Looks like vsh isn't functional when the credentials can't read sys/mounts to auto-discover mounts. When attempting to do an ls on a path that is accessible, it just yields a "Not a valid path" error. In this example, there's a kv2 mount at secrets.

Cannot auto-discover mount backends: Token does not have list permission on sys/mounts
https://myvault.example.com /> ls secrets/subdir/
Not a valid path for operation: /secrets/subdir/

vault kv list can read it just fine however.

I've made a small change to client/client.go to statically set a default mount when none can be auto-discovered:

		mounts["secrets/"] = &api.MountOutput{
			Type:        "kv",
			Options:     map[string]string{"version": "2"},
			Description: "Default KV version 2 mount",
		}

Using this, the commands work just fine. So I think maybe we should be able to set through command-line flag some manual mounts.