From 262b0434dff133cde5ba4e7d1a95535052ba76c0 Mon Sep 17 00:00:00 2001 From: Kit Haines Date: Thu, 30 Mar 2023 07:31:48 -0400 Subject: [PATCH] Add PKI-CLI to docs (#19669) * Add pki-cli docs. * Tiny updates. * Whitespace fix, include description * Closing-tags. * Update website/content/docs/commands/pki/verify-sign.mdx Title Code as Shell Co-authored-by: Yoko Hyakuna * Update website/content/docs/commands/pki/reissue.mdx Title More Code as Shell Co-authored-by: Yoko Hyakuna * Update website/content/docs/commands/pki/list-intermediates.mdx Title code block as shell Co-authored-by: Yoko Hyakuna * Update website/content/docs/commands/pki/issue.mdx Title code-block as shell Co-authored-by: Yoko Hyakuna * Apply suggestions from code review Label Code-Blocks as Shell-Session Co-authored-by: Yoko Hyakuna * Apply suggestions from code review Comma and Period Changes. Co-authored-by: Alexander Scheel * Apply suggestions from code review ascheels highlighting-1 Co-authored-by: Alexander Scheel * Fix highlighting throughout. * Update website/content/docs/commands/pki/list-intermediates.mdx Co-authored-by: Alexander Scheel * Update website/content/docs/commands/pki/reissue.mdx Clarifying note on why unknown fields might be there. Co-authored-by: Alexander Scheel * Update website/content/docs/commands/pki/reissue.mdx cipherboy request Co-authored-by: Alexander Scheel * Add Key-ID RFC link. * k=v add link * correct link --------- Co-authored-by: Yoko Hyakuna Co-authored-by: Alexander Scheel --- website/content/docs/commands/pki/index.mdx | 64 ++++++++++++- website/content/docs/commands/pki/issue.mdx | 72 +++++++++++++++ .../docs/commands/pki/list-intermediates.mdx | 89 +++++++++++++++++++ website/content/docs/commands/pki/reissue.mdx | 88 ++++++++++++++++++ .../content/docs/commands/pki/verify-sign.mdx | 56 ++++++++++++ website/data/docs-nav-data.json | 18 +++- 6 files changed, 385 insertions(+), 2 deletions(-) create mode 100644 website/content/docs/commands/pki/issue.mdx create mode 100644 website/content/docs/commands/pki/list-intermediates.mdx create mode 100644 website/content/docs/commands/pki/reissue.mdx create mode 100644 website/content/docs/commands/pki/verify-sign.mdx diff --git a/website/content/docs/commands/pki/index.mdx b/website/content/docs/commands/pki/index.mdx index b6c054ca5e8b..8a6ec3379407 100644 --- a/website/content/docs/commands/pki/index.mdx +++ b/website/content/docs/commands/pki/index.mdx @@ -15,7 +15,7 @@ The `pki` command groups subcommands for interacting with Vault's Option flags for a given subcommand are provided after the subcommand, but before the arguments. -## Examples +## Example Health Check To [health check](/vault/docs/commands/pki/health-check) a mount, use the `vault pki health-check ` command: @@ -30,3 +30,65 @@ ok /pki/issuer/da41ffb1-cc6d-5a5c-f147-e4d7beeb1b73 Issuer's validity ... more output elided ... ``` + +## Example Verify Sign + +To [verify](/vault/docs/commands/pki/verify-sign) the signature between two +issuer certificates, use the `vault pki verify-sign ` command: + +```shell-session +$ vault pki verify-sign pki_root/issuer/root pki_int/issuer/FirstDepartment +issuer:pki_root/issuer/root +issued:pki_int/issuer/FirstDepartment + +field value +----- ----- +subject_match true +path_match true +trust_match true +key_id_match true +signature_match true +``` + +## Example List Child Issuers + +To [list intermediate](/vault/docs/commands/pki/list-intermediates) certificates +potentially issued by a certificate inside vault, use the +`vault pki list-intermediates ` command: + +```shell-session +$ vault pki list-intermediates /pki_root/issuer/default +intermediate match? +------------ ------ +pki_int_2/issuer/d4404ccc-3ad4-83a9-f5df-398637654b3b true +pki_int_2/issuer/db0b0a6c-6641-ac15-363a-4e5261315581 true +pki_root/issuer/9464c4fe-e8a6-d96a-0566-021575e7382c true +pki_int/issuer/2f958ec5-1838-336e-331b-07032379b958 true +pki_int/issuer/b8cc0b41-e0e9-1a92-12c4-6849c9d6f837 true +``` + +## Example Issue + +To [issue](/vault/docs/commands/pki/issue) a new issuer certificate, use the +`vault pki issue ` command: + +```shell-session +$ vault pki issue -issuer_name="FirstDepartment" /pki_root/issuer/default /pki_int/ common_name="first-department.example.com" +Key Value +--- ----- +ca_chain [-----BEGIN CERTIFICATE----- +MIIDsDCCApigAwIBAgIULEPuHTW7UDtAQg+qcc18osNWgZIwDQYJKoZIhvcNAQEL... +``` + +## Example Reissue + +To [reissue](/vault/docs/commands/pki/reissue) an issuer certificate, using the +same fields as an existing issuer template, use the +`vault pki reissue