Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kes identity new returns: '--ip' requires a private key and certificate file #466

Closed
ramondeklein opened this issue Jun 11, 2024 · 3 comments · Fixed by #467
Closed

kes identity new returns: '--ip' requires a private key and certificate file #466

ramondeklein opened this issue Jun 11, 2024 · 3 comments · Fixed by #467
Assignees
@aead

Comments

@ramondeklein
Copy link
Contributor

The documentation on https://min.io/docs/kes/tutorials/getting-started states that you need to generate a private key and self-signed certificate using the kes identity new --ip "127.0.0.1" localhost command. However when I run this command with the latest KES version, it shows:

$ kes identity new --ip '127.0.0.1' localhost
Error: '--ip' requires a private key and certificate file. Set the '--cert' and '--key' flag

When running kes identity new --help it shows:

$ kes identity new --help
Usage:
    kes identity new [options] [<subject>]

Options:
    --key <PATH>             Optional path for the private key.
    --cert <PATH>            Optional path for the certificate.

    --ip <IP>                Add <IP> as subject alternative name (SAN). Requires
                             the --key and --cert flags.
    --dns <DOMAIN>           Add <DOMAIN> as subject alternative name (SAN).
                             Requires the --key and --cert flags.
    --expiry <DURATION>      Duration until the certificate expires. (default: 720h)
                             Requires the --key and --cert flags.
    --encrypt                Encrypt the private key with a password. Requires
                             the --key and --cert flags.
    -f, --force              Overwrite an existing private key and/or certificate.

    -h, --help               Print command line options.

Examples:
    $ kes identity new
    $ kes identity new --ip "192.168.0.182" --ip "10.0.0.92" localhost
    $ kes identity new --key server.key --cert server.crt --encrypt --expiry 8760h kes-server.local

Althought the --ip option description shows that the --key and --cert flags need to be specified, the examples don't.
@ramondeklein ramondeklein changed the title kes identity new returns '--ip' requires a private key and certificate file kes identity new returns: '--ip' requires a private key and certificate file Jun 11, 2024
@ravindk89
Copy link

ravindk89 commented Jun 11, 2024
edited
Loading

https://github.com/minio/kes/blame/master/cmd/kes/identity.go#L252-L253

It looks like this has been the behavior for at least a year? But the example and help output still imply that --key and cert are optional

@aead
Copy link
Member

aead commented Jun 11, 2024

The example is wrong.
The following works:

$ kes identity new

$ kes identity new --ip 127.0.0.1 --key private.key --cert public.crt

The example has to be fixed to not include the --ip or also contain a --key and --cert.

@ramondeklein
Copy link
Contributor Author

I think we need an example that includes --ip. I'll send a PR that adds this to the example. We also need to update https://min.io/docs/kes/tutorials/kes-for-minio to include --key private.key --cert public.crt:

image

@ramondeklein ramondeklein linked a pull request Jun 11, 2024 that will close this issue
Fix identity new --ip example #467
Merged
@aead aead closed this as completed in #467 Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aead aead

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix identity new --ip example ramondeklein/kes
3 participants
@ramondeklein @ravindk89 @aead