Update shared, fix gen-keys, and add IDs to add-pk

go/cmdAddPK.go

@@ -14,6 +14,9 @@ func cmdAddPK() cli.Command[*cfg] {
 		ArgumentsRequired: []string{
 			"name",
 		},
+		ArgumentsOptional: []string{
+			"key ID (default: name)",
+		},
 		Usage: "Generate and add a cryptographic private key to the configuration values.",
 		Run: func(ctx context.Context, args []string, _ cli.Flags, c *cfg) errs.Err {
 			if c.PublicKey.IsNil() {
@@ -25,8 +28,13 @@ func cmdAddPK() cli.Command[*cfg] {
 				return logger.Error(ctx, errs.ErrReceiver.Wrap(err))
 			}
 
-			prv.ID = args[1]
-			pub.ID = args[1]
+			id := args[1]
+			if len(args) == 3 {
+				id = args[2]
+			}
+
+			prv.ID = id
+			pub.ID = id
 
 			if err := c.encryptvalue(ctx, []byte(prv.String()), args[1], pub.String()); err != nil {
 				return logger.Error(ctx, err)

go/main.go

@@ -22,7 +22,7 @@ func m() errs.Err {
 			"encrypt":      cmdEncrypt(),
 			"gen-crt":      cmdGenCrt(),
 			"gen-jwt":      cmdGenJWT(),
-			"gen-key":      cryptolib.GenerateKeys[*cfg](),
+			"gen-keys":     cryptolib.GenKeys[*cfg](),
 			"gen-sig":      cmdGenSig(),
 			"gen-ssh":      cmdGenSSH(),
 			"init":         cmdInit(),

go/main_test.go

@@ -94,8 +94,8 @@ func TestM(t *testing.T) {
 	assert.HasErr(t, err, nil)
 	assert.Equal(t, len(strings.Split(out, "\n")), 20)
 
-	// gen-key
-	out, err = cli.RunMain(m, "\n\n", "gen-key", "encrypt-asymmetric")
+	// gen-keys
+	out, err = cli.RunMain(m, "\n\n", "gen-keys", "encrypt-asymmetric")
 	assert.HasErr(t, err, nil)
 	assert.Equal(t, strings.Contains(out, string(cryptolib.AlgorithmEd25519Private)), true)
 
@@ -198,12 +198,13 @@ func TestM(t *testing.T) {
 	assert.Equal(t, strings.Contains(out, "value=***"), true)
 
 	// add-private-keys
-	out, err = cli.RunMain(m, "", "add-pk", "hello")
+	out, err = cli.RunMain(m, "", "add-pk", "hello", "world")
 	assert.HasErr(t, err, nil)
 	assert.Equal(t, out, "")
 
 	prv1, err := cli.RunMain(m, "123\n123\n", "show-value", "-v", "hello")
 	assert.HasErr(t, err, nil)
+	assert.Equal(t, strings.Split(prv1, ":")[2], "world")
 
 	pub1, err := cli.RunMain(m, "123\n123\n", "show-value", "-c", "hello")
 	assert.HasErr(t, err, nil)

hugo/content/blog/whats-new-202404.md

@@ -0,0 +1,19 @@
+---
+author: Mike
+date: 2024-04-01
+description: Release notes for Rot v2024.04.
+tags:
+  - release
+title: "What's New in Rot: v2024.04"
+type: blog
+---
+
+{{< rot-release version="2024.04" >}}
+
+## Enhancements
+
+- Changed [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) to allow specifying an ID for the keys
+
+## Fixes
+
+- Fixed `rot gen-keys` having inconsistent documentation and usage

hugo/content/docs/guides/generate-certificates.md

@@ -14,7 +14,7 @@ An X.509 certificate is basically a signed hash of a public key and other fields
 
 ## Add Private Keys
 
-You'll need to generate a private key for every certificate, including the CA.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-key`]({{< ref "/docs/references/cli#gen-key" >}}) (printing the keys to stdout).
+You'll need to generate a private key for every certificate, including the CA.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-keys`]({{< ref "/docs/references/cli#gen-keys" >}}) (printing the keys to stdout).
 
 Rot will store the public key in the comment of the encrypted value, we can grab the public key from the comment when we generate certificates.
 

hugo/content/docs/guides/generate-jwts.md

@@ -18,7 +18,7 @@ A JSON Web Token (JWT) is a string containing three parts:
 
 ## Add Private Keys
 
-You'll need to generate a private key to sign the JWT.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-key`]({{< ref "/docs/references/cli#gen-key" >}}) (printing the keys to stdout).
+You'll need to generate a private key to sign the JWT.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-keys`]({{< ref "/docs/references/cli#gen-keys" >}}) (printing the keys to stdout).
 
 Rot will store the public key in the comment of the encrypted value, we can grab the public key from the comment when we verify the JWT.
 

hugo/content/docs/guides/generate-signatures.md

@@ -14,7 +14,7 @@ Cryptographic signatures are signed hashes of a message created by a private key
 
 ## Add Private Keys
 
-You'll need to generate a private key for every certificate, including the CA.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-key`]({{< ref "/docs/references/cli#gen-key" >}}) (printing the keys to stdout).
+You'll need to generate a private key for every certificate, including the CA.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-keys`]({{< ref "/docs/references/cli#gen-keys" >}}) (printing the keys to stdout).
 
 Rot will store the public key in the comment of the encrypted value, we can grab the public key from the comment when we generate certificates.
 

hugo/content/docs/guides/generate-ssh.md

@@ -14,7 +14,7 @@ OpenSSH can use SSH certificate authorities (CA) to authorize user access to ser
 
 ## Add Private Keys
 
-You'll need to generate a private key to create a SSH keypair and an SSH CA to sign the certificates.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-key`]({{< ref "/docs/references/cli#gen-key" >}}) (printing the keys to stdout).
+You'll need to generate a private key to create a SSH keypair and an SSH CA to sign the certificates.  The easiest way to do this is using [`rot add-pk`]({{< ref "/docs/references/cli#add-pk" >}}) (encrypting the keys into Rot) or [`rot gen-keys`]({{< ref "/docs/references/cli#gen-keys" >}}) (printing the keys to stdout).
 
 Rot will store the public key in the comment of the encrypted value, we can grab the public key from the comment when we verify the JWT.
 
@@ -23,7 +23,7 @@ Rot will store the public key in the comment of the encrypted value, we can grab
 We can use Rot to generate a SSH keypair, similar to `ssh-keygen`:
 
 ```bash
-$ rot gen-key | tee >(rot jq -r .privateKey | rot ssh - > id_ed25519 && chmod 0400 id_ed25519) | rot jq -r .publicKey | rot ssh - > id_ed25519.pub
+$ rot gen-keys | tee >(rot jq -r .privateKey | rot ssh - > id_ed25519 && chmod 0400 id_ed25519) | rot jq -r .publicKey | rot ssh - > id_ed25519.pub
 ```
 
 This will generate two files, id_ed25519 containing the SSH private key, and id_ed25519.pub containing the SSH public key.

hugo/content/docs/references/cli.md

@@ -71,7 +71,7 @@ Generate X.509 certificates.  Visit [Generate Certificates]({{< ref "/docs/guide
 
 Generate JSON Web Tokens (JWTs).  Visit [Generate JWTs]({{< ref "/docs/guides/generate-jwts" >}}) for more information.
 
-### `gen-key`
+### `gen-keys`
 
 Generate ad-hoc cryptographic keys.