Skip to content

Accept various CLI options as environment variables #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 25, 2025
+10 −10
Merged

Accept various CLI options as environment variables #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ tokio-rustls = { version = "0.26.4", default-features = false, features = ["ring
sha2 = "0.10.9"
x509-parser = "0.18.0"
thiserror = "2.0.17"
clap = { version = "4.5.51", features = ["derive"] }
clap = { version = "4.5.51", features = ["derive", "env"] }
webpki-roots = "1.0.4"
rustls-pemfile = "2.2.0"
anyhow = "1.0.100"
Expand Down
18 changes: 9 additions & 9 deletions src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,22 +32,22 @@ enum CliCommand {
/// Run a proxy client
Client {
/// Socket address to listen on
#[arg(short, long, default_value = "0.0.0.0:0")]
#[arg(short, long, default_value = "0.0.0.0:0", env = "LISTEN_ADDR")]
listen_addr: SocketAddr,
/// The hostname:port or ip:port of the proxy server (port defaults to 443)
target_addr: String,
/// The path to a PEM encoded private key for client authentication
#[arg(long)]
#[arg(long, env = "TLS_PRIVATE_KEY_PATH")]
tls_private_key_path: Option<PathBuf>,
/// The path to a PEM encoded certificate chain for client authentication
#[arg(long)]
#[arg(long, env = "TLS_CERTIFICATE_PATH")]
tls_certificate_path: Option<PathBuf>,
/// Type of attestaion to present (dafaults to none)
/// If other than None, a TLS key and certicate must also be given
#[arg(long)]
#[arg(long, env = "CLIENT_ATTESTATION_TYPE")]
client_attestation_type: Option<String>,
/// Optional path to file containing JSON measurements to be enforced on the server
#[arg(long)]
#[arg(long, env = "SERVER_MEASUREMENTS")]
server_measurements: Option<PathBuf>,
/// Additional CA certificate to verify against (PEM) Defaults to no additional TLS certs.
#[arg(long)]
Expand All @@ -63,15 +63,15 @@ enum CliCommand {
/// Run a proxy server
Server {
/// Socket address to listen on
#[arg(short, long, default_value = "0.0.0.0:0")]
#[arg(short, long, default_value = "0.0.0.0:0", env = "LISTEN_ADDR")]
listen_addr: SocketAddr,
/// Socket address of the target service to forward traffic to
target_addr: SocketAddr,
/// The path to a PEM encoded private key
#[arg(long)]
#[arg(long, env = "TLS_PRIVATE_KEY_PATH")]
tls_private_key_path: PathBuf,
/// The path to a PEM encoded certificate chain
#[arg(long)]
#[arg(long, env = "TLS_CERTIFICATE_PATH")]
tls_certificate_path: PathBuf,
/// Whether to use client authentication. If the client is running in a CVM this must be
/// enabled.
Expand All @@ -82,7 +82,7 @@ enum CliCommand {
#[arg(long)]
server_attestation_type: Option<String>,
/// Optional path to file containing JSON measurements to be enforced on the client
#[arg(long)]
#[arg(long, env = "CLIENT_MEASUREMENTS")]
client_measurements: Option<PathBuf>,
/// The URL of a PCCS to use when verifying DCAP attestations. Defaults to Intel PCS.
#[arg(long)]
Expand Down