rename CLI to "bao" in documentation

Signed-off-by: Jan Martens <jan@martens.eu.org>

website/content/docs/agent-and-proxy/agent/generate-config/index.mdx

@@ -40,13 +40,13 @@ unless a path is specified as an argument.
 Before generating a configuration file, let's insert a secret `foo`:
 
 ```shell-session
-$ openbao kv put -mount=secret foo user="admin" password="s3cr3t"
+$ bao kv put -mount=secret foo user="admin" password="s3cr3t"
 ```
 
 Generate an agent configuration file which will reference `secret/foo`:
 
 ```shell-session
-$ openbao agent generate-config \
+$ bao agent generate-config \
          -type="env-template" \
          -exec="./my-app arg1 arg2" \
          -namespace="my/ns/" \

website/content/docs/agent-and-proxy/agent/index.mdx

@@ -121,7 +121,7 @@ These are the currently-available general configuration options:
 
 - `listener` <code>([listener][listener]: <optional\>)</code> - Specifies the addresses and ports on which the Agent will respond to requests.
 
-  ~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof openbao)`), OpenBao Agent will attempt to reload listener TLS configuration.
+  ~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof bao)`), OpenBao Agent will attempt to reload listener TLS configuration.
   This method can be used to refresh certificates used by OpenBao Agent without having to restart its process.
 
 - `pid_file` `(string: "")` - Path to the file in which the agent's Process ID
@@ -158,7 +158,7 @@ These are the currently-available general configuration options:
 
 - `log_level` - Equivalent to the [`-log-level` command-line flag](#_log_level).
 
-  ~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof openbao)`), OpenBao Agent will update the log level to the value
+  ~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof bao)`), OpenBao Agent will update the log level to the value
   specified by configuration file (including overriding values set using CLI or environment variable parameters).
 
 - `log_format` - Equivalent to the [`-log-format` command-line flag](#_log_format).
@@ -300,13 +300,13 @@ To run OpenBao Agent:
    **Example:**
 
    ```shell-session
-   $ openbao agent -config=/etc/openbao/agent-config.hcl
+   $ bao agent -config=/etc/openbao/agent-config.hcl
    ```
 
    To get help, run:
 
    ```shell-session
-   $ openbao agent -h
+   $ bao agent -h
    ```
 
 As with OpenBao, the `-config` flag can be used in three different ways:

website/content/docs/agent-and-proxy/agent/process-supervisor.mdx

@@ -105,7 +105,7 @@ The top level `exec` block has the following configuration entries.
 ## Configuration example
 
 The following example was generated using
-[`openbao agent generate-config`](/vault/docs/agent-and-proxy/agent/generate-config),
+[`bao agent generate-config`](/vault/docs/agent-and-proxy/agent/generate-config),
 a configuration helper tool. Given this configuration, OpenBao Agent will run
 the child process (`./my-app arg1 arg2`) with two additional environment
 variables (`FOO_USER` and `FOO_PASSWORD`) populated with secrets from OpenBao.

website/content/docs/agent-and-proxy/agent/winsvc.mdx

@@ -35,7 +35,7 @@ of OpenBao Agent as a service, using "OpenBao Agent" as the display name, and st
 The `binPath` argument should include the fully qualified path to the OpenBao executable, as well as any arguments required.
 
 ```shell-session
-PS C:\Windows\system32> sc.exe create OpenBaoAgent binPath="C:\openbao\openbao.exe agent -config=C:\openbao\agent-config.hcl" displayName="OpenBao Agent" start=auto
+PS C:\Windows\system32> sc.exe create OpenBaoAgent binPath="C:\openbao\bao.exe agent -config=C:\openbao\agent-config.hcl" displayName="OpenBao Agent" start=auto
 [SC] CreateService SUCCESS
 ```
 
@@ -52,7 +52,7 @@ The syntax is slightly different for `New-Service`, but the gist is the same. Th
 `sc.exe` one above.
 
 ```shell-session
-PS C:\Windows\system32> New-Service -Name "OpenBaoAgent" -BinaryPathName "C:\openbao\openbao.exe agent -config=C:\openbao\agent-config.hcl" -DisplayName "OpenBao Agent" -StartupType "Automatic"
+PS C:\Windows\system32> New-Service -Name "OpenBaoAgent" -BinaryPathName "C:\openbao\bao.exe agent -config=C:\openbao\agent-config.hcl" -DisplayName "OpenBao Agent" -StartupType "Automatic"
 
