From d50e787e0e4cb65f43ef44bb8498d69585a2ea95 Mon Sep 17 00:00:00 2001 From: Tom Proctor Date: Tue, 15 Aug 2023 13:23:35 +0100 Subject: [PATCH] Add comments about optional base64 encoding --- subcommand/injector/flags.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/subcommand/injector/flags.go b/subcommand/injector/flags.go index 52b86090..5b809f50 100644 --- a/subcommand/injector/flags.go +++ b/subcommand/injector/flags.go @@ -61,7 +61,9 @@ type Specification struct { VaultAddr string `split_words:"true"` // VaultCACertBytes is the AGENT_INJECT_VAULT_CACERT_BYTES environment variable. - // Specifies the CA cert to trust for TLS with Vault. + // Specifies the CA cert to trust for TLS with Vault as a PEM-encoded + // certificate or bundle. The multi-line PEM contents may optionally be base64 + // encoded to avoid line breaks. VaultCACertBytes string `envconfig:"AGENT_INJECT_VAULT_CACERT_BYTES"` // ProxyAddr is the AGENT_INJECT_PROXY_ADDR environment variable. @@ -164,7 +166,8 @@ func (c *Command) init() { c.flagSet.StringVar(&c.flagVaultService, "vault-address", "", "Address of the Vault server.") c.flagSet.StringVar(&c.flagVaultCACertBytes, "vault-cacert-bytes", "", - "CA certificate to trust for TLS with Vault, specified as a PEM-encoded certificate or bundle.") + "CA certificate to trust for TLS with Vault, specified as a PEM-encoded certificate or bundle. "+ + "The multi-line PEM contents may optionally be base64 encoded to avoid line breaks.") c.flagSet.StringVar(&c.flagProxyAddress, "proxy-address", "", "HTTP proxy address used to talk to the Vault service.") c.flagSet.StringVar(&c.flagVaultAuthType, "vault-auth-type", agent.DefaultVaultAuthType,