backport of commit ba013912b1 (#19396)

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2025-10-30 02:02:43 +00:00 · 2023-02-28 10:12:36 -05:00
parent 1240c8c78e
commit b3dc15fe74
5 changed files with 50 additions and 4 deletions
--- a/command/commands.go
+++ b/command/commands.go
@@ -704,6 +704,11 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
 				BaseCommand: getBaseCommand(),
 			}, nil
 		},
+		"transit": func() (cli.Command, error) {
+			return &TransitCommand{
+				BaseCommand: getBaseCommand(),
+			}, nil
+		},
 		"transit import": func() (cli.Command, error) {
 			return &TransitImportCommand{
 				BaseCommand: getBaseCommand(),
--- a/command/pki.go
+++ b/command/pki.go
@@ -13,7 +13,7 @@ type PKICommand struct {
 }

 func (c *PKICommand) Synopsis() string {
-	return "Interact with Vault's Key-Value storage"
+	return "Interact with Vault's PKI Secrets Engine"
 }

 func (c *PKICommand) Help() string {
--- a/command/transit.go
+++ b/command/transit.go
@@ -0,0 +1,39 @@
+package command
+
+import (
+	"strings"
+
+	"github.com/mitchellh/cli"
+)
+
+var _ cli.Command = (*TransitCommand)(nil)
+
+type TransitCommand struct {
+	*BaseCommand
+}
+
+func (c *TransitCommand) Synopsis() string {
+	return "Interact with Vault's Transit Secrets Engine"
+}
+
+func (c *TransitCommand) Help() string {
+	helpText := `
+Usage: vault transit <subcommand> [options] [args]
+
+  This command has subcommands for interacting with Vault's Transit Secrets
+  Engine. Here are some simple examples, and more detailed examples are
+  available in the subcommands or the documentation.
+
+  To import a key into the specified Transit or Transform mount:
+
+  $ vault transit import transit/keys/newly-imported @path/to/key type=rsa-2048
+
+  Please see the individual subcommand help for detailed usage information.
+`
+
+	return strings.TrimSpace(helpText)
+}
+
+func (c *TransitCommand) Run(args []string) int {
+	return cli.RunResultHelp
+}
--- a/command/transit_import_key.go
+++ b/command/transit_import_key.go
@@ -42,10 +42,11 @@ Usage: vault transit import PATH KEY [options...]
  the base64 encoded KEY (either directly on the CLI or via @path notation),
  into a new key whose API path is PATH.  To import a new version into an
  existing key, use import_version.  The remaining options after KEY (key=value
-  style) are passed on to the transit/transform create key endpoint.  If your
+  style) are passed on to the Transit or Transform create key endpoint.  If your
  system or device natively supports the RSA AES key wrap mechanism (such as
  the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it directly
  rather than this command.
+
 ` + c.Flags().Help()

 	return strings.TrimSpace(helpText)
--- a/command/transit_import_key_version.go
+++ b/command/transit_import_key_version.go
@@ -26,12 +26,13 @@ Usage: vault transit import-version PATH KEY [...]

  Using the Transit or Transform key wrapping system, imports key material from
  the base64 encoded KEY (either directly on the CLI or via @path notation),
-  into a new key whose API path is PATH.  To import a new transit/transform
+  into a new key whose API path is PATH.  To import a new Transit or Transform
  key, use the import command instead.  The remaining options after KEY
-  (key=value style) are passed on to the transit/transform create key endpoint.
+  (key=value style) are passed on to the Transit or Transform create key endpoint.
  If your system or device natively supports the RSA AES key wrap mechanism
  (such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it
  directly rather than this command.
+
 ` + c.Flags().Help()

 	return strings.TrimSpace(helpText)