diff --git a/command/audit_disable.go b/command/audit_disable.go index 1d2dd91358..31c4457287 100644 --- a/command/audit_disable.go +++ b/command/audit_disable.go @@ -58,12 +58,12 @@ Usage: vault audit-disable [options] id Disable an audit backend. - Once the audit backend is disabled, no more audit logs will be sent to + Once the audit backend is disabled no more audit logs will be sent to it. The data associated with the audit backend isn't affected. - The "id" parameter should map to the id used with "audit-enable". If - no specific ID was specified, then it is the name of the backend (the - type of the backend). + The "id" parameter should map to the "path" used in "audit-enable". If + no path was provided to "audit-enable" you should use the backend + type (e.g. "file"). General Options: ` + meta.GeneralOptionsUsage() diff --git a/command/auth.go b/command/auth.go index 6ea2a0fe9c..2af8780f6c 100644 --- a/command/auth.go +++ b/command/auth.go @@ -312,7 +312,7 @@ func (c *AuthCommand) Help() string { helpText := ` Usage: vault auth [options] [auth-information] - Authenticate with Vault with the given token or via any supported + Authenticate with Vault using the given token or via any supported authentication backend. By default, the -method is assumed to be token. If not supplied via the @@ -399,7 +399,7 @@ func (h *tokenAuthHandler) Help() string { help := ` No method selected with the "-method" flag, so the "auth" command assumes you'll be using raw token authentication. For this, specify the token to -authenticate as as the parameter to "vault auth". Example: +authenticate as the parameter to "vault auth". Example: vault auth 123456 diff --git a/command/auth_disable.go b/command/auth_disable.go index 63ab21cbfb..621ce5907c 100644 --- a/command/auth_disable.go +++ b/command/auth_disable.go @@ -58,10 +58,10 @@ Usage: vault auth-disable [options] path Disable an already-enabled auth provider. - Once the auth provider is disabled, that path cannot be used anymore + Once the auth provider is disabled its path can no longer be used to authenticate. All access tokens generated via the disabled auth provider will be revoked. This command will block until all tokens are revoked. - If the command is exited early, the tokens will still be revoked. + If the command is exited early the tokens will still be revoked. General Options: ` + meta.GeneralOptionsUsage() diff --git a/command/auth_enable.go b/command/auth_enable.go index c7b8422ed3..81c7cce215 100644 --- a/command/auth_enable.go +++ b/command/auth_enable.go @@ -82,7 +82,7 @@ General Options: ` + meta.GeneralOptionsUsage() + ` Auth Enable Options: - -description= Human-friendly description of the purpose for the + -description= Human-friendly description of the purpose of the auth provider. This shows up in the auth -methods command. -path= Mount point for the auth provider. This defaults diff --git a/command/generate-root.go b/command/generate-root.go index 07c550096a..f01329426d 100644 --- a/command/generate-root.go +++ b/command/generate-root.go @@ -295,12 +295,12 @@ Usage: vault generate-root [options] [key] 'generate-root' is used to create a new root token. - Root generation can only be done when the Vault is already unsealed. The + Root generation can only be done when the vault is already unsealed. The operation is done online, but requires that a threshold of the current unseal keys be provided. - One (and only one) of the following must be provided at attempt - initialization time: + One (and only one) of the following must be provided when initializing the + root generation attempt: 1) A 16-byte, base64-encoded One Time Password (OTP) provided in the '-otp' flag; the token is XOR'd with this value before it is returned once the final diff --git a/command/init.go b/command/init.go index 4ed9e67879..4c638dc6eb 100644 --- a/command/init.go +++ b/command/init.go @@ -245,11 +245,11 @@ func (c *InitCommand) runInit(check bool, initRequest *api.InitRequest) int { c.Ui.Output(fmt.Sprintf( "\n"+ "Vault initialized with %d keys and a key threshold of %d. Please\n"+ - "securely distribute the above keys. When the Vault is re-sealed,\n"+ + "securely distribute the above keys. When the vault is re-sealed,\n"+ "restarted, or stopped, you must provide at least %d of these keys\n"+ "to unseal it again.