replication status about each
 audit device.
 

website/content/partials/cli/audit/flags/local.mdx

@@ -1,7 +1,11 @@
 <a id="audit-flag-local" />
 
+<a href="#audit-flag-local" style={{textDecorationLine:'none'}}>
+
 **`-local (bool : false)`**
 
+</a>
+
 Indicates that the audit device is local to the Vault server and ignored by
 replication.
 

website/content/partials/cli/audit/flags/path.mdx

@@ -1,7 +1,11 @@
 <a id="audit-flag-path" />
 
+<a href="#audit-flag-path" style={{textDecorationLine:'none'}}>
+
 **`-path (string : "/<device_type>")`**
 
+</a>
+
 The internal path where Vault will access the audit device. Audit device paths
 must be unique across all audit devices.
 

website/content/partials/cli/audit/options/elide_list_responses.mdx

@@ -1,7 +1,11 @@
-<a id="audit-elide_list_responses" />
+<a id="audit-option-elide_list_responses" />
+
+<a href="#audit-option-elide_list_responses" style={{textDecorationLine:'none'}}>
 
 **`elide_list_responses (bool : false)`**
 
+</a>
+
 Replace the details for `response.data.keys` and `response.data.key_info` with
 the number of entries to reduce the size of audit records. See
 [Eliding list response bodies](/vault/docs/audit#eliding-list-response-bodies)

website/content/partials/cli/audit/options/exclude.mdx

@@ -1,6 +1,11 @@
-<a id="audit-exclude" />
+<a id="audit-option-exclude" />
+
+<a href="#audit-option-exclude" style={{textDecorationLine:'none'}}>
+
+**`exclude (string : "")`**
+
+</a><EnterpriseAlert inline="true" />
 
-**`exclude (string : "")`** <EnterpriseAlert inline="true" />
 
 Remove any fields matching the provided
 [exclusion filtering rules](/vault/docs/enterprise/audit/exclusion) from the
@@ -14,8 +19,9 @@ audit entry before writing to the audit device.
   definitions to `exclude`:
 
   ```
-  $  vault audit enable exclude=@rules.json file file_path="/var/logs/vault/audit.log"'
+  $ vault audit enable    \
+      exclude=@rules.json \
+      file file_path="/var/logs/vault/audit.log"'
   ```
 
 </Tip>
-

website/content/partials/cli/audit/options/fallback.mdx

@@ -1,7 +1,11 @@
-<a id="audit-fallback" />
+<a id="audit-option-fallback" />
+
+<a href="#audit-option-fallback" style={{textDecorationLine:'none'}}>
 
 **`fallback (bool : false)`** <EnterpriseAlert inline="true" />
 
+</a>
+
 The audit device is the fallback for filtering purposes.
 **Vault only supports one fallback audit device at a time**.
 

website/content/partials/cli/audit/options/filter.mdx

@@ -1,7 +1,11 @@
-<a id="audit-filter" />
+<a id="audit-option-filter" />
+
+<a href="#audit-option-filter" style={{textDecorationLine:'none'}}>
 
 **`filter (string : "")`** <EnterpriseAlert inline="true" />
 
+</a>
+
 Only write audit log entries matching the provided
 [filtering expression](/vault/docs/enterprise/audit/filtering) to the audit
 device.

website/content/partials/cli/audit/options/format.mdx

@@ -1,7 +1,11 @@
-<a id="audit-format" />
+<a id="audit-option-format" />
+
+<a href="#audit-option-format" style={{textDecorationLine:'none'}}>
 
 **`format (enum : json)`**
 
+</a>
+
 Write audit log entries in the provided format.
 
 Enum    | Description

website/content/partials/cli/audit/options/hmac_accessor.mdx

@@ -1,7 +1,11 @@
-<a id="audit-hmac_accessor" />
+<a id="audit-option-hmac_accessor" />
+
+<a href="#audit-option-hmac_accessor" style={{textDecorationLine:'none'}}>
 
 **`hmac_accessor (bool : true)`**
 
+</a>
+
 Hash all token accessor data before writing to the audit device.
 
 **Example**: `hmac_accessor=false`

website/content/partials/cli/audit/options/log_raw.mdx

@@ -1,7 +1,11 @@
-<a id="audit-log_raw" />
+<a id="audit-option-log_raw" />
+
+<a href="#audit-option-log_raw" style={{textDecorationLine:'none'}}>
 
 **`log_raw (bool : false)`**
 
+</a>
+
 Hash all sensitive security information before writing to the audit device.
 
 **Example**: `log_raw=true`

website/content/partials/cli/audit/options/prefix.mdx

@@ -1,7 +1,11 @@
-<a id="audit-prefix" />
+<a id="audit-option-prefix" />
+
+<a href="#audit-option-prefix" style={{textDecorationLine:'none'}}>
 
 **`prefix (string : "")`**
 
+</a>
+
 Prepend the provided string to each log entry when writing to the audit device.
 
 **Example**: `prefix="KV Request :: "`

website/content/partials/cli/shared/flags/log-file.mdx

@@ -1,7 +1,11 @@
 <a id="shared-flag-log-file" />
 
+<a href="#shared-flag-log-file" style={{textDecorationLine:'none'}}>
+
 **`-log-file (string : "./<service>.log")`**
 
+</a>
+
 Absolute path where Vault Agent saves logging data.
 
 - Paths ending with `/` use the default file name `<service>.log`. For example,

website/content/partials/cli/shared/flags/log-rotate-bytes.mdx

@@ -1,7 +1,11 @@
 <a id="shared-flag-log-rotate-bytes" />
 
+<a href="#shared-flag-log-rotate-bytes" style={{textDecorationLine:'none'}}>
+
 **`-log-rotate-bytes (int : <unset>)`**
 
+</a>
+
 File size, in bytes, after which log files must rotate. Leave `log-rotate-bytes`
 unset if you prefer not to limit log file size.
 

website/content/partials/cli/shared/flags/log-rotate-duration.mdx

@@ -1,7 +1,11 @@
 <a id="shared-flag-log-rotate-duration" />
 
+<a href="#shared-flag-log-rotate-duration" style={{textDecorationLine:'none'}}>
+
 **`-log-rotate-duration (string : "24h")`**
 
+</a>
+
 Amount of time, in `<number>[s|m|h|d]` format, after which log files must
 rotate.
 

website/content/partials/cli/shared/flags/log-rotate-max-files.mdx

@@ -1,7 +1,11 @@
-<a id="shared-flag-NAME" />
+<a id="shared-flag-log-rotate-max-files" />
+
+<a href="#shared-flag-log-rotate-max-files" style={{textDecorationLine:'none'}}>
 
 **`-log-rotate-max-files (int : 0)`**
 
+</a>
+
 The number of log file archives to preserve over time:
 
 - *`n`* - Preserve up to `n` archived logs.

website/content/partials/global-settings/both/address.mdx

@@ -1,7 +1,11 @@
 <a id="global-address" />
 
+<a href="#global-address" style={{textDecorationLine:'none'}}>
+
 **`[-address | VAULT_ADDR] (string : 'https://127.0.0.1:8200')`**
 
+</a>
+
 Address of the Vault server.
 
 **Examples**:

website/content/partials/global-settings/both/agent-address.mdx

@@ -1,7 +1,11 @@
 <a id="global-agent-address" />
 
+<a href="#global-agent-address" style={{textDecorationLine:'none'}}>
+
 **`[-agent-address | VAULT_AGENT_ADDR] (string : "")`**
 
+</a>
+
 Address of the Vault Agent, if used.
 
 **Examples**:

website/content/partials/global-settings/both/ca-cert.mdx

@@ -1,7 +1,11 @@
 <a id="global-ca-cert" />
 
+<a href="#global-ca-cert" style={{textDecorationLine:'none'}}>
+
 **`[-ca-cert | VAULT_CACERT] (string : "")`**
 
+</a>
+
 Path to a PEM-encoded CA certificate file on the local disk. Used to verify SSL
 certificates for the server. **Takes precedence over `-ca_path`**.
 

website/content/partials/global-settings/both/ca-path.mdx

@@ -1,7 +1,11 @@
 <a id="global-ca-path" />
 
+<a href="#global-ca-path" style={{textDecorationLine:'none'}}>
+
 **`[-ca-path | VAULT_CAPATH] (string : "")`**
 
+</a>
+
 Path to a directory with PEM-encoded CA certificate files on the local disk.
 Used to verify SSL certificates for the server.
 

website/content/partials/global-settings/both/client-cert.mdx

@@ -1,7 +1,11 @@
 <a id="global-client-cert" />
 
+<a href="#global-client-cert" style={{textDecorationLine:'none'}}>
+
 **`[-client-cert | VAULT_CLIENT_CERT] (string : "")`**
 
+</a>
+
 Path to a PEM-encoded CA certificate file on the local disk. Used for TLS
 communication with the server. **The specified certificate must match to the
 private key specified with `-client-cert`**.

website/content/partials/global-settings/both/client-key.mdx

@@ -1,7 +1,11 @@
 <a id="global-client-key" />
 
+<a href="#global-client-key" style={{textDecorationLine:'none'}}>
+
 **`[-client-key | VAULT_CLIENT_KEY] (string : "")`**
 
+</a>
+
 Path to a PEM-encoded private key that matches the client certificate set with
 `-client-cert`.
 

website/content/partials/global-settings/both/disable-redirects.mdx

@@ -1,7 +1,11 @@
 <a id="global-disable-redirects" />
 
+<a href="#global-disable-redirects" style={{textDecorationLine:'none'}}>
+
 **`[-disable-redirects | VAULT_DISABLE_REDIRECTS] (bool : false)`**
 
+</a>
+
 Disable the default CLI redirect behavior so the CLI honors the first redirect
 response from the underlying API instead of following the full HTTP redirect
 chain.

website/content/partials/global-settings/both/format.mdx

@@ -1,6 +1,10 @@
 <a id="global-format" />
 
-**`[-format | VAULT_FORMAT] (enum: json)`**
+<a href="#global-format" style={{textDecorationLine:'none'}}>
+
+**`[-format | VAULT_FORMAT] (enum: table)`**
+
+</a>
 
 Set the CLI output format.
 
@@ -13,6 +17,6 @@ Value   | Description
 
 **Examples**:
 
-- CLI flag: `-format table`
-- Environment variable: `export VAULT_FORMAT=table`
+- CLI flag: `-format json`
+- Environment variable: `export VAULT_FORMAT=json`
 

website/content/partials/global-settings/both/log-format.mdx

@@ -1,7 +1,11 @@
 <a id="global-log-format" />
 
+<a href="#global-log-format" style={{textDecorationLine:'none'}}>
+
 **`[-log-format | VAULT_LOG_FORMAT] (enum : standard)`**
 
+</a>
+
 Format of log data:
 
 - **`standard`** - Write log data as basic text.

website/content/partials/global-settings/both/log-level.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_log-level" />
 
+<a href="#global-vault_log-level" style={{textDecorationLine:'none'}}>
+
 **`[-log-level | VAULT_LOG_LEVEL] (enum : info)`**
 
+</a>
+
 Default logging level for the Vault server.
 
 Enum    | Logging behavior

website/content/partials/global-settings/both/mfa.mdx

@@ -1,7 +1,11 @@
 <a id="global-mfa" />
 
+<a href="#global-mfa" style={{textDecorationLine:'none'}}>
+
 **`[-mfa | VAULT_MFA] (string : "")`** <EnterpriseAlert inline="true" />
 
+</a>
+
 A multi-factor authentication (MFA) credential, in the format
 `mfa_method_name[:key[=value]]`, that the CLI should use to authenticate to
 Vault. The CLI adds MFA credentials to the `X-Vault-MFA` header when calling the

website/content/partials/global-settings/both/namespace.mdx

@@ -1,7 +1,11 @@
 <a id="global-namespace" />
 
+<a href="#global-namespace" style={{textDecorationLine:'none'}}>
+
 **`[-namespace | -ns | VAULT_NAMESPACE] (string : <unset>)`**
 
+</a>
+
 Root namespace for the CLI command. Setting a default namespace allow relative
 mount paths.
 

website/content/partials/global-settings/both/tls-server-name.mdx

@@ -1,7 +1,11 @@
 <a id="global-tls-server-name" />
 
+<a href="#global-tls-server-name" style={{textDecorationLine:'none'}}>
+
 **`[-tls-server-name | VAULT_TLS_SERVER_NAME] (string : "")`**
 
+</a>
+
 Name of the SNI host for TLS handshake resolution for TLS connections to Vault.
 
 **Examples**:

website/content/partials/global-settings/both/tls-skip-verify.mdx

@@ -1,7 +1,11 @@
 <a id="global-tls-skip-verify" />
 
+<a href="#global-tls-skip-verify" style={{textDecorationLine:'none'}}>
+
 **`[-tls-skip-verify | VAULT_SKIP_VERIFY] (bool : false)`**
 
+</a>
+
 Disable verification for all TLS certificates. **Use with caution**. Disabling
 TLS certificate verification decreases the security of data transmissions to and
 from the Vault server.

website/content/partials/global-settings/both/wrap-ttl.mdx

@@ -1,7 +1,11 @@
 <a id="global-wrap-ttl" />
 
+<a href="#global-wrap-ttl" style={{textDecorationLine:'none'}}>
+
 **`[-wrap-ttl | VAULT_WRAP_TTL] (string : "")`**
 
+</a>
+
 Default time-to-live in `<number>[s|m|h|d]` format for the Cubbyhole token used
 to wrap CLI responses. You must use `vault unwrap` to view response data before
 the duration expires. Leave `wrap_ttl` unset to leave CLI responses unwrapped.

website/content/partials/global-settings/env/cli_no_color.mdx

@@ -1,7 +1,11 @@
 <a id="global-cli_no_color" />
 
+<a href="#global-cli_no_color" style={{textDecorationLine:'none'}}>
+
 **`VAULT_CLI_NO_COLOR (bool : true)`**
 
+</a>
+
 Exclude ANSI color escape sequence characters from the CLI output.
 
 **Example**: `export VAULT_CLI_NO_COLOR=0`

website/content/partials/global-settings/env/client_timeout.mdx

@@ -1,7 +1,11 @@
 <a id="standard-vault_client_timeout" />
 
+<a href="#standard-vault_client_timeout" style={{textDecorationLine:'none'}}>
+
 **`VAULT_CLIENT_TIMEOUT (string : "60s")`**
 
+</a>
+
 Amount of time, in `<number>[s|m|h|d]` format, the CLI should wait on a response
 from Vault.
 

website/content/partials/global-settings/env/cluster_addr.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_cluster_addr" />
 
+<a href="#global-vault_cluster_addr" style={{textDecorationLine:'none'}}>
+
 **`VAULT_CLUSTER_ADDR (string : "")`**
 
+</a>
+
 Address of the local Vault node. Vault uses cluster addresses for
 cluster-to-cluster communication when running in high-availability mode.
 

website/content/partials/global-settings/env/http_proxy.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_http_proxy" />
 
+<a href="#global-vault_http_proxy" style={{textDecorationLine:'none'}}>
+
 **`VAULT_HTTP_PROXY (string : "")`**
 
+</a>
+
 Legacy alias for `VAULT_PROXY_ADDR`.
 
 

website/content/partials/global-settings/env/license.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_license" />
 
+<a href="#global-vault_license" style={{textDecorationLine:'none'}}>
+
 **`VAULT_LICENSE (string : "")`** <EnterpriseAlert inline="true" />
 
+</a>
+
 Vault Enterprise license string for the local server or node. `VAULT_LICENSE`
 takes precedence over `VAULT_LICENSE_PATH` **and** the `license_path` parameter
 in the Vault configuration file.

website/content/partials/global-settings/env/license_path.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_license_path" />
 