 Status   Name               DisplayName
 ------   ----               -----------
@@ -63,7 +63,7 @@ As mentioned previously, `New-Service` is easier to use if the path to your Open
 Below is an example of how to configure OpenBao Agent as a service using a path with spaces.
 
 ```shell-session
-PS C:\Windows\system32> New-Service -Name "OpenBaoAgent" -BinaryPathName '"C:\my dir\openbao.exe" agent -config="C:\my dir\agent-config.hcl"' -DisplayName "OpenBao Agent" -StartupType "Automatic"
+PS C:\Windows\system32> New-Service -Name "OpenBaoAgent" -BinaryPathName '"C:\my dir\bao.exe" agent -config="C:\my dir\agent-config.hcl"' -DisplayName "OpenBao Agent" -StartupType "Automatic"
 
 Status   Name               DisplayName
 ------   ----               -----------

website/content/docs/agent-and-proxy/autoauth/methods/aws.mdx

@@ -56,7 +56,7 @@ parameters unset in your configuration.
 - `header_value` `(string: optional)` - If configured in OpenBao, the value to use for
   [`iam_server_id_header_value`](/vault/api-docs/auth/aws#iam_server_id_header_value).
 
-- `nonce` `(string: optional)` - If not provided, OpenBao will generate a new UUID every time `openbao agent` runs.
+- `nonce` `(string: optional)` - If not provided, OpenBao will generate a new UUID every time `bao agent` runs.
   If set, make sure you understand the importance of generating a good, unique `nonce` and protecting it.
   See [Client Nonce](/vault/docs/auth/aws#client-nonce) for more information.
 

website/content/docs/agent-and-proxy/proxy/index.mdx

@@ -113,7 +113,7 @@ These are the currently-available general configuration options:
 
 - `listener` <code>([listener][listener]: <optional\>)</code> - Specifies the addresses and ports on which the Proxy will respond to requests.
 
-~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof openbao)`), OpenBao Proxy will attempt to reload listener TLS configuration.
+~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof bao)`), OpenBao Proxy will attempt to reload listener TLS configuration.
 This method can be used to refresh certificates used by OpenBao Proxy without having to restart its process.
 
 - `pid_file` `(string: "")` - Path to the file in which the Proxy's Process ID
@@ -141,7 +141,7 @@ for a list of metrics specific to Proxy.
 
 - `log_level` - Equivalent to the [`-log-level` command-line flag](#_log_level).
 
-~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof openbao)`), OpenBao Proxy will update the log level to the value
+~> **Note:** On `SIGHUP` (`kill -SIGHUP $(pidof bao)`), OpenBao Proxy will update the log level to the value
 specified by configuration file (including overriding values set using CLI or environment variable parameters).
 
 - `log_format` - Equivalent to the [`-log-format` command-line flag](#_log_format).
@@ -266,13 +266,13 @@ Configuration](#example-configuration) section for an example configuration.)
 **Example:**
 
 ```shell-session
-$ openbao proxy -config=/etc/openbao/proxy-config.hcl
+$ bao proxy -config=/etc/openbao/proxy-config.hcl
    ```
 
 To get help, run:
 
 ```shell-session
-$ openbao proxy -h
+$ bao proxy -h
    ```
 
 As with OpenBao, the `-config` flag can be used in three different ways:

website/content/docs/audit/file.mdx

@@ -21,26 +21,26 @@ and re-open their underlying file, which can assist with log rotation needs.
 Enable at the default path:
 
 ```shell-session
-$ openbao audit enable file file_path=/var/log/openbao_audit.log
+$ bao audit enable file file_path=/var/log/openbao_audit.log
 ```
 
 Enable at a different path. It is possible to enable multiple copies of an audit
 device:
 
 ```shell-session
-$ openbao audit enable -path="openbao_audit_1" file file_path=/home/user/openbao_audit.log
+$ bao audit enable -path="openbao_audit_1" file file_path=/home/user/openbao_audit.log
 ```
 
 Enable logs on stdout. This is useful when running in a container:
 
 ```shell-session
-$ openbao audit enable file file_path=stdout
+$ bao audit enable file file_path=stdout
 ```
 
 ## Configuration
 
 Note the difference between `audit enable` command options and the `file` backend
-configuration options. Use `openbao audit enable -help` to see the command options.
+configuration options. Use `bao audit enable -help` to see the command options.
 
 The `file` audit device supports the common configuration options documented on
 the [main Audit Devices page](/vault/docs/audit#common-configuration-options), and
@@ -62,4 +62,4 @@ these device-specific options:
 
 ## Log file rotation
 
-To properly rotate OpenBao File Audit Device log files on BSD, Darwin, or Linux-based OpenBao servers, it is important that you configure your log rotation software to send the `openbao` process a signal hang up / `SIGHUP` after each rotation of the log file.
+To properly rotate OpenBao File Audit Device log files on BSD, Darwin, or Linux-based OpenBao servers, it is important that you configure your log rotation software to send the `bao` process a signal hang up / `SIGHUP` after each rotation of the log file.

website/content/docs/audit/index.mdx

@@ -87,13 +87,13 @@ While most strings are hashed, OpenBao does make some exceptions, such as auth a
 ## Enabling/Disabling audit devices
 
 When a OpenBao server is first initialized, no auditing is enabled. Audit
-devices must be enabled by a root user using `openbao audit enable`.
+devices must be enabled by a root user using `bao audit enable`.
 
 When enabling an audit device, options can be passed to it to configure it.
 For example, the command below enables the file audit device:
 
