Core: CLI Doc improvements to example read / write. (#19064)

* Core: CLI Doc imporvements to example read / write. Resolves #16788 * Core: CLI Doc imporvements to example read / write. Resolves #16788. Updated Changelog filename. * Core: CLI Doc imporvements to example read / write. Resolves #16788. Updated Changelog.. * Updated read example to use token lookup instead.
hashicorp · Aug 9, 2024 · 88975a6 · 88975a6
1 parent 7509ef1
commit 88975a6
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/changelog/19064.txt b/changelog/19064.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+core/cli: Example 'help' pages for vault read / write docs improved.
+```
diff --git a/command/read.go b/command/read.go
@@ -36,9 +36,17 @@ Usage: vault read [options] PATH
   Reads data from Vault at the given path. This can be used to read secrets,
   generate dynamic credentials, get configuration details, and more.
 
-  Read a secret from the static secrets engine:
+  Read details of your own token:
 
-      $ vault read secret/my-secret
+      $ vault read auth/token/lookup-self
+
+  Read entity details of a given ID:
+
+      $ vault read identity/entity/id/2f09126d-d161-abb8-2241-555886491d97
+
+  Generate credentials for my-role in an AWS secrets engine:
+
+      $ vault read aws/creds/my-role
 
   For a full list of examples and paths, please see the documentation that
   corresponds to the secrets engine in use.

diff --git a/command/write.go b/command/write.go
@@ -51,13 +51,15 @@ Usage: vault write [options] PATH [DATA K=V...]
   it is loaded from a file. If the value is "-", Vault will read the value from
   stdin.
 
-  Persist data in the generic secrets engine:
+  Store an arbitrary secret in the token's cubbyhole.
 
-      $ vault write secret/my-secret foo=bar
+      $ vault write cubbyhole/git-credentials username="student01" password="p@$$w0rd"
 
   Create a new encryption key in the transit secrets engine:
 
-      $ vault write -f transit/keys/my-key
+      $ vault write -force transit/keys/my-key
+
+  The -force / -f flag allows a write operation without any input data.
 
   Upload an AWS IAM policy from a file on disk:
 
@@ -67,6 +69,10 @@ Usage: vault write [options] PATH [DATA K=V...]
 
       $ echo $MY_TOKEN | vault write consul/config/access token=-
 
+  Create a token
+
+      $ vault write auth/token/create policies="admin" policies="secops" ttl=8h num_uses=3
+
   For a full list of examples and paths, please see the documentation that
   corresponds to the secret engines in use.