diff --git a/builtin/credential/aws/cli.go b/builtin/credential/aws/cli.go index 75fb08ff89..b01b9b4a3b 100644 --- a/builtin/credential/aws/cli.go +++ b/builtin/credential/aws/cli.go @@ -108,9 +108,9 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro func (h *CLIHandler) Help() string { help := ` -Usage: vault auth -method=aws [CONFIG K=V...] +Usage: vault login -method=aws [CONFIG K=V...] - The AWS authentication provider allows users to authenticate with AWS IAM + The AWS authentication method allows users to authenticate with AWS IAM credentials. The AWS IAM credentials may be specified in a number of ways, listed in order of precedence below: @@ -124,11 +124,11 @@ Usage: vault auth -method=aws [CONFIG K=V...] Authenticate using locally stored credentials: - $ vault auth -method=aws + $ vault login -method=aws Authenticate by passing keys: - $ vault auth -method=aws aws_access_key_id=... aws_secret_access_key=... + $ vault login -method=aws aws_access_key_id=... aws_secret_access_key=... Configuration: @@ -145,14 +145,13 @@ Configuration: Value for the x-vault-aws-iam-server-id header in requests mount= - Path where the AWS credential provider is mounted. This is usually - provided via the -path flag in the "vault auth" command, but it can be - specified here as well. If specified here, it takes precedence over - the value for -path. The default value is "aws". + Path where the AWS credential method is mounted. This is usually provided + via the -path flag in the "vault login" command, but it can be specified + here as well. If specified here, it takes precedence over the value for + -path. The default value is "aws". role= Name of the role to request a token against - ` return strings.TrimSpace(help) diff --git a/builtin/credential/cert/cli.go b/builtin/credential/cert/cli.go index 5316efd8c1..bd066d466c 100644 --- a/builtin/credential/cert/cli.go +++ b/builtin/credential/cert/cli.go @@ -40,22 +40,21 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro func (h *CLIHandler) Help() string { help := ` -Usage: vault auth -method=cert [CONFIG K=V...] +Usage: vault login -method=cert [CONFIG K=V...] - The certificate authentication provider allows uers to authenticate with a + The certificate authentication method allows uers to authenticate with a client certificate passed with the request. The -client-cert and -client-key - flags are included with the "vault auth" command, NOT as configuration to - the authentication provider. + flags are included with the "vault login" command, NOT as configuration to the + authentication method. Authenticate using a local client certificate: - $ vault auth -method=cert -client-cert=cert.pem -client-key=key.pem + $ vault login -method=cert -client-cert=cert.pem -client-key=key.pem Configuration: name= Certificate role to authenticate against. - ` return strings.TrimSpace(help) diff --git a/builtin/credential/github/cli.go b/builtin/credential/github/cli.go index 21f8d56a7d..05d4c6d40a 100644 --- a/builtin/credential/github/cli.go +++ b/builtin/credential/github/cli.go @@ -39,23 +39,23 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro func (h *CLIHandler) Help() string { help := ` -Usage: vault auth -method=github [CONFIG K=V...] +Usage: vault login -method=github [CONFIG K=V...] - The GitHub authentication provider allows users to authenticate using a - GitHub personal access token. Users can generate a personal access token - from the settings page on their GitHub account. + The GitHub authentication method allows users to authenticate using a GitHub + personal access token. Users can generate a personal access token from the + settings page on their GitHub account. Authenticate using a GitHub token: - $ vault auth -method=github token=abcd1234 + $ vault login -method=github token=abcd1234 Configuration: mount= - Path where the GitHub credential provider is mounted. This is usually - provided via the -path flag in the "vault auth" command, but it can be - specified here as well. If specified here, it takes precedence over - the value for -path. The default value is "github". + Path where the GitHub credential method is mounted. This is usually + provided via the -path flag in the "vault login" command, but it can be + specified here as well. If specified here, it takes precedence over the + value for -path. The default value is "github". token= GitHub personal access token to use for authentication. diff --git a/builtin/credential/ldap/cli.go b/builtin/credential/ldap/cli.go index 2559f85c47..29e3834093 100644 --- a/builtin/credential/ldap/cli.go +++ b/builtin/credential/ldap/cli.go @@ -62,24 +62,24 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro func (h *CLIHandler) Help() string { help := ` -Usage: vault auth -method=ldap [CONFIG K=V...] +Usage: vault login -method=ldap [CONFIG K=V...] - The LDAP authentication provider allows users to authenticate using LDAP or + The LDAP authentication method allows users to authenticate using LDAP or Active Directory. If MFA is enabled, a "method" and/or "passcode" may be required depending on - the MFA provider. To check which MFA is in use, run: + the MFA method. To check which MFA is in use, run: $ vault read auth//mfa_config Authenticate as "sally": - $ vault auth -method=ldap username=sally + $ vault login -method=ldap username=sally Password (will be hidden): Authenticate as "bob": - $ vault auth -method=ldap username=bob password=password + $ vault login -method=ldap username=bob password=password Configuration: @@ -95,7 +95,6 @@ Configuration: username= LDAP username to use for authentication. - ` return strings.TrimSpace(help) diff --git a/builtin/credential/okta/cli.go b/builtin/credential/okta/cli.go index 94f41d2f0f..77c8f0500f 100644 --- a/builtin/credential/okta/cli.go +++ b/builtin/credential/okta/cli.go @@ -53,18 +53,18 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro // Help method for okta cli func (h *CLIHandler) Help() string { help := ` -Usage: vault auth -method=okta [CONFIG K=V...] +Usage: vault login -method=okta [CONFIG K=V...] - The OKTA authentication provider allows users to authenticate using OKTA. + The OKTA authentication method allows users to authenticate using OKTA. Authenticate as "sally": - $ vault auth -method=okta username=sally + $ vault login -method=okta username=sally Password (will be hidden): Authenticate as "bob": - $ vault auth -method=okta username=bob password=password + $ vault login -method=okta username=bob password=password Configuration: @@ -74,7 +74,7 @@ Configuration: username= OKTA username to use for authentication. - ` +` return strings.TrimSpace(help) } diff --git a/builtin/credential/token/cli.go b/builtin/credential/token/cli.go index 5af0101dd8..b2252d6b7c 100644 --- a/builtin/credential/token/cli.go +++ b/builtin/credential/token/cli.go @@ -63,15 +63,15 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro func (h *CLIHandler) Help() string { help := ` -Usage: vault auth TOKEN [CONFIG K=V...] +Usage: vault login TOKEN [CONFIG K=V...] - The token authentication provider allows logging in directly with a token. - This can be a token from the "token-create" command or API. There are no - configuration options for this authentication provider. + The token authentication method allows logging in directly with a token. This + can be a token from the "token-create" command or API. There are no + configuration options for this authentication method. Authenticate using a token: - $ vault auth 96ddf4bc-d217-f3ba-f9bd-017055595017 + $ vault login 96ddf4bc-d217-f3ba-f9bd-017055595017 This token usually comes from a different source such as the API or via the built-in "vault token-create" command. @@ -80,8 +80,7 @@ Configuration: token= The token to use for authentication. This is usually provided directly - via the "vault auth" command. - + via the "vault login" command. ` return strings.TrimSpace(help) diff --git a/builtin/credential/userpass/cli.go b/builtin/credential/userpass/cli.go index f4b79d1496..93b12879c6 100644 --- a/builtin/credential/userpass/cli.go +++ b/builtin/credential/userpass/cli.go @@ -66,24 +66,24 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro func (h *CLIHandler) Help() string { help := ` -Usage: vault auth -method=userpass [CONFIG K=V...] +Usage: vault login -method=userpass [CONFIG K=V...] - The userpass authentication provider allows users to authenticate using - Vault's internal user database. + The userpass authentication method allows users to authenticate using Vault's + internal user database. If MFA is enabled, a "method" and/or "passcode" may be required depending on - the MFA provider. To check which MFA is in use, run: + the MFA method. To check which MFA is in use, run: $ vault read auth//mfa_config Authenticate as "sally": - $ vault auth -method=userpass username=sally + $ vault login -method=userpass username=sally Password (will be hidden): Authenticate as "bob": - $ vault auth -method=userpass username=bob password=password + $ vault login -method=userpass username=bob password=password Configuration: @@ -94,12 +94,11 @@ Configuration: MFA OTP/passcode. password= - Password to use for authentication. If not provided, the CLI will - prompt for this on stdin. + Password to use for authentication. If not provided, the CLI will prompt + for this on stdin. username= Username to use for authentication. - ` return strings.TrimSpace(help)