 ```shell-session
-$ openbao audit enable file file_path=/var/log/openbao_audit.log
+$ bao audit enable file file_path=/var/log/openbao_audit.log
 ```
 
 In the command above, we passed the "file_path" parameter to specify the path

website/content/docs/audit/socket.mdx

@@ -17,13 +17,13 @@ The `socket` audit device writes to a TCP, UDP, or UNIX socket.
 Enable at the default path:
 
 ```shell-session
-$ openbao audit enable socket
+$ bao audit enable socket
 ```
 
 Supply configuration parameters via K=V pairs:
 
 ```shell-session
-$ openbao audit enable socket address=127.0.0.1:9090 socket_type=tcp
+$ bao audit enable socket address=127.0.0.1:9090 socket_type=tcp
 ```
 
 ## Configuration

website/content/docs/audit/syslog.mdx

@@ -25,13 +25,13 @@ directly to `syslog` will not result in OpenBao being blocked.
 Audit `syslog` device can be enabled by the following command:
 
 ```shell-session
-$ openbao audit enable syslog
+$ bao audit enable syslog
 ```
 
 Supply configuration parameters via K=V pairs:
 
 ```shell-session
-$ openbao audit enable syslog tag="openbao" facility="AUTH"
+$ bao audit enable syslog tag="openbao" facility="AUTH"
 ```
 
 ## Configuration

website/content/docs/auth/alicloud.mdx

@@ -66,19 +66,19 @@ token accordingly.
 #### Enable AliCloud authentication in OpenBao.
 
 ```shell-session
-$ openbao auth enable alicloud
+$ bao auth enable alicloud
 ```
 
 #### Configure the policies on the role.
 
 ```shell-session
-$ openbao write auth/alicloud/role/dev-role arn='acs:ram::5138828231865461:role/dev-role'
+$ bao write auth/alicloud/role/dev-role arn='acs:ram::5138828231865461:role/dev-role'
 ```
 
 #### Perform the login operation
 
 ```shell-session
-$ openbao write auth/alicloud/login \
+$ bao write auth/alicloud/login \
         role=dev-role \
         identity_request_url=$IDENTITY_REQUEST_URL_BASE_64 \
         identity_request_headers=$IDENTITY_REQUEST_HEADERS_BASE_64
@@ -88,7 +88,7 @@ For the RAM auth method, generating the signed request is a non-standard
 operation. The OpenBao CLI supports generating this for you:
 
 ```shell-session
-$ openbao login -method=alicloud access_key=... secret_key=... security_token=... region=...
+$ bao login -method=alicloud access_key=... secret_key=... security_token=... region=...
 ```
 
 This assumes you have the AliCloud credentials you would find on an ECS instance using the

website/content/docs/auth/approle.mdx

@@ -29,7 +29,7 @@ The default path is `/approle`. If this auth method was enabled at a different
 path, specify `auth/my-path/login` instead.
 
 ```shell-session
-$ openbao write auth/approle/login \
+$ bao write auth/approle/login \
     role_id=db02de05-fa39-4855-059b-67221c5c2f63 \
     secret_id=6a174c20-f6de-a53c-74d2-6018fcceff64
 
@@ -84,13 +84,13 @@ management tool.
 1. Enable the AppRole auth method:
 
    ```shell-session
-   $ openbao auth enable approle
+   $ bao auth enable approle
    ```
 
 1. Create a named role:
 
    ```shell-session
-   $ openbao write auth/approle/role/my-role \
+   $ bao write auth/approle/role/my-role \
        secret_id_ttl=10m \
        token_num_uses=10 \
        token_ttl=20m \
@@ -106,14 +106,14 @@ documentation.
 1. Fetch the RoleID of the AppRole:
 
    ```shell-session
-   $ openbao read auth/approle/role/my-role/role-id
+   $ bao read auth/approle/role/my-role/role-id
    role_id     db02de05-fa39-4855-059b-67221c5c2f63
    ```
 
 1. Get a SecretID issued against the AppRole:
 
    ```shell-session
-   $ openbao write -f auth/approle/role/my-role/secret-id
+   $ bao write -f auth/approle/role/my-role/secret-id
    secret_id               6a174c20-f6de-a53c-74d2-6018fcceff64
    secret_id_accessor      c454f7e5-996e-7230-6074-6ef26b7bcf86
    secret_id_ttl           10m

website/content/docs/auth/aws.mdx

@@ -596,7 +596,7 @@ for the IAM Role to be assumed.
 #### Enable AWS EC2 authentication in OpenBao.
 
