flag.BoolVar(&c.GenerateRoot,"root-gen",true,"Enable the generation of a root key.")
flag.StringVar(&c.RootFile,"root-cert-file","","Path to the root certificate to use.")
flag.StringVar(&c.RootSubject,"root-name","PKCS #11 Smallstep Root","Subject and Issuer of the root certificate.")
flag.StringVar(&c.RootObject,"root-cert-obj","pkcs11:id=7330;object=root-cert","PKCS #11 URI with object id and label to store the root certificate.")
flag.StringVar(&c.RootKeyObject,"root-key-obj","pkcs11:id=7330;object=root-key","PKCS #11 URI with object id and label to store the root key.")
flag.StringVar(&c.RootSubject,"root-name","PKCS #11 Smallstep Root","Subject and Issuer of the root certificate.")
// Option 2: Read root from disk and sign intermediate
flag.StringVar(&c.RootPath,"root-cert-path","root_ca.crt","Location to write the root certificate.")
flag.StringVar(&c.RootFile,"root-cert-file","","Path to the root certificate to use.")
flag.StringVar(&c.KeyFile,"root-key-file","","Path to the root key to use.")
// Option 3: Generate certificate signing request
flag.StringVar(&c.CrtObject,"crt-cert","pkcs11:id=7331;object=intermediate-cert","PKCS #11 URI with object id and label to store the intermediate certificate.")
flag.StringVar(&c.CrtPath,"crt-cert-path","intermediate_ca.crt","Location to write the intermediate certificate.")
flag.StringVar(&c.CrtKeyObject,"crt-key","pkcs11:id=7331;object=intermediate-key","PKCS #11 URI with object id and label to store the intermediate certificate.")
flag.StringVar(&c.CrtSubject,"crt-name","PKCS #11 Smallstep Intermediate","Subject of the intermediate certificate.")
flag.StringVar(&c.CrtKeyPath,"crt-key-path","","Location to write the intermediate private key.")
flag.StringVar(&c.CrtObject,"crt-cert-obj","pkcs11:id=7331;object=intermediate-cert","PKCS #11 URI with object id and label to store the intermediate certificate.")
flag.StringVar(&c.CrtKeyObject,"crt-key-obj","pkcs11:id=7331;object=intermediate-key","PKCS #11 URI with object id and label to store the intermediate certificate.")
// SSH certificates
flag.BoolVar(&c.EnableSSH,"ssh",false,"Enable the creation of ssh keys.")
flag.StringVar(&c.SSHHostKeyObject,"ssh-host-key","pkcs11:id=7332;object=ssh-host-key","PKCS #11 URI with object id and label to store the key used to sign SSH host certificates.")
flag.StringVar(&c.SSHUserKeyObject,"ssh-user-key","pkcs11:id=7333;object=ssh-user-key","PKCS #11 URI with object id and label to store the key used to sign SSH user certificates.")
flag.BoolVar(&c.EnableSSH,"ssh",false,"Enable the creation of ssh keys.")
// Output files
flag.StringVar(&c.RootPath,"root-cert-path","root_ca.crt","Location to write the root certificate.")
flag.StringVar(&c.CrtPath,"crt-cert-path","intermediate_ca.crt","Location to write the intermediate certificate.")
flag.StringVar(&c.CrtKeyPath,"crt-key-path","","Location to write the intermediate private key.")
// Others
flag.BoolVar(&c.NoCerts,"no-certs",false,"Do not store certificates in the module.")
flag.BoolVar(&c.Force,"force",false,"Force the delete of previous keys.")
flag.BoolVar(&c.Extractable,"extractable",false,"Allow export of private keys under wrap.")