From de5db00b9e64a9e6ed2ed42378d311257acac2f9 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Tue, 28 Feb 2023 14:43:05 +0000 Subject: [PATCH] backport of commit ba013912b1b2fd75fd7776fecb5e5f0329cb21e4 --- command/commands.go | 5 ++++ command/pki.go | 2 +- command/transit.go | 39 +++++++++++++++++++++++++++ command/transit_import_key.go | 3 ++- command/transit_import_key_version.go | 5 ++-- 5 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 command/transit.go diff --git a/command/commands.go b/command/commands.go index f441c3ee1d05..21da8141bc54 100644 --- a/command/commands.go +++ b/command/commands.go @@ -704,6 +704,11 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co BaseCommand: getBaseCommand(), }, nil }, + "transit": func() (cli.Command, error) { + return &TransitCommand{ + BaseCommand: getBaseCommand(), + }, nil + }, "transit import": func() (cli.Command, error) { return &TransitImportCommand{ BaseCommand: getBaseCommand(), diff --git a/command/pki.go b/command/pki.go index 4212ee6f86ab..8ae5eae4a64e 100644 --- a/command/pki.go +++ b/command/pki.go @@ -13,7 +13,7 @@ type PKICommand struct { } func (c *PKICommand) Synopsis() string { - return "Interact with Vault's Key-Value storage" + return "Interact with Vault's PKI Secrets Engine" } func (c *PKICommand) Help() string { diff --git a/command/transit.go b/command/transit.go new file mode 100644 index 000000000000..9b4b3050161f --- /dev/null +++ b/command/transit.go @@ -0,0 +1,39 @@ +package command + +import ( + "strings" + + "github.com/mitchellh/cli" +) + +var _ cli.Command = (*TransitCommand)(nil) + +type TransitCommand struct { + *BaseCommand +} + +func (c *TransitCommand) Synopsis() string { + return "Interact with Vault's Transit Secrets Engine" +} + +func (c *TransitCommand) Help() string { + helpText := ` +Usage: vault transit [options] [args] + + This command has subcommands for interacting with Vault's Transit Secrets + Engine. Here are some simple examples, and more detailed examples are + available in the subcommands or the documentation. + + To import a key into the specified Transit or Transform mount: + + $ vault transit import transit/keys/newly-imported @path/to/key type=rsa-2048 + + Please see the individual subcommand help for detailed usage information. +` + + return strings.TrimSpace(helpText) +} + +func (c *TransitCommand) Run(args []string) int { + return cli.RunResultHelp +} diff --git a/command/transit_import_key.go b/command/transit_import_key.go index 7acc90f2243c..56e72f835f2b 100644 --- a/command/transit_import_key.go +++ b/command/transit_import_key.go @@ -42,10 +42,11 @@ Usage: vault transit import PATH KEY [options...] the base64 encoded KEY (either directly on the CLI or via @path notation), into a new key whose API path is PATH. To import a new version into an existing key, use import_version. The remaining options after KEY (key=value - style) are passed on to the transit/transform create key endpoint. If your + style) are passed on to the Transit or Transform create key endpoint. If your system or device natively supports the RSA AES key wrap mechanism (such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it directly rather than this command. + ` + c.Flags().Help() return strings.TrimSpace(helpText) diff --git a/command/transit_import_key_version.go b/command/transit_import_key_version.go index 7e5a5601997e..7b38f7dc7689 100644 --- a/command/transit_import_key_version.go +++ b/command/transit_import_key_version.go @@ -26,12 +26,13 @@ Usage: vault transit import-version PATH KEY [...] Using the Transit or Transform key wrapping system, imports key material from the base64 encoded KEY (either directly on the CLI or via @path notation), - into a new key whose API path is PATH. To import a new transit/transform + into a new key whose API path is PATH. To import a new Transit or Transform key, use the import command instead. The remaining options after KEY - (key=value style) are passed on to the transit/transform create key endpoint. + (key=value style) are passed on to the Transit or Transform create key endpoint. If your system or device natively supports the RSA AES key wrap mechanism (such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it directly rather than this command. + ` + c.Flags().Help() return strings.TrimSpace(helpText)