 ```shell-session
-$ openbao auth enable aws
+$ bao auth enable aws
 ```
 
 #### Configure the credentials required to make AWS API calls
@@ -610,22 +610,22 @@ The IAM account or role to which the credentials map must allow the
 `bound_iam_role_arn` below), `iam:GetInstanceProfile` must also be allowed.
 
 ```shell-session
-$ openbao write auth/aws/config/client secret_key=vCtSM8ZUEQ3mOFVlYPBQkf2sO6F/W7a5TVzrl3Oj access_key=VKIAJBRHKH6EVTTNXDHA
+$ bao write auth/aws/config/client secret_key=vCtSM8ZUEQ3mOFVlYPBQkf2sO6F/W7a5TVzrl3Oj access_key=VKIAJBRHKH6EVTTNXDHA
 ```
 
 #### Configure the policies on the role.
 
 ```shell-session
-$ openbao write auth/aws/role/dev-role auth_type=ec2 bound_ami_id=ami-fce3c696 policies=prod,dev max_ttl=500h
+$ bao write auth/aws/role/dev-role auth_type=ec2 bound_ami_id=ami-fce3c696 policies=prod,dev max_ttl=500h
 
-$ openbao write auth/aws/role/dev-role-iam auth_type=iam \
+$ bao write auth/aws/role/dev-role-iam auth_type=iam \
               bound_iam_principal_arn=arn:aws:iam::123456789012:role/MyRole policies=prod,dev max_ttl=500h
 ```
 
 #### Configure a required X-Vault-AWS-IAM-Server-ID header (recommended)
 
 ```shell-session
-$ openbao write auth/aws/config/client iam_server_id_header_value=openbao.example.com
+$ bao write auth/aws/config/client iam_server_id_header_value=openbao.example.com
 ```
 
 #### Perform the login operation
@@ -639,15 +639,15 @@ $ SIGNATURE=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/rs
 then set the signature on the login endpoint:
 
 ```shell-session
-$ openbao write auth/aws/login role=dev-role \
+$ bao write auth/aws/login role=dev-role \
   pkcs7=$SIGNATURE
 ```
 
 For the iam auth method, generating the signed request is a non-standard
 operation. The OpenBao cli supports generating this for you:
 
 ```shell-session
-$ openbao login -method=aws header_value=openbao.example.com role=dev-role-iam
+$ bao login -method=aws header_value=openbao.example.com role=dev-role-iam
 ```
 
 This assumes you have AWS credentials configured in the standard locations AWS
@@ -658,7 +658,7 @@ in on the command line (though this is not recommended), omitting
 `aws_security_token` if not applicable.
 
 ```shell-session
-$ openbao login -method=aws header_value=openbao.example.com role=dev-role-iam \
+$ bao login -method=aws header_value=openbao.example.com role=dev-role-iam \
         aws_access_key_id=<access_key> \
         aws_secret_access_key=<secret_key> \
         aws_security_token=<security_token>
@@ -667,7 +667,7 @@ $ openbao login -method=aws header_value=openbao.example.com role=dev-role-iam \
 The region used defaults to `us-east-1`, but you can specify a custom region like so:
 
 ```shell-session
-$ openbao login -method=aws region=us-west-2 role=dev-role-iam
+$ bao login -method=aws region=us-west-2 role=dev-role-iam
 ```
 
 If the region is specified as `auto`, the OpenBao CLI will determine the region based
@@ -679,13 +679,13 @@ and `sts_region` role parameters to `us-gov-west-1` / `us-gov-east-1` then you m
 the `region` argument in your login request with a matching value, i.e. `region=us-gov-west-1`.
 
 An example of how to generate the required request values for the `login` method
-can be found found in the [openbao cli
+can be found found in the [bao cli
 source code](https://github.com/lf-edge/openbao/blob/main/builtin/credential/aws/cli.go).
 Using an approach such as this, the request parameters can be generated and
 passed to the `login` method:
 
 ```shell-session
-$ openbao write auth/aws/login role=dev-role-iam \
+$ bao write auth/aws/login role=dev-role-iam \
         iam_http_request_method=POST \
         iam_request_url=aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8= \
         iam_request_body=QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ== \