`kes identity new` returns: '--ip' requires a private key and certificate file

[ramondeklein]

The documentation on https://min.io/docs/kes/tutorials/getting-started states that you need to generate a private key and self-signed certificate using the kes identity new --ip "127.0.0.1" localhost command. However when I run this command with the latest KES version, it shows:

$ kes identity new --ip '127.0.0.1' localhost
Error: '--ip' requires a private key and certificate file. Set the '--cert' and '--key' flag

When running kes identity new --help it shows:

$ kes identity new --help
Usage:
    kes identity new [options] [<subject>]

Options:
    --key <PATH>             Optional path for the private key.
    --cert <PATH>            Optional path for the certificate.

    --ip <IP>                Add <IP> as subject alternative name (SAN). Requires
                             the --key and --cert flags.
    --dns <DOMAIN>           Add <DOMAIN> as subject alternative name (SAN).
                             Requires the --key and --cert flags.
    --expiry <DURATION>      Duration until the certificate expires. (default: 720h)
                             Requires the --key and --cert flags.
    --encrypt                Encrypt the private key with a password. Requires
                             the --key and --cert flags.
    -f, --force              Overwrite an existing private key and/or certificate.

    -h, --help               Print command line options.

Examples:
    $ kes identity new
    $ kes identity new --ip "192.168.0.182" --ip "10.0.0.92" localhost
    $ kes identity new --key server.key --cert server.crt --encrypt --expiry 8760h kes-server.local

Althought the --ip option description shows that the --key and --cert flags need to be specified, the examples don't.

[ravindk89]

https://github.com/minio/kes/blame/master/cmd/kes/identity.go#L252-L253

It looks like this has been the behavior for at least a year? But the example and help output still imply that --key and cert are optional

[aead]

The example is wrong. The following works:

$ kes identity new

$ kes identity new --ip 127.0.0.1 --key private.key --cert public.crt

The example has to be fixed to not include the --ip or also contain a --key and --cert.

[ramondeklein]

I think we need an example that includes --ip. I'll send a PR that adds this to the example. We also need to update https://min.io/docs/kes/tutorials/kes-for-minio to include --key private.key --cert public.crt: