Core: CLI Doc improvements to example read / write. (#19064)

* Core: CLI Doc imporvements to example read / write. Resolves #16788 * Core: CLI Doc imporvements to example read / write. Resolves #16788. Updated Changelog filename. * Core: CLI Doc imporvements to example read / write. Resolves #16788. Updated Changelog.. * Updated read example to use token lookup instead.
2025-10-29 17:52:32 +00:00 · 2024-08-09 17:48:21 +02:00
parent 7509ef169b
commit 88975a6c24
3 changed files with 22 additions and 5 deletions
--- a/changelog/19064.txt
+++ b/changelog/19064.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+core/cli: Example 'help' pages for vault read / write docs improved.
+```
--- a/command/read.go
+++ b/command/read.go
@@ -36,9 +36,17 @@ Usage: vault read [options] PATH
  Reads data from Vault at the given path. This can be used to read secrets,
  generate dynamic credentials, get configuration details, and more.

-  Read a secret from the static secrets engine:
+  Read details of your own token:

-      $ vault read secret/my-secret
+      $ vault read auth/token/lookup-self
+
+  Read entity details of a given ID:
+
+      $ vault read identity/entity/id/2f09126d-d161-abb8-2241-555886491d97
+
+  Generate credentials for my-role in an AWS secrets engine:
+
+      $ vault read aws/creds/my-role

  For a full list of examples and paths, please see the documentation that
  corresponds to the secrets engine in use.
--- a/command/write.go
+++ b/command/write.go
@@ -51,13 +51,15 @@ Usage: vault write [options] PATH [DATA K=V...]
  it is loaded from a file. If the value is "-", Vault will read the value from
  stdin.

-  Persist data in the generic secrets engine:
+  Store an arbitrary secret in the token's cubbyhole.

-      $ vault write secret/my-secret foo=bar
+      $ vault write cubbyhole/git-credentials username="student01" password="p@$$w0rd"

  Create a new encryption key in the transit secrets engine:

-      $ vault write -f transit/keys/my-key
+      $ vault write -force transit/keys/my-key
+
+  The -force / -f flag allows a write operation without any input data.

  Upload an AWS IAM policy from a file on disk:

@@ -67,6 +69,10 @@ Usage: vault write [options] PATH [DATA K=V...]

      $ echo $MY_TOKEN | vault write consul/config/access token=-

+  Create a token
+
+      $ vault write auth/token/create policies="admin" policies="secops" ttl=8h num_uses=3
+
  For a full list of examples and paths, please see the documentation that
  corresponds to the secret engines in use.