diff --git a/cmd/cosign/cli/options/fulcio.go b/cmd/cosign/cli/options/fulcio.go index 45312b8eeb1..139731a77ce 100644 --- a/cmd/cosign/cli/options/fulcio.go +++ b/cmd/cosign/cli/options/fulcio.go @@ -41,7 +41,7 @@ func (o *FulcioOptions) AddFlags(cmd *cobra.Command) { "identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted.") cmd.Flags().StringVar(&o.AuthFlow, "fulcio-auth-flow", "", - "fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment.") + "fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. (options) normal|device|token|client_credentials") cmd.Flags().BoolVar(&o.InsecureSkipFulcioVerify, "insecure-skip-verify", false, "skip verifying fulcio published to the SCT (this should only be used for testing).") diff --git a/doc/cosign_attest-blob.md b/doc/cosign_attest-blob.md index a6baddae9f2..f9c50468be0 100644 --- a/doc/cosign_attest-blob.md +++ b/doc/cosign_attest-blob.md @@ -36,7 +36,7 @@ cosign attest-blob [flags] --bundle string write everything required to verify the blob to a FILE --certificate string path to the X.509 certificate in PEM format to include in the OCI Signature --certificate-chain string path to a list of CA X.509 certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate. Included in the OCI Signature - --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. + --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. (options) normal|device|token|client_credentials --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") --hash string hash of blob in hexadecimal (base16). Used if you want to sign an artifact stored elsewhere and have the hash -h, --help help for attest-blob diff --git a/doc/cosign_attest.md b/doc/cosign_attest.md index 27158c333d4..ccd9bd8043f 100644 --- a/doc/cosign_attest.md +++ b/doc/cosign_attest.md @@ -47,7 +47,7 @@ cosign attest [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] --certificate string path to the X.509 certificate in PEM format to include in the OCI Signature --certificate-chain string path to a list of CA X.509 certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate. Included in the OCI Signature - --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. + --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. (options) normal|device|token|client_credentials --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") -h, --help help for attest --identity-token string identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted. diff --git a/doc/cosign_sign-blob.md b/doc/cosign_sign-blob.md index 8bd0c42075a..a53f34e4f9d 100644 --- a/doc/cosign_sign-blob.md +++ b/doc/cosign_sign-blob.md @@ -38,7 +38,7 @@ cosign sign-blob [flags] ``` --b64 whether to base64 encode the output (default true) --bundle string write everything required to verify the blob to a FILE - --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. + --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. (options) normal|device|token|client_credentials --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") -h, --help help for sign-blob --identity-token string identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted. diff --git a/doc/cosign_sign.md b/doc/cosign_sign.md index 584be6cadf0..9e28e10fd25 100644 --- a/doc/cosign_sign.md +++ b/doc/cosign_sign.md @@ -79,7 +79,7 @@ cosign sign [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] --certificate string path to the X.509 certificate in PEM format to include in the OCI Signature --certificate-chain string path to a list of CA X.509 certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate. Included in the OCI Signature - --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. + --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. (options) normal|device|token|client_credentials --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") -h, --help help for sign --identity-token string identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted.