backport of commit 17740fc (hashicorp#20529)

hc-github-team-secure-vault-core · jehof · web-flow · commit 6a2297e2166f · 2023-05-04T23:35:32.000Z
Co-authored-by: Jens Hofmann &lt;je.hof@web.de&gt;
diff --git a/website/content/docs/secrets/databases/elasticdb.mdx b/website/content/docs/secrets/databases/elasticdb.mdx
@@ -90,7 +90,7 @@ $ curl \
 
 The contents of `data.json` in this example are:
 
-```
+```json
 {
  "password" : "myPa55word",
  "roles" : [ "vault" ],
@@ -108,7 +108,7 @@ Now, Elasticsearch is configured and ready to be used with Vault.
 
 1. Enable the database secrets engine if it is not already enabled:
 
-   ```text
+   ```shell-session
    $ vault secrets enable database
    Success! Enabled the database secrets engine at: database/
    ```
@@ -118,7 +118,7 @@ Now, Elasticsearch is configured and ready to be used with Vault.
 
 1. Configure Vault with the proper plugin and connection information:
 
-   ```text
+   ```shell-session
    $ vault write database/config/my-elasticsearch-database \
        plugin_name="elasticsearch-database-plugin" \
        allowed_roles="internally-defined-role,externally-defined-role" \
@@ -135,25 +135,23 @@ Now, Elasticsearch is configured and ready to be used with Vault.
    a privilege escalation by editing a role's privileges out-of-band in
    Elasticsearch:
 
-   ```text
+   ```shell-session
    $ vault write database/roles/internally-defined-role \
          db_name=my-elasticsearch-database \
          creation_statements='{"elasticsearch_role_definition": {"indices": [{"names":["*"], "privileges":["read"]}]}}' \
          default_ttl="1h" \
          max_ttl="24h"
-   Success! Data written to: database/roles/internally-defined-role
    ```
 
 1. Alternatively, configure a role that maps a name in Vault to a pre-existing
    role definition in Elasticsearch:
 
-   ```text
+   ```shell-session
    $ vault write database/roles/externally-defined-role \
          db_name=my-elasticsearch-database \
          creation_statements='{"elasticsearch_roles": ["pre-existing-role-in-elasticsearch"]}' \
          default_ttl="1h" \
          max_ttl="24h"
-   Success! Data written to: database/roles/externally-defined-role
    ```
 
 ## Usage
@@ -164,7 +162,7 @@ the proper permission, it can generate credentials.
 1. Generate a new credential by reading from the `/creds` endpoint with the name
    of the role:
 
-   ```text
+   ```shell-session
    $ vault read database/creds/my-role
    Key                Value
    ---                -----
