Updates to identity docs.

docs/Identity.md

@@ -55,14 +55,20 @@ You can also set VAULT_TOKEN with the following command:
 export VAULT_TOKEN=$(vault login -token-only -method=userpass username="your-username")
 ```
 
-> **Note:** The `-token-only` is an equivalent of `-field=token -no-store` options.
-
-You can also use the following command to set VAULT_TOKEN and TOKEN_ACCESSOR:
+or a function like this:
 
 ```bash
-export TOKEN_ACCESSOR=$(vault token lookup -format=json | jq -r .data.accessor)
+function v_login() {
+    local VAULT_USERNAME=${1:-"your-username"}
+    vault login -format=json -method=userpass username="$VAULT_USERNAME" |
+        jq -r '.auth | [.client_token, .accessor] | @tsv' | read -r VAULT_TOKEN TOKEN_ACCESSOR
+    echo "Logged in as $VAULT_USERNAME (Token accessor: $TOKEN_ACCESSOR)"
+    export VAULT_TOKEN TOKEN_ACCESSOR
+}
 ```
 
+> **Note:** The `-token-only` is an equivalent of `-field=token -no-store` options.
+
 You can then use the `TOKEN_ACCESSOR` to look up token details without exposing the actual token.
 
 ```bash
@@ -96,3 +102,6 @@ Read user details:
 ```bash
 vault read auth/userpass/users/username
 ```
+
+## Entities and Groups
+

docs/README.md

@@ -0,0 +1,25 @@
+# General Vault Links and Commands
+
+## Useful commands
+
+Display the `curl` equivalent of a Vault CLI command:
+
+```bash
+vault <any_command> -output-curl-string
+```
+
+The following are equivalent:
+
+```bash
+curl -s -H "X-Vault-Request: true" -H "X-Vault-Token: $VAULT_TOKEN" "https://vault.koszewscy.waw.pl/v1/auth/userpass/users?list=true"
+```
+
+and
+
+```bash
+curl -s -X LIST -H "X-Vault-Request: true" -H "X-Vault-Token: $VAULT_TOKEN" https://vault.koszewscy.waw.pl/v1/auth/userpass/users
+```
+
+because the Vault uses non-standard HTTP method `LIST` for listing resources.
+
+---

policies/README.md

@@ -1,5 +1,16 @@
 # HashiCorp Vault Policies
 
+## Defualt Policy
+
+The **default** policy is created automatically when Vault is initialized, but can be modified as needed. It provides basic access to Vault features for authenticated users.
+
+To restore the default policy to the newest default version, launch a development Vault server and copy the default policy from there:
+
+```bash
+vault policy read default > default_policy.hcl
+vault policy write default default_policy.hcl
+```
+
 ## Policy Commands
 
 ```bash
@@ -11,6 +22,12 @@ vault policy delete <policy-name>
 
 Format a policy file using `vault policy fmt <policy-file.hcl>`.
 
+Display required capabilities for a given path with:
+
+```bash
+vault <anycommand> -output-policy
+```
+
 ## Auditing
 
 To enable auditing, use the following command:
@@ -46,3 +63,7 @@ To disable auditing, use:
 ```bash
 vault audit disable file
 ```
+
+## References
+
+- [RSoP Tool](https://github.com/threatkey-oss/hvresult) - **hvresult** computes the Resultant Set of Policy (RSoP) for Hashicorp Vault ACLs.