\n\n"+ "Vault does not store the master key. Without at least %d keys,\n"+ - "your Vault will remain permanently sealed.", + "your vault will remain permanently sealed.", initRequest.SecretShares, initRequest.SecretThreshold, initRequest.SecretThreshold, @@ -301,10 +301,10 @@ Usage: vault init [options] Initialize a new Vault server. This command connects to a Vault server and initializes it for the - first time. This sets up the initial set of master keys and sets up the + first time. This sets up the initial set of master keys and the backend data store structure. - This command can't be called on an already-initialized Vault. + This command can't be called on an already-initialized Vault server. General Options: ` + meta.GeneralOptionsUsage() + ` diff --git a/command/list.go b/command/list.go index f3ddebdc9d..71bf388c90 100644 --- a/command/list.go +++ b/command/list.go @@ -28,7 +28,7 @@ func (c *ListCommand) Run(args []string) int { args = flags.Args() if len(args) != 1 || len(args[0]) == 0 { - c.Ui.Error("read expects one argument") + c.Ui.Error("list expects one argument") flags.Usage() return 1 } diff --git a/command/mount.go b/command/mount.go index e6267233f4..eb2b53a671 100644 --- a/command/mount.go +++ b/command/mount.go @@ -32,7 +32,7 @@ func (c *MountCommand) Run(args []string) int { if len(args) != 1 { flags.Usage() c.Ui.Error(fmt.Sprintf( - "\nMount expects one argument: the type to mount.")) + "\nmount expects one argument: the type to mount.")) return 1 } @@ -95,7 +95,7 @@ Mount Options: the mount. This shows up in the mounts command. -path= Mount point for the logical backend. This - defauls to the type of the mount. + defaults to the type of the mount. -default-lease-ttl= Default lease time-to-live for this backend. If not specified, uses the global default, or diff --git a/command/mount_tune.go b/command/mount_tune.go index c90fa781b2..e1efdd241d 100644 --- a/command/mount_tune.go +++ b/command/mount_tune.go @@ -28,7 +28,7 @@ func (c *MountTuneCommand) Run(args []string) int { if len(args) != 1 { flags.Usage() c.Ui.Error(fmt.Sprintf( - "\n'mount-tune' expects one arguments: the mount path")) + "\nmount-tune expects one arguments: the mount path")) return 1 } diff --git a/command/path_help.go b/command/path_help.go index 27d1313c5f..6eed9607d8 100644 --- a/command/path_help.go +++ b/command/path_help.go @@ -40,7 +40,7 @@ func (c *PathHelpCommand) Run(args []string) int { if strings.Contains(err.Error(), "Vault is sealed") { c.Ui.Error(`Error: Vault is sealed. -The path-help command requires the Vault to be unsealed so that +The path-help command requires the vault to be unsealed so that mount points of secret backends are known.`) } else { c.Ui.Error(fmt.Sprintf( @@ -67,7 +67,7 @@ Usage: vault path-help [options] path providers provide built-in help. This command looks up and outputs that help. - The command requires that the Vault be unsealed, because otherwise + The command requires that the vault be unsealed, because otherwise the mount points of the backends are unknown. General Options: diff --git a/command/rekey.go b/command/rekey.go index 90f4596f8c..16022be725 100644 --- a/command/rekey.go +++ b/command/rekey.go @@ -194,11 +194,11 @@ func (c *RekeyCommand) Run(args []string) int { c.Ui.Output(fmt.Sprintf( "\n"+ "Vault rekeyed with %d keys and a key threshold of %d. Please\n"+ - "securely distribute the above keys. When the Vault is re-sealed,\n"+ + "securely distribute the above keys. When the vault is re-sealed,\n"+ "restarted, or stopped, you must provide at least %d of these keys\n"+ "to unseal it again.