Update flag names

sigstore · Apr 6, 2022 · c52f4b5 · c52f4b5
1 parent fb2f3de
commit c52f4b5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/cmd/app/serve.go b/cmd/app/serve.go
@@ -65,8 +65,8 @@ func newServeCmd() *cobra.Command {
 	cmd.Flags().String("fileca-key", "", "Path to CA encrypted private key")
 	cmd.Flags().String("fileca-key-passwd", "", "Password to decrypt CA private key")
 	cmd.Flags().Bool("fileca-watch", true, "Watch filesystem for updates")
-	cmd.Flags().String("kms-key", "", "KMS key resource path")
-	cmd.Flags().String("cert-chain-path", "", "Path to PEM-encoded CA certificate chain")
+	cmd.Flags().String("kms-resource", "", "KMS key resource path. Must be prefixed with awskms://, azurekms://, gcpkms://, or hashivault://")
+	cmd.Flags().String("kms-cert-chain-path", "", "Path to PEM-encoded CA certificate chain for KMS-backed CA")
 	cmd.Flags().String("host", "0.0.0.0", "The host on which to serve requests")
 	cmd.Flags().String("port", "8080", "The port on which to serve requests")
 
@@ -115,11 +115,11 @@ func runServeCmd(cmd *cobra.Command, args []string) {
 			log.Logger.Fatal("fileca-key-passwd must be set to encryption password for private key file when using fileca")
 		}
 	case "kmsca":
-		if !viper.IsSet("kms-key") {
-			log.Logger.Fatal("kms-key must be set when using kmsca")
+		if !viper.IsSet("kms-resource") {
+			log.Logger.Fatal("kms-resource must be set when using kmsca")
 		}
-		if !viper.IsSet("cert-chain-path") {
-			log.Logger.Fatal("cert-chain-path must be set when using kmsca")
+		if !viper.IsSet("kms-cert-chain-path") {
+			log.Logger.Fatal("kms-cert-chain-path must be set when using kmsca")
 		}
 	case "ephemeralca":
 		// this is a no-op since this is a self-signed in-memory CA for testing
@@ -162,7 +162,7 @@ func runServeCmd(cmd *cobra.Command, args []string) {
 	case "ephemeralca":
 		baseca, err = ephemeralca.NewEphemeralCA()
 	case "kmsca":
-		baseca, err = kmsca.NewKmsCA(cmd.Context(), viper.GetString("kms-key"), viper.GetString("cert-chain-path"))
+		baseca, err = kmsca.NewKmsCA(cmd.Context(), viper.GetString("kms-resource"), viper.GetString("kms-cert-chain-path"))
 	default:
 		err = fmt.Errorf("invalid value for configured CA: %v", baseca)
 	}

diff --git a/pkg/ca/intermediateca/fetch_ca_cert/fetch_ca_cert.go b/pkg/ca/intermediateca/fetch_ca_cert/fetch_ca_cert.go
@@ -41,7 +41,7 @@ import (
 /*
 To run:
 go run pkg/ca/intermediateca/update/fetch_ca_cert.go \
-  --kms-key="gcpkms://projects/<project>/locations/<region>/keyRings/<key-ring>/cryptoKeys/<key>/versions/1" \
+  --kms-resource="gcpkms://projects/<project>/locations/<region>/keyRings/<key-ring>/cryptoKeys/<key>/versions/1" \
   --gcp-ca-parent="projects/<project>/locations/<region>/caPools/<ca-pool>" \
   --output="chain.crt.pem"
 
@@ -50,7 +50,7 @@ You must have the permissions to read the KMS key, and create a certificate in t
 
 var (
 	gcpCaParent = flag.String("gcp-ca-parent", "", "Resource path to GCP CA Service CA")
-	kmsKey      = flag.String("kms-key", "", "Resource path to KMS key, starting with gcpkms://, awskms://, azurekms:// or hashivault://")
+	kmsKey      = flag.String("kms-resource", "", "Resource path to KMS key, starting with gcpkms://, awskms://, azurekms:// or hashivault://")
 	outputPath  = flag.String("output", "", "Path to the output file")
 )
 
@@ -143,7 +143,7 @@ func main() {
 		log.Fatal("gcp-ca-parent must be set")
 	}
 	if *kmsKey == "" {
-		log.Fatal("kms-key must be set")
+		log.Fatal("kms-resource must be set")
 	}
 	if *outputPath == "" {
 		log.Fatal("output must be set")