+<a href="#global-vault_license_path" style={{textDecorationLine:'none'}}>
+
 **`VAULT_LICENSE_PATH (string : "")`** <EnterpriseAlert inline="true" />
 
+</a>
+
 Local path to a file containing a valid Vault Enterprise license for the server
 or node. `VAULT_LICENSE_PATH` takes precedence over the `license_path` parameter
 in the Vault configuration file.

website/content/partials/global-settings/env/max_retries.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_max_retries" />
 
+<a href="#global-vault_max_retries" style={{textDecorationLine:'none'}}>
+
 **`VAULT_MAX_RETRIES (integer : 2)`**
 
+</a>
+
 The number of times the CLI should retry a request to the Vault server when the
 CLI receives one of the following recoverable error codes:
 

website/content/partials/global-settings/env/proxy_addr.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_proxy_addr" />
 
+<a href="#global-vault_proxy_addr" style={{textDecorationLine:'none'}}>
+
 **`VAULT_PROXY_ADDR (string : "")`**
 
+</a>
+
 The HTTPS or HTTP address, including server and port, where clients can access
 Vault. Setting `VAULT_HTTP_PROXY` overrides the default proxy resolution
 behavior and tells Vault to ignore the following proxy-related environment

website/content/partials/global-settings/env/rate_limit.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_rate_limit" />
 
+<a href="#global-vault_rate_limit" style={{textDecorationLine:'none'}}>
+
 **`VAULT_RATE_LIMIT (string : unset)`**
 
+</a>
+
 The number of operations per second, in `rate[:burst]` format, used to throttle
 requests between the CLI and the server. The `burst` value is optional and
 defaults to `rate` when not specified.

website/content/partials/global-settings/env/redirect_addr.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_redirect_addr" />
 
+<a href="#global-vault_redirect_addr" style={{textDecorationLine:'none'}}>
+
 **`VAULT_REDIRECT_ADDR (string : "")`**
 
+</a>
+
 Local node address that listens for redirected client communication when Vault
 runs in high-availability mode.
 

website/content/partials/global-settings/env/skip_verify.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_skip_verify" />
 
+<a href="#global-vault_skip_verify" style={{textDecorationLine:'none'}}>
+
 **`VAULT_SKIP_VERIFY (bool : false)`**
 
+</a>
+
 Allow communication between the CLI and Vault server before verifying the
 authentication certificate presented by Vault.
 

website/content/partials/global-settings/env/srv_lookup.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_srv_lookup" />
 
+<a href="#global-vault_srv_lookup" style={{textDecorationLine:'none'}}>
+
 **`VAULT_SRV_LOOKUP (bool : false)`**
 
+</a>
+
 Use SRV records instead of standard DNS to look up hostnames as described in
 the Network Working Group draft
 ["Use of SRV records in conjunction with HTTP and URIs"](https://datatracker.ietf.org/doc/html/draft-andrews-http-srv-02).

website/content/partials/global-settings/env/token.mdx

@@ -1,7 +1,11 @@
 <a id="global-vault_token" />
 
+<a href="#global-vault_token" style={{textDecorationLine:'none'}}>
+
 **`VAULT_TOKEN (string : "")`**
 
+</a>
+
 A Vault-issued service token that authenticates the CLI user to Vault.
 See the [tokens concepts page](/vault/docs/concepts/tokens) for more information
 on token types.

website/content/partials/global-settings/flags/header.mdx

@@ -1,7 +1,11 @@
 <a id="global-header" />
 
+<a href="#global-header" style={{textDecorationLine:'none'}}>
+
 **`-header (string : "")`**
 
+</a>
+
 Optional HTTP header in the form `"<key>=<value>"` for the CLI request. Repeat
 the `-header` flag as needed with one string per flag. User-defined headers
 cannot start with `X-Vault-`

website/content/partials/global-settings/flags/non-interactive.mdx

@@ -1,7 +1,11 @@
 <a id="global-non-interactive" />
 
+<a href="#global-non-interactive" style={{textDecorationLine:'none'}}>
+
 **`-non-interactive (bool : false)`**
 
+</a>
+
 Prevent the CLI from asking users for input through the terminal.
 
 **Example**: `-non-interactive`

website/content/partials/global-settings/flags/output-curl-string.mdx

@@ -1,7 +1,11 @@
 <a id="global-output-curl-string" />
 
+<a href="#global-output-curl-string" style={{textDecorationLine:'none'}}>
+
 **`-output-curl-string (bool : false)`**
 
+</a>
+
 Print the API call(s) required to execute the CLI command  as `cURL` strings
 then exit without running the command.
 

website/content/partials/global-settings/flags/output-policy.mdx

@@ -1,7 +1,11 @@
 <a id="global-output-policy" />
 
+<a href="#global-output-policy" style={{textDecorationLine:'none'}}>
+
 **`-output-policy (bool : false)`**
 
+</a>
+
 Print the Vault policy required to execute the CLI command as HCL then exit
 without running the command.
 

website/content/partials/global-settings/flags/policy-override.mdx

@@ -1,7 +1,11 @@
 <a id="global-policy-override" />
 
+<a href="#global-policy-override" style={{textDecorationLine:'none'}}>
+
 **`-policy-override (bool : false)`**
 
+</a>
+
 Overrides any Sentinel policy where `enforcement_level` is "soft-mandatory".
 
 **Example**: `-policy-override`

website/content/partials/global-settings/flags/unlock-key.mdx

@@ -1,7 +1,11 @@
 <a id="global-unlock-key" />
 
+<a href="#global-unlock-key" style={{textDecorationLine:'none'}}>
+
 **`-unlock-key (string : <unset>)`**
 
+</a>
+
 Plaintext key that unlocks the underlying API endpoint for a given namespace.
 
 **Example**: `-unlock-key "7oXtdlmvRQ"`

website/templates/cli-page.mdx

@@ -0,0 +1,104 @@
+---
+layout: docs
+page_title: "COMMAND_NAME - Vault CLI"
+description: >-
+  DESCRIPTION
+---
+
+# `COMMAND_NAME`
+
+TLDR_SUMMARY
+
+<CodeBlockConfig hideClipboard>
+
+```shell-session
+$ vault COMMAND_NAME SYNTAX_STRING
+
+$ vault COMMAND_NAME [-help | -h]
+```
+
+</CodeBlockConfig>
+
+## Description
+
+`COMMAND_NAME` does a thing.... (full description here)
+
+<Tip title="Related API endpoints">
+
+  ENDPOINT_NAME - [`HTTP_VERB:ENDPOINT_PATH`](API_DOC_URL)
+
+</Tip>
+
+### Limitations and warnings (omit if not needed)
+
+List and explicit limitations/warning users should be aware of with the command
+
+
+## Command arguments
+
+None.
+
+-- OR --
+
+@include 'PATH_TO_ARGUMENT_PARTIAL_1'
+
+<br /><hr /><br />
+
+@include 'PATH_TO_ARGUMENT_PARTIAL_2'
+
+<br /><hr /><br />
+
+@include 'PATH_TO_ARGUMENT_PARTIAL_N'
+
+
+
+## Command options
+
+None.
+
+-- OR --
+
+@include 'PATH_TO_OPTION_PARTIAL_1'
+
+<br /><hr /><br />
+
+@include 'PATH_TO_OPTION_PARTIAL_1'
+
+<br /><hr /><br />
+
+@include 'PATH_TO_OPTION_PARTIAL_1'
+
+
+## Command flags
+
+None.
+
+-- OR --
+
+@include 'PATH_TO_FLAG_PARTIAL_1'
+
+<br /><hr /><br />
+
+@include 'PATH_TO_FLAG_PARTIAL_2'
+
+<br /><hr /><br />
+
+@include 'PATH_TO_FLAG_PARTIAL_N'
+
+
+
+## Global flags
+
+<br />
+
+@include 'cli/standard-settings/all-standard-flags-but-format.mdx'
+
+- OR -
+
+@include 'cli/standard-settings/all-standard-flags-but-format.mdx'
+
+
+
+## Examples
+
+LIST_OF_USEFUL_EXAMPLES