upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-09 08:55:13 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

website: lots more docs

Browse source
This commit is contained in:
Mitchell Hashimoto 2015-04-09 22:52:02 -07:00
parent 13915c2d3e
commit 3603ef94cd
7 changed files with 240 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
website/source/docs/commands/apply.html.markdown
View file

@ -1,53 +0,0 @@
---
layout: "docs"
page_title: "Command: apply"
sidebar_current: "docs-commands-apply"
description: |-
The `vault apply` command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a `vault plan` execution plan.
---
# Command: apply
The `vault apply` command is used to apply the changes required
to reach the desired state of the configuration, or the pre-determined
set of actions generated by a `vault plan` execution plan.
## Usage
Usage: `vault apply [options] [dir]`
By default, `apply` scans the current directory for the configuration
and applies the changes appropriately. However, a path to another configuration
or an execution plan can be provided. Execution plans can be used to only
execute a pre-determined set of actions.
The `dir` argument can also be a [module source](/docs/modules/index.html).
In this case, `apply` behaves as though `init` were called with that
argument followed by an `apply` in the current directory. This is meant
as a shortcut for getting started.
The command-line flags are all optional. The list of available flags are:
* `-backup=path` - Path to the backup file. Defaults to `-state-out` with
the ".backup" extension. Disabled by setting to "-".
* `-input=true` - Ask for input for variables if not directly set.
* `-no-color` - Disables output with coloring.
* `-refresh=true` - Update the state for each resource prior to planning
and applying. This has no effect if a plan file is given directly to
apply.
* `-state=path` - Path to the state file. Defaults to "vault.tfstate".
* `-state-out=path` - Path to write updated state file. By default, the
`-state` path will be used.
* `-var 'foo=bar'` - Set a variable in the Vault configuration. This
flag can be set multiple times.
* `-var-file=foo` - Set variables in the Vault configuration from
a file. If "vault.tfvars" is present, it will be automatically
loaded if this flag is not specified.

23
website/source/docs/commands/destroy.html.markdown
View file

@ -1,23 +0,0 @@
---
layout: "docs"
page_title: "Command: destroy"
sidebar_current: "docs-commands-destroy"
description: |-
The `vault destroy` command is used to destroy the Vault-managed infrastructure.
---
# Command: destroy
The `vault destroy` command is used to destroy the Vault-managed
infrastructure.
## Usage
Usage: `vault destroy [options] [dir]`
Infrastructure managed by Vault will be destroyed. This will ask for
confirmation before destroying.
This command accepts all the flags that the
[apply command](/docs/commands/apply.html) accepts. If `-force` is
set, then the destroy confirmation will not be shown.

28
website/source/docs/commands/get.html.markdown
View file

@ -1,28 +0,0 @@
---
layout: "docs"
page_title: "Command: get"
sidebar_current: "docs-commands-get"
description: |-
The `vault get` command is used to download and update modules.
---
# Command: get
The `vault get` command is used to download and update
[modules](/docs/modules/index.html).
## Usage
Usage: `vault get [options] [dir]`
The modules are downloaded into a local `.vault` folder. This
folder should not be committed to version control.
If a module is already downloaded and the `-update` flag is _not_ set,
Vault will do nothing. As a result, it is safe (and fast) to run this
command multiple times.
The command-line flags are all optional. The list of available flags are:
* `-update` - If specified, modules that are already downloaded will be
checked for updates and the updates will be downloaded if present.

22
website/source/docs/commands/index.html.md Normal file
View file

@ -0,0 +1,22 @@
---
layout: "docs"
page_title: "Commands (CLI)"
sidebar_current: "docs-commands"
description: |-
Vault can be controlled via a command-line interface. This page documents all the commands Vault accepts.
---
# Vault Commands (CLI)
Vault is controlled via a very easy to use command-line interface (CLI).
Vault is only a single command-line application: `vault`. This application
then takes a subcommand such as "read" or "write". The complete list of
subcommands is in the navigation to the left.
The Vault CLI is a well-behaved command line application. In erroneous cases,
a non-zero exit status will be returned. It also responds to `-h` and `--help`
as you'd most likely expect.
To view a list of the available commands at any time, just run Vault
with no arguments. To get help for any specific subcommand, run the subcommand
with the `-h` argument.