\n\n"+ "Vault does not store the master key. Without at least %d keys,\n"+ - "your Vault will remain permanently sealed.", + "your vault will remain permanently sealed.", shares, threshold, threshold, @@ -361,7 +361,7 @@ Usage: vault rekey [options] [key] a new set of unseal keys or to change the number of shares and the required threshold. - Rekey can only be done when the Vault is already unsealed. The operation + Rekey can only be done when the vault is already unsealed. The operation is done online, but requires that a threshold of the current unseal keys be provided. diff --git a/command/remount.go b/command/remount.go index 47d591beea..649c47b0f2 100644 --- a/command/remount.go +++ b/command/remount.go @@ -24,7 +24,7 @@ func (c *RemountCommand) Run(args []string) int { if len(args) != 2 { flags.Usage() c.Ui.Error(fmt.Sprintf( - "\nRemount expects two arguments: the from and to path")) + "\nremount expects two arguments: the from and to path")) return 1 } @@ -62,8 +62,8 @@ Usage: vault remount [options] from to This command remounts a secret backend that is already mounted to a new path. All the secrets from the old path will be revoked, but - the Vault data associated with the backend will be preserved (such - as configuration data). + the Vault data associated with the backend (such as configuration) + will be preserved. Example: vault remount secret/ generic/ diff --git a/command/renew.go b/command/renew.go index 37b97943ae..6a3eafe52a 100644 --- a/command/renew.go +++ b/command/renew.go @@ -26,7 +26,7 @@ func (c *RenewCommand) Run(args []string) int { if len(args) < 1 || len(args) >= 3 { flags.Usage() c.Ui.Error(fmt.Sprintf( - "\nRenew expects at least one argument: the lease ID to renew")) + "\nrenew expects at least one argument: the lease ID to renew")) return 1 } diff --git a/command/revoke.go b/command/revoke.go index f5730d6b46..50933ada42 100644 --- a/command/revoke.go +++ b/command/revoke.go @@ -26,7 +26,7 @@ func (c *RevokeCommand) Run(args []string) int { if len(args) != 1 { flags.Usage() c.Ui.Error(fmt.Sprintf( - "\nRevoke expects one argument: the ID to revoke")) + "\nrevoke expects one argument: the ID to revoke")) return 1 } leaseId := args[0] diff --git a/command/seal.go b/command/seal.go index 10d69a0d73..033c164587 100644 --- a/command/seal.go +++ b/command/seal.go @@ -36,7 +36,7 @@ func (c *SealCommand) Run(args []string) int { } func (c *SealCommand) Synopsis() string { - return "Seals the vault server" + return "Seals the Vault server" } func (c *SealCommand) Help() string { @@ -47,8 +47,8 @@ Usage: vault seal [options] Sealing a vault tells the Vault server to stop responding to any access operations until it is unsealed again. A sealed vault throws away - its master key to unlock the data, so it physically is blocked from - responding to operations again until the Vault is unsealed again with + its master key to unlock the data, so it is physically blocked from + responding to operations again until the vault is unsealed with the "unseal" command or via the API. This command is idempotent, if the vault is already sealed it does nothing. diff --git a/command/server.go b/command/server.go index 6687b6b3be..3744a3637d 100644 --- a/command/server.go +++ b/command/server.go @@ -564,12 +564,12 @@ CLUSTER_SYNTHESIS_COMPLETE: core.SetClusterListenerAddrs(clusterAddrs) core.SetClusterSetupFuncs(vault.WrapHandlerForClustering(handler, c.logger)) - // If we're in dev mode, then initialize the core + // If we're in Dev mode, then initialize the core if dev { init, err := c.enableDev(core, devRootTokenID) if err != nil { c.Ui.Output(fmt.Sprintf( - "Error initializing dev mode: %s", err)) + "Error initializing Dev mode: %s", err)) return 1 } @@ -675,7 +675,7 @@ func (c *ServerCommand) enableDev(core *vault.Core, rootTokenID string) (*vault. return nil, err } if !unsealed { - return nil, fmt.Errorf("failed to unseal Vault for dev mode") + return nil, fmt.Errorf("failed to unseal Vault for Dev mode") } isLeader, _, err := core.Leader() @@ -974,7 +974,7 @@ Usage: vault server [options] with "vault unseal" or the API before this server can respond to requests. This must be done for every server. - If the server is being started against a storage backend that has + If the server is being started against a storage backend that is brand new (no existing Vault data in it), it must be initialized