Suggestion: change --tls-cert and --tls-key flags to take a file path

[jschaul]

Usability improvement suggestion: change --tls-cert and --tls-key flags (or, for backward compatibility, introduce --tls-cert-file and --tls-key-file) to take a file path to files storing key and certificate; instead of requiring multi-line strings on the command line.

The reason for that is that passing a one-line string containing \n characters to --tls-cert or --tls-key will be incorrectly written to disk on the concourse web instance, leading to the ATC and grafana not starting up with an error since the tls_cert and tls_key files cannot be parsed. (This can happen, for instance, if someone does something similar to cat config.json | jq .concourse_key to re-use the previous key stored in the config)

Alternatively, a conversion from \n to line breaks could be done before writing the tls_key and tls_cert files on the web nodes.

[crsimmons]

I think this is a good idea. I'll leave it to the team to decide if/when to schedule it though.

In theory it wouldn't be too hard to make the flag validation fail if \n appears in the cert or key.

In the mean time, I think your jq loading example would work if you use the raw-output flag. So jq -r .concourse_key config.json.