98
website/source/docs/http/index.html.md Normal file
View file

@ -0,0 +1,98 @@
---
layout: "http"
page_title: "HTTP API"
sidebar_current: "docs-http"
description: |-
Vault has an HTTP API that can be used to control every aspect of Vault.
---
# HTTP API
The Vault HTTP API gives you full access to Vault via HTTP. Every
aspect of Vault can be controlled via this API. The Vault CLI uses
the HTTP API to access Vault.
## Version Prefix
All API routes are prefixed with `/v1/`.
This documentation is only for the v1 API.
~> **Backwards compatibility:** At the current version, Vault does
not yet promise backwards compatibility even with the v1 prefix. We'll
remove this warning when this policy changes. We expect we'll reach API
stability by Vault 0.3.
## Transport
The API is expected to be accessed over a TLS connection at
all times, with a valid certificate that is verified by a well
behaved client. It is possible to disable TLS verification for
listeners, however, so API clients should expect to have to do both
depending on user settings.
## Authentication
Once the Vault is unsealed, every other operation requires
a _client token_. A user may have a client token explicitly.
The client token must be sent as the `token` cookie.
Otherwise, a client token can be retrieved via
[authentication backends](#).
Each authentication backend will have one or more unauthenticated
login endpoints. These endpoints can be reached without any authentication,
and are used for authentication itself. These endpoints are specific
to each authentication backend.
Login endpoints for authentication backends that generate an identity
will be sent down with a `Set-Cookie` header. If you are using a
well-behaved HTTP client, then authentication information will
automatically be saved and sent to the Vault API.
## Help
To retrieve the help for any API within Vault, including mounted
backends, credential providers, etc. then append `?help=1` to any
URL. If you have valid permission to access the path, then the help text
will be returned with the following structure:
{
"help": "help text"
}
## Error Response
A common JSON structure is always returned to return errors:
{
"errors": [
"message",
"another message"
]
}
This structure will be sent down for any HTTP status greater than
or equal to 400.
## HTTP Status Codes
The following HTTP status codes are used throughout the API.
- `200` - Success with data.
- `204` - Success, no data returned.
- `400` - Invalid request, missing or invalid data. See the
"validation" section for more details on the error response.
- `401` - Unauthorized, your authentication details are either
incorrect or you don't have access to this feature.
- `404` - Invalid path. This can both mean that the path truly
doesn't exist or that you don't have permission to view a
specific path. We use 404 in some cases to avoid state leakage.
- `429` - Rate limit exceeded. Try again after waiting some period
of time.
- `500` - Internal server error. An internal error has occurred,
try again later. If the error persists, report a bug.
- `503` - Vault is down for maintenance or is currently sealed.
Try again later.

57
website/source/layouts/docs.erb
View file

@ -22,48 +22,25 @@
<li<%= sidebar_current("docs-commands") %>>
<a href="/docs/commands/index.html">Commands (CLI)</a>
<ul class="nav">
<li<%= sidebar_current("docs-commands-apply") %>>
<a href="/docs/commands/apply.html">apply</a>
<li<%= sidebar_current("docs-commands-read") %>>
<a href="/docs/commands/read.html">read</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-http") %>>
<a href="/docs/http/index.html">HTTP API</a>
</li>
<li<%= sidebar_current("docs-secrets") %>>
<a href="/docs/secrets/index.html">Secret Backends</a>
<ul class="nav">
<li<%= sidebar_current("docs-secrets-aws") %>>
<a href="/docs/secrets/aws/index.html">AWS</a>
</li>
<li<%= sidebar_current("docs-commands-destroy") %>>
<a href="/docs/commands/destroy.html">destroy</a>
</li>
<li<%= sidebar_current("docs-commands-get") %>>
<a href="/docs/commands/get.html">get</a>
</li>
<li<%= sidebar_current("docs-commands-graph") %>>
<a href="/docs/commands/graph.html">graph</a>
</li>
<li<%= sidebar_current("docs-commands-init") %>>
<a href="/docs/commands/init.html">init</a>
</li>
<li<%= sidebar_current("docs-commands-output") %>>
<a href="/docs/commands/output.html">output</a>
</li>
<li<%= sidebar_current("docs-commands-plan") %>>
<a href="/docs/commands/plan.html">plan</a>
</li>
<li<%= sidebar_current("docs-commands-refresh") %>>
<a href="/docs/commands/refresh.html">refresh</a>
</li>
<li<%= sidebar_current("docs-commands-remote") %>>
<a href="/docs/commands/remote.html">remote</a>
</li>
<li<%= sidebar_current("docs-commands-show") %>>
<a href="/docs/commands/show.html">show</a>
</li>
<li<%= sidebar_current("docs-commands-taint") %>>
<a href="/docs/commands/taint.html">taint</a>
<li<%= sidebar_current("docs-secrets-consul") %>>
<a href="/docs/secrets/consul/index.html">Consul</a>
</li>
</ul>
</li>

103
website/source/layouts/http.erb Normal file
View file

@ -0,0 +1,103 @@
<% wrap_layout :inner do %>
<% content_for :sidebar do %>
<div class="docs-sidebar hidden-print affix-top" role="complementary">
<ul class="nav docs-sidenav">
<li<%= sidebar_current("docs-home") %>>
<a href="/docs/index.html">Documentation Home</a>
</li>
<hr>
<li<%= sidebar_current("docs-http") %>>
<a href="/docs/http/index.html">Overview</a>
</li>
<li<%= sidebar_current("docs-http-sys-init") %>>
<a href="#">Initialization</a>
<ul class="nav nav-visible">
<li<%= sidebar_current("docs-http-sys-init") %>>
<a href="/docs/http/sys-init.html">/sys/init</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-http-seal") %>>
<a href="#">Seal/Unseal</a>
<ul class="nav nav-visible">
<li<%= sidebar_current("docs-http-seal-status") %>>
<a href="/docs/http/sys-seal-status.html">/sys/seal-status</a>
</li>
<li<%= sidebar_current("docs-http-seal-seal") %>>
<a href="/docs/http/sys-seal">/sys/seal</a>
</li>
<li<%= sidebar_current("docs-http-seal-unseal") %>>
<a href="/docs/http/sys-unseal.html">/sys/unseal</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-http-mounts") %>>
<a href="#">Secret Mounts</a>
<ul class="nav nav-visible">
<li<%= sidebar_current("docs-http-mounts-mounts") %>>
<a href="/docs/http/sys-mounts.html">/sys/mounts</a>
</li>
<li<%= sidebar_current("docs-http-mounts-remount") %>>
<a href="/docs/http/sys-remount.html">/sys/remount</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-http-auth") %>>
<a href="#">Auth & ACLs</a>
<ul class="nav nav-visible">
<li<%= sidebar_current("docs-http-auth-auth") %>>
<a href="/docs/http/sys-auth.html">/sys/auth</a>
</li>
<li<%= sidebar_current("docs-http-auth-policy") %>>
<a href="/docs/http/sys-policy.html">/sys/policy</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-http-audits") %>>
<a href="#">Audit Backends</a>
<ul class="nav nav-visible">
<li<%= sidebar_current("docs-http-audits-audits") %>>
<a href="/docs/http/sys-audit.html">/sys/audit</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-http-lease") %>>
<a href="#">Leases</a>
<ul class="nav nav-visible">
<li<%= sidebar_current("docs-http-lease-renew") %>>
<a href="/docs/http/sys-renew.html">/sys/renew</a>
</li>
<li<%= sidebar_current("docs-http-lease-revoke") %>>
<a href="/docs/http/sys-revoke.html">/sys/revoke</a>
</li>
</ul>
</li>
<hr>
<li<%= sidebar_current("docs-http-secret") %>>
<a href="#">Secret Backends</a>
</li>
<li<%= sidebar_current("docs-http-authbackends") %>>
<a href="#">Auth Backends</a>
</li>
</ul>
</div>
<% end %>
<%= yield %>
<% end %>