with "vault init" or the API first. diff --git a/command/ssh.go b/command/ssh.go index e27bdaf187..53ba653c38 100644 --- a/command/ssh.go +++ b/command/ssh.go @@ -278,15 +278,15 @@ func (c *SSHCommand) Help() string { helpText := ` Usage: vault ssh [options] username@ip - Establishes an SSH connection with the target machine. + Establishes a SSH connection with the target machine. - This command generates a key and uses it to establish an SSH + This command generates a key and uses it to establish a SSH connection with the target machine. This operation requires - that SSH backend is mounted and at least one 'role' be registed - with vault at priori. + that the SSH backend is mounted and at least one 'role' is + registered with Vault beforehand. For setting up SSH backends with one-time-passwords, installation - of agent in target machines is required. + of vault-ssh-helper on target machines is required. See [https://github.com/hashicorp/vault-ssh-agent] General Options: diff --git a/command/token_create.go b/command/token_create.go index 4c17b83718..f8d8c59265 100644 --- a/command/token_create.go +++ b/command/token_create.go @@ -120,7 +120,7 @@ General Options: Token Options: -id="7699125c-d8...." The token value that clients will use to authenticate - with vault. If not provided this defaults to a 36 + with Vault. If not provided this defaults to a 36 character UUID. A root token is required to specify the ID of a token. @@ -151,8 +151,8 @@ Token Options: up in the audit log. This can be specified multiple times. - -orphan If specified, the token will have no parent. Only - This prevents the new token from being revoked with + -orphan If specified, the token will have no parent. This + prevents the new token from being revoked with your token. Requires a root/sudo token to use. -no-default-policy If specified, the token will not have the "default" diff --git a/command/token_revoke.go b/command/token_revoke.go index de3252ce41..a308e63421 100644 --- a/command/token_revoke.go +++ b/command/token_revoke.go @@ -99,7 +99,7 @@ Usage: vault token-revoke [options] [token|accessor] Token can be revoked using the token accessor. This can be done by setting the '-accessor' flag. Note that when '-accessor' flag is set, '-mode' should not be set for 'orphan' or 'path'. This is because, - a token accessor always revokes the token along with it's child tokens. + a token accessor always revokes the token along with its child tokens. General Options: ` + meta.GeneralOptionsUsage() + ` diff --git a/command/unmount.go b/command/unmount.go index bf2f7d9d3e..b04e532a39 100644 --- a/command/unmount.go +++ b/command/unmount.go @@ -23,7 +23,7 @@ func (c *UnmountCommand) Run(args []string) int { if len(args) != 1 { flags.Usage() c.Ui.Error(fmt.Sprintf( - "\nUnmount expects one argument: the path to unmount")) + "\nunmount expects one argument: the path to unmount")) return 1 } diff --git a/command/unseal.go b/command/unseal.go index 722d6b0005..2dfb9476de 100644 --- a/command/unseal.go +++ b/command/unseal.go @@ -97,7 +97,7 @@ func (c *UnsealCommand) Run(args []string) int { } func (c *UnsealCommand) Synopsis() string { - return "Unseals the vault server" + return "Unseals the Vault server" } func (c *UnsealCommand) Help() string { @@ -105,7 +105,7 @@ func (c *UnsealCommand) Help() string { Usage: vault unseal [options] [key] Unseal the vault by entering a portion of the master key. Once all - portions are entered, the Vault will be unsealed. + portions are entered, the vault will be unsealed. Every Vault server initially starts as sealed. It cannot perform any operation except unsealing until it is sealed. Secrets cannot be accessed diff --git a/command/unwrap.go b/command/unwrap.go index 5194028be8..5a21920eb5 100644 --- a/command/unwrap.go +++ b/command/unwrap.go @@ -37,7 +37,7 @@ func (c *UnwrapCommand) Run(args []string) int { case 1: tokenID = args[0] default: - c.Ui.Error("Unwrap expects zero or one argument (the ID of the wrapping token)") + c.Ui.Error("unwrap expects zero or one argument (the ID of the wrapping token)") flags.Usage() return 1 }