Matthew McPherrin

That wouldn’t be very helpful when trying to configure multiple environments at once, as I’d have to configure a dev instance of Boulder just to calculate it for a file....

One case I'd be interested in is supporting processes without native workload support. I'm thinking the user-interaction might look something like this: ``` spiffe --spiffe="spiffe://example.org/pickaworkload" exec -- mysql --ssl-ca=@X509BUNDLE --ssl-cert=@X509SVID...

There's a few ways you might want to specify the paths to files: 1. as command line options, like mysql/curl do, with some syntax like in the comment above 2....

You may also want support for different file formats... eg, `syslog` wants an "openssl CA directory". Java & windows apps often want a .p12 file Some apps want a pkcs1...

Handling rotation: 1. Might want to signal a process (ideally, a child process) 2. Might want to run a command (eg, `sv restart /service/foo` if you're using runit, or some...

This is basically a description of spiffe-helper, but I think it's helpful to re-state what the goals are for a larger tool.

Thanks, those seen like issues we should correct.

> After further investigation, the issue seems to be that container parameters are being altogether. The following invocation should fail, but the invalid parameter goes unnoticed This is a pebble...

I'm sorry, but I can't replicate. ``` % docker run ghcr.io/letsencrypt/pebble:2.5.2 -config /nonexistent Pebble 2024/05/24 15:16:03 Starting Pebble ACME server Reading JSON config file into config structure: open /nonexistent: no...

Thanks, I see the problem now. I think we can both fix the Pebble CLI to error in that case, and also fix the README. In the meantime, you can...