Update example code links, remove unneeded comments (#13491)

README.md

@@ -59,7 +59,7 @@ check out our [Getting Started guides](https://learn.hashicorp.com/collections/v
 on HashiCorp's learning platform. There are also [additional guides](https://learn.hashicorp.com/vault)
 to continue your learning.
 
-For examples of how to interact with Vault from inside your application in different programming languages, see the [vault-examples](https://github.com/hashicorp/vault-examples) repo.
+For examples of how to interact with Vault from inside your application in different programming languages, see the [vault-examples](https://github.com/hashicorp/vault-examples) repo. An out-of-the-box [sample application](https://github.com/hashicorp/hello-vault-go) is also available.
 
 Show off your Vault knowledge by passing a certification exam. Visit the
 [certification page](https://www.hashicorp.com/certification/#hashicorp-certified-vault-associate)

api/README.md

@@ -3,6 +3,6 @@ Vault API
 
 This provides the `github.com/hashicorp/vault/api` package which contains code useful for interacting with a Vault server.
 
-For examples of how to use this module, see the [vault-examples](https://github.com/hashicorp/vault-examples/tree/main/go) repo.
+For examples of how to use this module, see the [vault-examples](https://github.com/hashicorp/vault-examples) repo.
 
 [![GoDoc](https://godoc.org/github.com/hashicorp/vault/api?status.png)](https://godoc.org/github.com/hashicorp/vault/api)

website/content/api-docs/libraries.mdx

@@ -25,7 +25,7 @@ These libraries are officially maintained by HashiCorp.
 $ go get github.com/hashicorp/vault/api
 ```
 
-[Code samples](https://github.com/hashicorp/vault-examples/tree/main/go)
+[Example application](https://github.com/hashicorp/hello-vault-go)
 
 ### Ruby
 
@@ -56,8 +56,6 @@ $ pip install ansible-modules-hashivault
 $ Install-Package VaultSharp
 ```
 
-[Code samples](https://github.com/hashicorp/vault-examples/tree/main/dotnet/Examples)
-
 - [Vault.NET](https://github.com/Chatham/Vault.NET)
 
 ```shell-session

website/content/docs/auth/approle.mdx

@@ -264,9 +264,7 @@ import (
 	auth "github.com/hashicorp/vault/api/auth/approle"
 )
 
-// Fetches a key-value secret (kv-v2) after authenticating via AppRole,
+// Fetches a key-value secret (kv-v2) after authenticating via AppRole.
-// an auth method used by machines that are unable to use platform-based
-// authentication mechanisms like AWS Auth, Kubernetes Auth, etc.
 func getSecretWithAppRole() (string, error) {
 	config := vault.DefaultConfig() // modify for more granular configuration
 

website/content/docs/auth/aws.mdx

@@ -765,13 +765,6 @@ import (
 
 // Fetches a key-value secret (kv-v2) after authenticating to Vault via AWS IAM,
 // one of two auth methods used to authenticate with AWS (the other is EC2 auth).
-// A role must first be created in Vault bound to the IAM ARN you wish to
-// authenticate with, like so:
-// 	vault write auth/aws/role/dev-role-iam \
-//     auth_type=iam \
-//     bound_iam_principal_arn="arn:aws:iam::AWS-ACCOUNT-NUMBER:role/AWS-IAM-ROLE-NAME" \
-//     ttl=24h
-// Learn more about the available parameters at https://www.vaultproject.io/api/auth/aws#parameters-10
 func getSecretWithAWSAuthIAM() (string, error) {
 	config := vault.DefaultConfig() // modify for more granular configuration
 
@@ -845,12 +838,6 @@ namespace Examples
         /// <summary> 
         /// Fetches a key-value secret (kv-v2) after authenticating to Vault via AWS IAM,
         /// one of two auth methods used to authenticate with AWS (the other is EC2 auth).
-        /// A role must first be created in Vault bound to the IAM ARN you wish to authenticate with, like so:
-        /// 	vault write auth/aws/role/dev-role-iam \
-        ///     auth_type=iam \
-        ///     bound_iam_principal_arn="arn:aws:iam::AWS-ACCOUNT-NUMBER:role/AWS-IAM-ROLE-NAME" \
-        ///     ttl=24h
-        ///  Learn more about the available parameters at https://www.vaultproject.io/api/auth/aws#parameters-10
         /// </summary>
         public string GetSecretAWSAuthIAM()
         {
@@ -860,10 +847,10 @@ namespace Examples
                 throw new System.ArgumentNullException("Vault Address");
             }
 
-            var roleName = Environment.GetEnvironmentVariable("AWS_ROLE_NAME");
+            var roleName = Environment.GetEnvironmentVariable("VAULT_ROLE");
             if(String.IsNullOrEmpty(roleName))
             {
-                throw new System.ArgumentNullException("AWS Role Name");
+                throw new System.ArgumentNullException("Vault Role Name");
             }
 
             var amazonSecurityTokenServiceConfig = new AmazonSecurityTokenServiceConfig();

website/content/docs/auth/azure.mdx

@@ -230,14 +230,6 @@ import (
 
 // Fetches a key-value secret (kv-v2) after authenticating to Vault via Azure authentication.
 // This example assumes you have a configured Azure AD Application.
-// Learn more about Azure authentication prerequisites: https://www.vaultproject.io/docs/auth/azure
-//
-// A role must first be created in Vault bound to the resource groups and subscription ids:
-// 	vault write auth/azure/role/dev-role \
-//     policies="dev-policy"
-//     bound_subscription_ids=$AZURE_SUBSCRIPTION_ID \
-//     bound_resource_groups=test-rg \
-//     ttl=24h
 func getSecretWithAzureAuth() (string, error) {
 	config := vault.DefaultConfig() // modify for more granular configuration
 
@@ -282,6 +274,7 @@ func getSecretWithAzureAuth() (string, error) {
 
 	return value, nil
 }
+
 ```
 </CodeBlockConfig>
 
@@ -317,14 +310,6 @@ namespace Examples
         /// <summary> 
         /// Fetches a key-value secret (kv-v2) after authenticating to Vault via Azure authentication.
         /// This example assumes you have a configured Azure AD Application.
-        /// Learn more about Azure authentication prerequisites: https://www.vaultproject.io/docs/auth/azure
-        ///
-        /// A role must first be created in Vault bound to the resource groups and subscription ids:
-        /// 	vault write auth/azure/role/dev-role \
-        ///     policies="dev-policy"
-        ///     bound_subscription_ids=$AZURE_SUBSCRIPTION_ID \
-        ///     bound_resource_groups=test-rg \
-        ///     ttl=24h
         /// </summary>
         public string GetSecretWithAzureAuth()
         {

website/content/docs/auth/gcp.mdx

@@ -388,17 +388,6 @@ import (
 // Fetches a key-value secret (kv-v2) after authenticating to Vault
 // via GCP IAM, one of two auth methods used to authenticate with
 // GCP (the other is GCE auth).
-//
-// A role must first be created in Vault bound to the IAM user's service
-// account you wish to authenticate with, like so:
-// 	vault write auth/gcp/role/dev-role-iam \
-//     	type="iam" \
-//     	policies="dev-policy" \
-//     	bound_service_accounts="my-service@my-project.iam.gserviceaccount.com"
-// Your Vault instance must also be configured with GCP credentials to
-// perform API calls to IAM, like so:
-// 	vault write auth/gcp/config credentials=@path/to/server/creds.json
-// Learn more at https://www.vaultproject.io/docs/auth/gcp
 func getSecretWithGCPAuthIAM() (string, error) {
 	config := vault.DefaultConfig() // modify for more granular configuration
 
@@ -457,6 +446,7 @@ func getSecretWithGCPAuthIAM() (string, error) {
 
 	return value, nil
 }
+
 ```
 
 </CodeBlockConfig>
@@ -486,14 +476,6 @@ namespace Examples
         /// <summary>
         /// Fetches a key-value secret (kv-v2) after authenticating to Vault via GCP IAM,
         /// one of two auth methods used to authenticate with GCP (the other is GCE auth).
-        ///
-        /// A role must first be created in Vault bound to the IAM user's service account you wish to authenticate with, like so:
-        ///     	type="iam" \
-        ///     	policies="dev-policy" \
-        ///     	bound_service_accounts="my-service@my-project.iam.gserviceaccount.com"
-        /// Your Vault instance must also be configured with GCP credentials to perform API calls to IAM, like so:
-        ///     vault write auth/gcp/config credentials=@path/to/server/creds.json
-        /// Learn more at https://www.vaultproject.io/docs/auth/gcp
         /// </summary>
         public string GetSecretGcp()
         {
@@ -503,10 +485,10 @@ namespace Examples
                 throw new System.ArgumentNullException("Vault Address");
             }
 
-            var roleName = Environment.GetEnvironmentVariable("GCP_ROLE");
+            var roleName = Environment.GetEnvironmentVariable("VAULT_ROLE");
             if(String.IsNullOrEmpty(roleName))
             {
-                throw new System.ArgumentNullException("GCP Role Name");
+                throw new System.ArgumentNullException("Vault Role Name");
             }
 
             // Learn about authenticating to GCS with service account credentials at https://cloud.google.com/docs/authentication/production

website/content/docs/auth/kubernetes.mdx

@@ -322,10 +322,7 @@ import (
 )
 
 // Fetches a key-value secret (kv-v2) after authenticating to Vault with a Kubernetes service account.
-//
+// For a more in-depth setup explanation, please see the relevant readme in the hashicorp/vault-examples repo.
-// As the client, all we need to do is pass along the JWT token representing our application's Kubernetes Service Account in our login request to Vault.
-//
-// For a more in-depth setup explanation, please see the full version of this code in the hashicorp/vault-examples repo.
 func getSecretWithKubernetesAuth() (string, error) {
 	// If set, the VAULT_ADDR environment variable will be the address that
 	// your pod uses to communicate with Vault.
@@ -399,32 +396,7 @@ namespace Examples
         const string DefaultTokenPath = "path/to/service-account-token";
 
         // Fetches a key-value secret (kv-v2) after authenticating to Vault with a Kubernetes service account.
-        //
+        // For a more in-depth setup explanation, please see the relevant readme in the hashicorp/vault-examples repo.
-        // As the client, all we need to do is pass along the JWT token representing our application's Kubernetes Service Account in our login request to Vault.
-        // This token is automatically mounted to your application's container by Kubernetes. Read more at https://www.vaultproject.io/docs/auth/kubernetes
-        //
-        // SETUP NOTES: If an operator has not already set up Kubernetes auth in Vault for you, then you must also first configure the Vault server with its own Service Account token to be able to communicate with the Kubernetes API
-        // so it can verify that the client's service-account token is valid. The service account that will be performing that verification needs the ClusterRole system:auth-delegator.
-        //
-        //    export TOKEN_REVIEW_JWT=$(kubectl get secret $TOKEN_REVIEWER_SECRET --output='go-template={{ .data.token }}' | base64 --decode)
-        //    export KUBE_HOST=$(kubectl config view --raw --minify --flatten --output='jsonpath={.clusters[].cluster.server}')
-        //    kubectl config view --raw --minify --flatten --output='jsonpath={.clusters[].cluster.certificate-authority-data}' | base64 --decode > path/to/kube_ca_cert
-        //
-        //    vault write auth/kubernetes/config \
-        //  	token_reviewer_jwt=${TOKEN_REVIEW_JWT} \
-        //      kubernetes_host=${KUBE_HOST} \
-        //      kubernetes_ca_cert=@path/to/kube_ca_cert \
-        //      issuer="kubernetes/serviceaccount"
-        //
-        // The "issuer" field is normally only required when running Kubernetes 1.21 or above, and may differ from the default value above:
-        // https://www.vaultproject.io/docs/auth/kubernetes#discovering-the-service-account-issuer.
-        //
-        // Finally, make sure to create a role in Vault bound to your pod's service account:
-        //
-        // 	vault write auth/kubernetes/role/dev-role-k8s \
-        //     	policies="dev-policy" \
-        //     	bound_service_account_names="my-app" \
-        //		bound_service_account_namespaces="default"
         public string GetSecretWithK8s()
         {
             var vaultAddr = Environment.GetEnvironmentVariable("VAULT_ADDR");

website/content/docs/concepts/auth.mdx

@@ -115,7 +115,7 @@ leased token associated with your identity to renew it.
 
 The following code snippet demonstrates how to renew auth tokens.
 
-<CodeTabs heading="gcp auth example">
+<CodeTabs heading="token renewal example">
 
 <CodeBlockConfig lineNumbers>
 
@@ -188,6 +188,7 @@ func manageTokenLifecycle(client *vault.Client, token *vault.Secret) error {
 				log.Printf("Failed to renew token: %v. Re-attempting login.", err)
 				return nil
 			}
+			// This occurs once the token has reached max TTL.
 			log.Printf("Token can no longer be renewed. Re-attempting login.")
 			return nil
 
@@ -200,7 +201,7 @@ func manageTokenLifecycle(client *vault.Client, token *vault.Secret) error {
 
 func login(client *vault.Client) (*vault.Secret, error) {
 	// WARNING: A plaintext password like this is obviously insecure.
-	// See the files starting in auth-* for full examples of how to securely
+	// See the hashicorp/vault-examples repo for full examples of how to securely
 	// log in to Vault using various auth methods. This function is just
 	// demonstrating the basic idea that a *vault.Secret is returned by
 	// the login call.