Add --token-file flag to step ca certificate#1625
Open
ohhmkar wants to merge 2 commits into
Open
Conversation
|
|
|
|
github-actions
Bot
added
the
needs triage
There was a problem hiding this comment.
Pull request overview
Adds support for providing a one-time token to step ca certificate via a file path, aligning the certificate issuance workflow with existing token-generation workflows that can write tokens to disk.
Changes:
- Add
--token-fileflag tostep ca certificateand load/trim the token contents from the provided file. - Add basic flag incompatibility checks between
--token-file,--token, and--offline. - Document the new flag in
CHANGELOG.md.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| command/ca/certificate.go | Introduces the --token-file flag and reads the token from disk during certificate issuance. |
| CHANGELOG.md | Notes the addition of --token-file for step ca certificate. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
239
to
+250
| tok := ctx.String("token") | ||
| tokenFile := ctx.String("token-file") | ||
| offline := ctx.Bool("offline") | ||
| sans := ctx.StringSlice("san") | ||
|
|
||
| switch { | ||
| case tok != "" && tokenFile != "": | ||
| return errs.IncompatibleFlagWithFlag(ctx, "token", "token-file") | ||
| case offline && tok != "": | ||
| // offline and token are incompatible because the token is generated before | ||
| // the start of the offline CA. | ||
| return errs.IncompatibleFlagWithFlag(ctx, "offline", "token") | ||
| case offline && tokenFile != "": | ||
| return errs.IncompatibleFlagWithFlag(ctx, "offline", "token-file") |
| if err != nil { | ||
| return err | ||
| } | ||
| tok = strings.TrimSpace(string(b)) |
…y exclusive Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Name of feature:
Add
--token-fileflag to thestep ca certificatecommand.Pain or issue this feature alleviates:
It alleviates the need to manage tokens via STDOUT/STDIN or cumbersome shell variables when automating certificate issuance.
step ca tokenalready supports writing to disk via--output-file, butstep ca certificatelacked a matching parameter to read that token back from disk.Why is this important to the project (if not answered above):
It brings consistency between the
tokenandcertificatecommands, providing a much cleaner UX for programmatic scripted workflows that rely on creating a token in one step and using it in another.Is there documentation on how to use this feature? If so, where?
Addition is noted in CHANGELOG.md and documented in CLI Usage/help
In what environments or workflows is this feature supported?
In what environments or workflows is this feature explicitly NOT supported (if any)?
Logically incompatible with the '--token' and '--offline' flag. Command will return Error
Supporting links/other PRs/issues:
#1435
Fixes #1435
💔Thank you!