Improve PATH description.

ktlim · ktlim · commit 55ac3ab207d9 · 2025-01-14T13:01:43.000-08:00
diff --git a/usdf/kubernetes.rst b/usdf/kubernetes.rst
@@ -76,4 +76,4 @@ Miscellaneous
 
 - if you encounter an error like "Unable to connect to the server: No valid id-token, and cannot refresh without refresh-token" when running your kubectl, you will need to log back in via https://k8s.slac.stanford.edu/<project>, re-executing the commands in the second box. This is because our OIDC (dex) implementation does not and cannot generate refresh tokens from our SAML2 (windows ADFS) backend. (Actually, only the ``set-credentials`` command is needed, but it doesn't hurt to execute them all.)
 
-Kubernetes secrets are usually held in Vault (vault.slac.stanford.edu).  The vault command is available on USDF interactive nodes.  You may need to activate it with ``module load vault``.  Then login using the commands ``export VAULT_ADDR=https://vault.slac.stanford.edu; vault login -method=ldap`` with your SLAC Windows password.  You can then use ``vault kv list -mount=secret PATH`` and ``vault kv get -mount=secret PATH/TO/SECRET`` to access secrets for which you have permission.
+Kubernetes secrets are usually held in Vault (vault.slac.stanford.edu).  The vault command is available on USDF interactive nodes.  You may need to activate it with ``module load vault``.  Then login using the commands ``export VAULT_ADDR=https://vault.slac.stanford.edu; vault login -method=ldap`` with your SLAC Windows password.  You can then use ``vault kv list -mount=secret rubin[/PATH]`` and ``vault kv get -mount=secret PATH/TO/SECRET`` to access secrets for which you have permission.

Original file line number	Diff line number	Diff line change
`@@ -76,4 +76,4 @@ Miscellaneous`
`76`	`76`
`77`	`77`	- if you encounter an error like "Unable to connect to the server: No valid id-token, and cannot refresh without refresh-token" when running your kubectl, you will need to log back in via https://k8s.slac.stanford.edu/<project>, re-executing the commands in the second box. This is because our OIDC (dex) implementation does not and cannot generate refresh tokens from our SAML2 (windows ADFS) backend. (Actually, only the ``set-credentials`` command is needed, but it doesn't hurt to execute them all.)
`78`	`78`
`79`		-Kubernetes secrets are usually held in Vault (vault.slac.stanford.edu). The vault command is available on USDF interactive nodes. You may need to activate it with ``module load vault``. Then login using the commands ``export VAULT_ADDR=https://vault.slac.stanford.edu; vault login -method=ldap`` with your SLAC Windows password. You can then use ``vault kv list -mount=secret PATH`` and ``vault kv get -mount=secret PATH/TO/SECRET`` to access secrets for which you have permission.
	`79`	+Kubernetes secrets are usually held in Vault (vault.slac.stanford.edu). The vault command is available on USDF interactive nodes. You may need to activate it with ``module load vault``. Then login using the commands ``export VAULT_ADDR=https://vault.slac.stanford.edu; vault login -method=ldap`` with your SLAC Windows password. You can then use ``vault kv list -mount=secret rubin[/PATH]`` and ``vault kv get -mount=secret PATH/TO/SECRET`` to access secrets for which you have permission.