Fix mfa argument + backport (#1104)

This is a continuation of PR #1013

Fixed `-mfa` argument for CLI flags since it was incorrect.
- Incorrect:
<img width="1414" height="913" alt="2025-10-14 12 17 15 developer
hashicorp com 7ab8618e50d0"
src="https://github.com/user-attachments/assets/622bd797-91aa-4ed5-903a-2baa08dc84d7"
/>
- Correct:
<img width="1445" height="957" alt="2025-10-14 12 17 45 developer
hashicorp com 5ab16498018b"
src="https://github.com/user-attachments/assets/58996634-ca11-421d-b57e-a8fe37d5e9d6"
/>

Also added this CLI flag description to the Single-Phase login docs so
customers who are looking for Single-Phase MFA login can now find how to
do it via API and CLI on one page (reduces confusion).

Author: Soromeister

content/vault/v1.14.x/content/docs/auth/login-mfa/index.mdx

@@ -108,6 +108,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.

content/vault/v1.15.x/content/docs/auth/login-mfa/index.mdx

@@ -108,6 +108,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.

content/vault/v1.16.x/content/docs/auth/login-mfa/index.mdx

@@ -108,6 +108,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.

content/vault/v1.17.x/content/docs/auth/login-mfa/index.mdx

@@ -108,6 +108,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.

content/vault/v1.18.x/content/docs/auth/login-mfa/index.mdx

@@ -112,6 +112,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.

content/vault/v1.19.x/content/docs/auth/login-mfa/index.mdx

@@ -112,6 +112,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.

content/vault/v1.19.x/content/partials/global-settings/both/mfa.mdx

@@ -3,14 +3,14 @@
 **`[-mfa | VAULT_MFA] (string : "")`** <EnterpriseAlert inline="true" />
 
 A multi-factor authentication (MFA) credential, in the format
-`mfa_method_name[:key[=value]]`, that the CLI should use to authenticate to
+`mfa_method_id:passcode`, that the CLI should use to authenticate to
 Vault. The CLI adds MFA credentials to the `X-Vault-MFA` header when calling the
 underlying API endpoint.
 
 **Examples**:
 
-- CLI flag: `-mfa "totp:password=12345"`
-- Environment variable: `export VAULT_MFA="totp:password=12345"`
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
 
 <Note>
 

content/vault/v1.20.x/content/docs/auth/login-mfa/index.mdx

@@ -112,6 +112,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.

content/vault/v1.20.x/content/partials/global-settings/both/mfa.mdx

@@ -3,14 +3,14 @@
 **`[-mfa | VAULT_MFA] (string : "")`** <EnterpriseAlert inline="true" />
 
 A multi-factor authentication (MFA) credential, in the format
-`mfa_method_name[:key[=value]]`, that the CLI should use to authenticate to
+`mfa_method_id:passcode`, that the CLI should use to authenticate to
 Vault. The CLI adds MFA credentials to the `X-Vault-MFA` header when calling the
 underlying API endpoint.
 
 **Examples**:
 
-- CLI flag: `-mfa "totp:password=12345"`
-- Environment variable: `export VAULT_MFA="totp:password=12345"`
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
 
 <Note>
 

content/vault/v1.21.x (rc)/content/docs/auth/login-mfa/index.mdx

@@ -113,6 +113,11 @@ $ curl \
     http://127.0.0.1:8200/v1/auth/userpass/login/alice
 ```
 
+Use the `-mfa` CLI flag or `VAULT_MFA` environment variable to pass in MFA credentials. For example:
+
+- CLI flag: `-mfa "d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+- Environment variable: `export VAULT_MFA="d16fd3c2-50de-0b9b-eed3-0301dadeca10:695452"`
+
 ### Two-Phase login
 
 The more conventional and prevalent MFA method is a two-request mechanism, also referred to as Two-phase Login MFA.