From d21706420a8b1133a510b4663316bb570529c18d Mon Sep 17 00:00:00 2001 From: ember <22817873+n0emis@users.noreply.github.com> Date: Thu, 27 Jul 2023 14:07:10 +0200 Subject: [PATCH] Allow to set EAB kid and hmac via environment variables (#1959) Co-authored-by: Fernandez Ludovic --- cmd/flags.go | 15 +++++++++------ docs/data/zz_cli_help.toml | 6 +++--- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/cmd/flags.go b/cmd/flags.go index cc9c1edf..b014a1ff 100644 --- a/cmd/flags.go +++ b/cmd/flags.go @@ -37,16 +37,19 @@ func CreateFlags(defaultPath string) []cli.Flag { Usage: "Certificate signing request filename, if an external CSR is to be used.", }, &cli.BoolFlag{ - Name: "eab", - Usage: "Use External Account Binding for account registration. Requires --kid and --hmac.", + Name: "eab", + EnvVars: []string{"LEGO_EAB"}, + Usage: "Use External Account Binding for account registration. Requires --kid and --hmac.", }, &cli.StringFlag{ - Name: "kid", - Usage: "Key identifier from External CA. Used for External Account Binding.", + Name: "kid", + EnvVars: []string{"LEGO_EAB_KID"}, + Usage: "Key identifier from External CA. Used for External Account Binding.", }, &cli.StringFlag{ - Name: "hmac", - Usage: "MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.", + Name: "hmac", + EnvVars: []string{"LEGO_EAB_HMAC"}, + Usage: "MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.", }, &cli.StringFlag{ Name: "key-type", diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml index b5d9886b..ee7aaabf 100644 --- a/docs/data/zz_cli_help.toml +++ b/docs/data/zz_cli_help.toml @@ -24,9 +24,9 @@ GLOBAL OPTIONS: --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false) --email value, -m value Email used for registration and recovery contact. --csr value, -c value Certificate signing request filename, if an external CSR is to be used. - --eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) - --kid value Key identifier from External CA. Used for External Account Binding. - --hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. + --eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) [$LEGO_EAB] + --kid value Key identifier from External CA. Used for External Account Binding. [$LEGO_EAB_KID] + --hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. [$LEGO_EAB_HMAC] --key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384. (default: "ec256") --filename value (deprecated) Filename of the generated certificate. --path value Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH]