backport of commit ba013912b1 (#19396)

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

command/commands.go

@@ -704,6 +704,11 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
 				BaseCommand: getBaseCommand(),
 			}, nil
 		},
+		"transit": func() (cli.Command, error) {
+			return &TransitCommand{
+				BaseCommand: getBaseCommand(),
+			}, nil
+		},
 		"transit import": func() (cli.Command, error) {
 			return &TransitImportCommand{
 				BaseCommand: getBaseCommand(),

command/pki.go

@@ -13,7 +13,7 @@ type PKICommand struct {
 }
 
 func (c *PKICommand) Synopsis() string {
-	return "Interact with Vault's Key-Value storage"
+	return "Interact with Vault's PKI Secrets Engine"
 }
 
 func (c *PKICommand) Help() string {

command/transit.go

@@ -0,0 +1,39 @@
+package command
+
+import (
+	"strings"
+
+	"github.com/mitchellh/cli"
+)
+
+var _ cli.Command = (*TransitCommand)(nil)
+
+type TransitCommand struct {
+	*BaseCommand
+}
+
+func (c *TransitCommand) Synopsis() string {
+	return "Interact with Vault's Transit Secrets Engine"
+}
+
+func (c *TransitCommand) Help() string {
+	helpText := `
+Usage: vault transit <subcommand> [options] [args]
+
+  This command has subcommands for interacting with Vault's Transit Secrets
+  Engine. Here are some simple examples, and more detailed examples are
+  available in the subcommands or the documentation.
+
+  To import a key into the specified Transit or Transform mount:
+
+  $ vault transit import transit/keys/newly-imported @path/to/key type=rsa-2048
+
+  Please see the individual subcommand help for detailed usage information.
+`
+
+	return strings.TrimSpace(helpText)
+}
+
+func (c *TransitCommand) Run(args []string) int {
+	return cli.RunResultHelp
+}

command/transit_import_key.go

@@ -42,10 +42,11 @@ Usage: vault transit import PATH KEY [options...]
   the base64 encoded KEY (either directly on the CLI or via @path notation),
   into a new key whose API path is PATH.  To import a new version into an
   existing key, use import_version.  The remaining options after KEY (key=value
-  style) are passed on to the transit/transform create key endpoint.  If your
+  style) are passed on to the Transit or Transform create key endpoint.  If your
   system or device natively supports the RSA AES key wrap mechanism (such as
   the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it directly
   rather than this command.
+
 ` + c.Flags().Help()
 
 	return strings.TrimSpace(helpText)

command/transit_import_key_version.go

@@ -26,12 +26,13 @@ Usage: vault transit import-version PATH KEY [...]
 
   Using the Transit or Transform key wrapping system, imports key material from
   the base64 encoded KEY (either directly on the CLI or via @path notation),
-  into a new key whose API path is PATH.  To import a new transit/transform
+  into a new key whose API path is PATH.  To import a new Transit or Transform
   key, use the import command instead.  The remaining options after KEY
-  (key=value style) are passed on to the transit/transform create key endpoint.
+  (key=value style) are passed on to the Transit or Transform create key endpoint.
   If your system or device natively supports the RSA AES key wrap mechanism
   (such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it
   directly rather than this command.
+
 ` + c.Flags().Help()
 
 	return strings.TrimSpace(helpText)