backport of commit 47cd49d (#29006)

Co-authored-by: Sarah Chavis <[email protected]>

website/content/partials/cli/README.md

@@ -16,6 +16,7 @@ The `agent` family of commands is malformed. Rather than having a root node
 root command is runnable.
 
 
+
 ## Why partials?
 
 We document CLI command arguments, options, and flags as partials:
@@ -66,43 +67,35 @@ partials/global-settings/both   parameters that exits as flags and variables
 ### Template 1 - command-specific parameters
 
 Use the following template for parameters that exist as command-exclusively
-arguments, flags, or options. "ANCHOR_ID" is the ID defined in the `<a id=...>`
-HTML tag.
+arguments, flags, or options.
 
 -- Template (start) --
 
 <a id="COMMAND_ROOT-[arg | option | flag]-NAME" />
 
 
-<a href="#ANCHOR_ID" style={{textDecorationLine:'none'}}>
-
 **`NAME (TYPE : DEFAULT)`**
 
-</a>
-
 DESCRIPTION
 
 **Example**: `EXAMPLE_OF_VALID_USE`
 
 -- Template (end) --
 
 
-
 ### Template 2 - shared parameters
 
 Use the following template for parameters that exist as arguments, flags, or
 options that are not global but are shared across more than one command family.
-"ANCHOR_ID" is the ID defined in the `<a id=...>` HTML tag.
-
-<a id="shared-[arg | option | flag]-NAME" />
 
+-- Template (start) --
 
-<a href="#ANCHOR_ID" style={{textDecorationLine:'none'}}>
+<a id="shared-[arg | option | flag]-NAME" />
 
 **`NAME (TYPE : DEFAULT)`**
 
-</a>
-
 DESCRIPTION
 
-**Example**: `EXAMPLE_OF_VALID_USE`
+**Example**: `EXAMPLE_OF_VALID_USE`
+
+-- Template (end) --

website/content/partials/cli/agent/args/file_path.mdx

@@ -1,4 +1,6 @@
-- `file_path (string : "./agent.hcl")` ((#agent-arg-file_path))
+<a id="agent-arg-file_path" />
+
+**`file_path (string : "./agent.hcl")`**
 
 The path where Vault should save the generated configuration file.
 

website/content/partials/cli/agent/flags/config.mdx

@@ -1,5 +1,6 @@
-- `-config (string : <required>)` ((#agent-flag-config))
+<a id="agent-flag-config" />
 
+**`-config (string : <required>)`**
 
 Path to a single
 [Vault Agent configuration file](/vault/docs/agent-and-proxy/agent#configuration-file-options)

website/content/partials/cli/agent/flags/exec.mdx

@@ -1,4 +1,6 @@
-- `-exec (string : "")` ((#agent-flag-exec))
+<a id="agent-flag-exec" />
+
+**`-exec (string : "")`**
 
 Path to the command for child processes with optional arguments. Relative paths
 start from the current working directory when executed. Corresponds to

website/content/partials/cli/agent/flags/exit-after-auth.mdx

@@ -1,4 +1,6 @@
-- `-exit-after-auth (bool : false)` ((#agent-flag-exit-after-auth))
+<a id="agent-flag-exit-after-auth" />
+
+**`-exit-after-auth (bool : false)`**
 
 Exit with code `0` after a single successful auth. Success indicates successful
 token retrieval and write to sink.

website/content/partials/cli/agent/flags/path.mdx

@@ -1,4 +1,6 @@
-- `-path (string : "")` ((#agent-flag-path))
+<a id="agent-flag-path" />
+
+**`-path (string : "")`**
 
 Path to one or more `kv` secrets store. Paths that end with a wildcard (`*`)
 include all secrets under that path.

website/content/partials/cli/agent/flags/type.mdx

@@ -1,4 +1,6 @@
-- `-type (enum : <required>)` ((#agent-flag-type))
+<a id="agent-flag-type" />
+
+**`-type (enum : <required>)`**
 
 The configuration file entry to create.
 

website/content/partials/cli/audit/args/device_path.mdx

@@ -1,4 +1,6 @@
-- `device_path (string : <required>)` ((#audit-arg-device_path))
+<a id="audit-arg-device_path" />
+
+**`device_path (string : <required>)`**
 
 The internal path where Vault accesses the audit device. Audit device paths are
 unique across all audit devices.

website/content/partials/cli/audit/args/device_type.mdx

@@ -1,4 +1,6 @@
-- `audit-arg-device_type (enum : <required>)` ((#audit-arg-device_type))
+<a id="audit-arg-device_type" />
+
+**`device_type (enum : <required>)`**
 
 The audit device type to create.
 

website/content/partials/cli/audit/args/file/file_path.mdx

@@ -1,4 +1,6 @@
-- `file_path (string : <required>)` ((#audit-arg-file-file_path))
+<a id="audit-arg-file-file_path" />
+
+**`file_path (string : <required>)`**
 
 Location on the audit log on the Vault server. Must be one of the following:
 

website/content/partials/cli/audit/args/file/mode.mdx

@@ -1,4 +1,6 @@
-- `mode (string : "0600")` ((#audit-arg-file-mode))
+<a id="audit-arg-file-mode" />
+
+**`mode (string : "0600")`**
 
 The `chmod`-style octal permissions for the audit file. Set `mode` to "0000" to
 prevent Vault from modifying the file mode.

website/content/partials/cli/audit/args/socket/address.mdx

@@ -1,4 +1,6 @@
-- `address (string : "")` ((#audit-arg-socket-address))
+<a id="audit-arg-socket-address" />
+
+**`address (string : "")`**
 
 Location of the socket as a server IP and port or a local path.
 

website/content/partials/cli/audit/args/socket/socket_type.mdx

@@ -1,4 +1,6 @@
-- `socket_type (string : "tcp")` ((#audit-arg-socket-socket_type))
+<a id="audit-arg-socket-socket_type" />
+
+**`socket_type (string : "tcp")`**
 
 Communication protocol expected by the socket. Vault can write to any
 [net.Dialer](https://pkg.go.dev/net#Dialer)-compatible socket. If a TCP socket

website/content/partials/cli/audit/args/socket/write_timeout.mdx

@@ -1,4 +1,6 @@
-- `write_timeout (string : "2s")` ((#audit-arg-socket-write_timeout))
+<a id="audit-arg-socket-write_timeout" />
+
+**`write_timeout (string : "2s")`**
 
 Duration in seconds that Vault will wait for a write to complete over the
 socket. Setting `write_timeout` to `0` disables time outs and forces Vault to

website/content/partials/cli/audit/args/syslog/facility.mdx

@@ -1,4 +1,6 @@
-- `facility (string : "AUTH")` ((#audit-arg-syslog-facility))
+<a id="audit-arg-syslog-facility" />
+
+**`facility (string : "AUTH")`**
 
 The process that generated the syslog entry (the syslog facility).
 

website/content/partials/cli/audit/args/syslog/tag.mdx

@@ -1,4 +1,6 @@
-- `tag (string : "vault")` ((#audit-arg-syslog-tag))
+<a id="audit-arg-syslog-tag" />
+
+**`tag (string : "vault")`**
 
 The program that generated the syslog entry.
 

website/content/partials/cli/audit/flags/description.mdx

@@ -1,4 +1,6 @@
-- `-description (string : "")` ((#audit-flag-description))
+<a id="audit-flag-description" />
+
+**`-description (string : "")`**
 
 A human-friendly string that explains the purpose of the audit device.
 

website/content/partials/cli/audit/flags/detailed.mdx

@@ -1,4 +1,6 @@
-- `-detailed (bool : false)` ((#audit-flag-detailed))
+<a id="audit-flag-detailed" />
+
+**`-detailed (bool : false)`**
 
 Print detailed information such as options and replication status about each
 audit device.

website/content/partials/cli/audit/flags/local.mdx

@@ -1,6 +1,8 @@
-- `-local (bool : false)` ((#audit-flag-local))
+<a id="audit-flag-local" />
+
+**`-local (bool : false)`**
 
 Indicates that the audit device is local to the Vault server and ignored by
 replication.
 
-**Example**: `-local`
+**Example**: `-local`

website/content/partials/cli/audit/flags/path.mdx

@@ -1,4 +1,6 @@
-- `-path (string : "/<device_type>")` ((#audit-flag-path))
+<a id="audit-flag-path" />
+
+**`-path (string : "/<device_type>")`**
 
 The internal path where Vault will access the audit device. Audit device paths
 must be unique across all audit devices.

website/content/partials/cli/audit/options/elide_list_responses.mdx

@@ -1,4 +1,6 @@
-- `elide_list_responses (bool : false)` ((#audit-option-elide_list_responses))
+<a id="audit-option-elide_list_responses" />
+
+**`elide_list_responses (bool : false)`**
 
 Replace the details for `response.data.keys` and `response.data.key_info` with
 the number of entries to reduce the size of audit records. See

website/content/partials/cli/audit/options/exclude.mdx

@@ -1,5 +1,6 @@
-- `exclude (string : "")` ((#audit-option-exclude)) <EnterpriseAlert inline="true" />
+<a id="audit-option-exclude" />
 
+**`exclude (string : "")`** <EnterpriseAlert inline="true" />
 
 Remove any fields matching the provided
 [exclusion filtering rules](/vault/docs/enterprise/audit/exclusion) from the

website/content/partials/cli/audit/options/fallback.mdx

@@ -1,4 +1,6 @@
-- `fallback (bool : false)` ((#audit-option-fallback))  <EnterpriseAlert inline="true" />
+<a id="audit-option-fallback" />
+
+**`fallback (bool : false)`**  <EnterpriseAlert inline="true" />
 
 The audit device is the fallback for filtering purposes.
 **Vault only supports one fallback audit device at a time**.

website/content/partials/cli/audit/options/filter.mdx

@@ -1,4 +1,6 @@
-- `filter (string : "")` ((#audit-option-filter))  <EnterpriseAlert inline="true" />
+<a id="audit-option-filter" />
+
+**`filter (string : "")`** <EnterpriseAlert inline="true" />
 
 Only write audit log entries matching the provided
 [filtering expression](/vault/docs/enterprise/audit/filtering) to the audit

website/content/partials/cli/audit/options/format.mdx

@@ -1,4 +1,6 @@
-- `format (enum : json)` ((#audit-option-format))
+<a id="audit-option-format" />
+
+**`format (enum : json)`**
 
 Write audit log entries in the provided format.
 

website/content/partials/cli/audit/options/hmac_accessor.mdx

@@ -1,4 +1,6 @@
-- `hmac_accessor (bool : true)` ((#audit-option-hmac_accessor))
+<a id="audit-option-hmac_accessor" />
+
+**`hmac_accessor (bool : true)`**
 
 Hash all token accessor data before writing to the audit device.
 

website/content/partials/cli/audit/options/log_raw.mdx

@@ -1,4 +1,6 @@
-- `log_raw (bool : false)` ((#audit-option-log_raw))
+<a id="audit-option-log_raw" />
+
+**`log_raw (bool : false)`**
 
 Hash all sensitive security information before writing to the audit device.
 

website/content/partials/cli/audit/options/prefix.mdx

@@ -1,4 +1,6 @@
-- `prefix (string : "")` ((#audit-option-prefix))
+<a id="audit-option-prefix" />
+
+**`prefix (string : "")`**
 
 Prepend the provided string to each log entry when writing to the audit device.
 

website/content/partials/cli/shared/flags/log-file.mdx

@@ -1,4 +1,6 @@
-- `-log-file (string : "./<service>.log")` ((#shared-flag-log-file))
+<a id="shared-flag-log-file" />
+
+**`-log-file (string : "./<service>.log")`**
 
 Absolute path where Vault Agent saves logging data.
 

website/content/partials/cli/shared/flags/log-rotate-bytes.mdx

@@ -1,4 +1,6 @@
-- `-log-rotate-bytes (int : <unset>)` ((#shared-flag-log-rotate-bytes))
+<a id="shared-flag-log-rotate-bytes" />
+
+**`-log-rotate-bytes (int : <unset>)`**
 
 File size, in bytes, after which log files must rotate. Leave `log-rotate-bytes`
 unset if you prefer not to limit log file size.

website/content/partials/cli/shared/flags/log-rotate-duration.mdx

@@ -1,4 +1,6 @@
-- `-log-rotate-duration (string : "24h")` ((#shared-flag-log-rotate-duration))
+<a id="shared-flag-log-rotate-duration" />
+
+**`-log-rotate-duration (string : "24h")`**
 
 Amount of time, in `<number>[s|m|h|d]` format, after which log files must
 rotate.

website/content/partials/cli/shared/flags/log-rotate-max-files.mdx

@@ -1,4 +1,6 @@
-- `-log-rotate-max-files (int : 0)` ((#shared-flag-log-rotate-max-files))
+<a id="shared-flag-log-rotate-max-files" />
+
+**`-log-rotate-max-files (int : 0)`**
 
 The number of log file archives to preserve over time:
 

website/content/partials/global-settings/both/address.mdx

@@ -1,9 +1,10 @@
-- `[-address | VAULT_ADDR] (string : 'https://127.0.0.1:8200')` ((#global-address))
+<a id="global-address" />
+
+**`[-address | VAULT_ADDR] (string : 'https://127.0.0.1:8200')`**
 
 Address of the Vault server.
 
 **Examples**:
 
 - CLI flag: `-address "https://mydomain/vault:8200"`
 - Environment variable: `export VAULT_ADDR="https://mydomain/vault:8200"`
-

website/content/partials/global-settings/both/agent-address.mdx

@@ -1,9 +1,10 @@
-- `[-agent-address | VAULT_AGENT_ADDR] (string : "")` ((#global-agent-address))
+<a id="global-agent-address" />
+
+**`[-agent-address | VAULT_AGENT_ADDR] (string : "")`**
 
 Address of the Vault Agent, if used.
 
 **Examples**:
 
 - CLI flag: `-agent-address "https://mydomain/vault-agent:8200"`
 - Environment variable: `export VAULT_AGENT_ADDR="https://mydomain/vault-agent:8200"`
-

website/content/partials/global-settings/both/ca-cert.mdx

@@ -1,4 +1,6 @@
-- `[-ca-cert | VAULT_CACERT] (string : "")` ((#global-ca-cert))
+<a id="global-ca-cert" />
+
+**`[-ca-cert | VAULT_CACERT] (string : "")`**
 
 Path to a PEM-encoded CA certificate file on the local disk. Used to verify SSL
 certificates for the server. **Takes precedence over `-ca_path`**.
@@ -7,4 +9,3 @@ certificates for the server. **Takes precedence over `-ca_path`**.
 
 - CLI flag: `-ca-cert "/path/to/certs/mycert.pem"`
 - Environment variable: `export VAULT_CACERT="/path/to/certs/mycert.pem"`
-

website/content/partials/global-settings/both/ca-path.mdx

@@ -1,4 +1,6 @@
-- `[-ca-path | VAULT_CAPATH] (string : "")` ((#global-ca-path))
+<a id="global-ca-path" />
+
+**`[-ca-path | VAULT_CAPATH] (string : "")`**
 
 Path to a directory with PEM-encoded CA certificate files on the local disk.
 Used to verify SSL certificates for the server.
@@ -7,4 +9,3 @@ Used to verify SSL certificates for the server.
 
 - CLI flag: `-ca-path "/path/to/certs/dir"`
 - Environment variable: `export VAULT_CAPATH="/path/to/certs/dir"`
-

website/content/partials/global-settings/both/client-cert.mdx

@@ -1,4 +1,6 @@
-- `[-client-cert | VAULT_CLIENT_CERT] (string : "")` ((#global-client-cert))
+<a id="global-client-cert" />
+
+**`[-client-cert | VAULT_CLIENT_CERT] (string : "")`**
 
 Path to a PEM-encoded CA certificate file on the local disk. Used for TLS
 communication with the server. **The specified certificate must match to the
@@ -8,4 +10,3 @@ private key specified with `-client-cert`**.
 
 - CLI flag: `-client-cert "/path/to/certs/mycert.pem"`
 - Environment variable: `export VAULT_CLIENT_CERT="/path/to/certs/mycert.pem"`
-

website/content/partials/global-settings/both/client-key.mdx

@@ -1,4 +1,6 @@
-- `[-client-key | VAULT_CLIENT_KEY] (string : "")` ((#global-client-key))
+<a id="global-client-key" />
+
+**`[-client-key | VAULT_CLIENT_KEY] (string : "")`**
 
 Path to a PEM-encoded private key that matches the client certificate set with
 `-client-cert`.
@@ -7,4 +9,3 @@ Path to a PEM-encoded private key that matches the client certificate set with
 
 - CLI flag: `-client-key "/path/to/keys/myprivatekey.pem"`
 - Environment variable: `export VAULT_CLIENT_KEY="/path/to/keys/myprivatekey.pem"`
-