doc: update README

Author: isometry

README.md

@@ -61,21 +61,25 @@ The certificate will be requested with only those extensions required for the cu
 
 ### Examples
 
-The following will request that an existing ed25519 public key be signed by the Vault signer at `https://vault.example.com:8200/v1/ssh-client-signer/sign/default`, with `permit-pty` and `permit-port-forwarding` extensions to support the connection to `host.example.com`:
+The following will request that an existing ed25519 public key be signed by the Vault signer at `https://vault.example.com:8200/v1/ssh-client-signer/sign/default`, with (automatic) `permit-pty` and `permit-port-forwarding` extensions to support the connection to `host.example.com`:
 
 ```console
 $ ssh-add ~/.ssh/id_ed25519
-$ export VAULT_ADDR=https://vault.example.com:8200 VAULT_SSH_PATH=ssh-client-signer VAULT_SSH_MODE=sign
+$ export VAULT_ADDR=https://vault.example.com:8200
+$ export VAULT_SSH_PATH=ssh-client-signer
+$ export VAULT_SSH_ROLE=default
+$ export VAULT_SSH_MODE=sign
 $ vault login
 ...
 $ vssh -L8080:localhost:80 host.example.com
 ...
 ```
 
-The following will request that an ephemeral ecdsa keypair with a 521-bit private key be generated by the Vault issuer at `https://vault.example.com/v1/ssh/issue/root`, and used to run the `id` command on `host2.example.com` as `root`:
+The following will request that an ephemeral ecdsa keypair with a (default) 256-bit private key be generated by the Vault issuer at `https://vault.example.com/v1/ssh/issue/root`, and used to run the `id` command on `host2.example.com` as `root`:
 
 ```console
-$ export VAULT_ADDR=https://vault.example.com VAULT_SSH_KEY_TYPE=ec
+$ export VAULT_ADDR=https://vault.example.com
+$ export VAULT_SSH_KEY_TYPE=ec
 $ vault login
 ...
 $ vssh [email protected] id