1
0
mirror of https://github.com/go-acme/lego.git synced 2024-11-28 09:33:13 +02:00

Allow to set EAB kid and hmac via environment variables (#1959)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
This commit is contained in:
ember 2023-07-27 14:07:10 +02:00 committed by GitHub
parent ae7823705e
commit d21706420a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 9 deletions

View File

@ -37,16 +37,19 @@ func CreateFlags(defaultPath string) []cli.Flag {
Usage: "Certificate signing request filename, if an external CSR is to be used.", Usage: "Certificate signing request filename, if an external CSR is to be used.",
}, },
&cli.BoolFlag{ &cli.BoolFlag{
Name: "eab", Name: "eab",
Usage: "Use External Account Binding for account registration. Requires --kid and --hmac.", EnvVars: []string{"LEGO_EAB"},
Usage: "Use External Account Binding for account registration. Requires --kid and --hmac.",
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "kid", Name: "kid",
Usage: "Key identifier from External CA. Used for External Account Binding.", EnvVars: []string{"LEGO_EAB_KID"},
Usage: "Key identifier from External CA. Used for External Account Binding.",
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "hmac", Name: "hmac",
Usage: "MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.", EnvVars: []string{"LEGO_EAB_HMAC"},
Usage: "MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.",
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "key-type", Name: "key-type",

View File

@ -24,9 +24,9 @@ GLOBAL OPTIONS:
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false) --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false)
--email value, -m value Email used for registration and recovery contact. --email value, -m value Email used for registration and recovery contact.
--csr value, -c value Certificate signing request filename, if an external CSR is to be used. --csr value, -c value Certificate signing request filename, if an external CSR is to be used.
--eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) --eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) [$LEGO_EAB]
--kid value Key identifier from External CA. Used for External Account Binding. --kid value Key identifier from External CA. Used for External Account Binding. [$LEGO_EAB_KID]
--hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. --hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. [$LEGO_EAB_HMAC]
--key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384. (default: "ec256") --key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
--filename value (deprecated) Filename of the generated certificate. --filename value (deprecated) Filename of the generated certificate.
--path value Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH] --path value Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH]