Allow to set EAB kid and hmac via environment variables (go-acme#1959)

n0emis · ldez · web-flow · commit d21706420a8b · 2023-07-27T12:07:10.000Z
Co-authored-by: Fernandez Ludovic &lt;ldez@users.noreply.github.com&gt;
diff --git a/cmd/flags.go b/cmd/flags.go
@@ -37,16 +37,19 @@ func CreateFlags(defaultPath string) []cli.Flag {
 			Usage:   "Certificate signing request filename, if an external CSR is to be used.",
 		},
 		&cli.BoolFlag{
-			Name:  "eab",
-			Usage: "Use External Account Binding for account registration. Requires --kid and --hmac.",
+			Name:    "eab",
+			EnvVars: []string{"LEGO_EAB"},
+			Usage:   "Use External Account Binding for account registration. Requires --kid and --hmac.",
 		},
 		&cli.StringFlag{
-			Name:  "kid",
-			Usage: "Key identifier from External CA. Used for External Account Binding.",
+			Name:    "kid",
+			EnvVars: []string{"LEGO_EAB_KID"},
+			Usage:   "Key identifier from External CA. Used for External Account Binding.",
 		},
 		&cli.StringFlag{
-			Name:  "hmac",
-			Usage: "MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.",
+			Name:    "hmac",
+			EnvVars: []string{"LEGO_EAB_HMAC"},
+			Usage:   "MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.",
 		},
 		&cli.StringFlag{
 			Name:    "key-type",
diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml
@@ -24,9 +24,9 @@ GLOBAL OPTIONS:
    --accept-tos, -a                                             By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false)
    --email value, -m value                                      Email used for registration and recovery contact.
    --csr value, -c value                                        Certificate signing request filename, if an external CSR is to be used.
-   --eab                                                        Use External Account Binding for account registration. Requires --kid and --hmac. (default: false)
-   --kid value                                                  Key identifier from External CA. Used for External Account Binding.
-   --hmac value                                                 MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.
+   --eab                                                        Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) [$LEGO_EAB]
+   --kid value                                                  Key identifier from External CA. Used for External Account Binding. [$LEGO_EAB_KID]
+   --hmac value                                                 MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. [$LEGO_EAB_HMAC]
    --key-type value, -k value                                   Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
    --filename value                                             (deprecated) Filename of the generated certificate.
    --path value                                                 Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH]
