[Bug]: `--password-file` in `step ca provisioner add --type JWK` seems to be used for both the provisioning admin and the newly created provisioner

[spacedub]

Steps to Reproduce

step ca provisioner add "newprovisioner" --type JWK --create --admin-subject [email protected] --admin-provisioner "Current provisioner" --password-file admin/password

Your Environment

Smallstep CLI/0.21.0 (darwin/arm64) Release Date: 2022-07-07 01:07 UTC

Expected Behavior

IMHO --password-file should either control which password will be used for the newly created provisioner, OR what is the password of the current provisioner being used.

Actual Behavior

Documentation reads:

      --password-file=file
          The path to the file containing the password to encrypt or decrypt the
          private key

It is not clear from the documentation if this is about the provisioning admin, or the newly created provisioner...

Turns out (unless I messed-up) that this is being used for both.

• clearly here for the newly created provisioner: https://github.com/smallstep/cli/blob/master/command/ca/provisioner/add.go#L420
• and probably here for the provisioning one: https://github.com/smallstep/cli/blob/005920ad4122fa5838c338b567d6584fcc33c1cc/utils/cautils/client.go#L176

Using the same flag for both of these seems quite wrong.

If only, it seems to prevent you from creating a new provisioner non-interactively.

Hope I am making sense and this is not a PEBKAC.

Let me know if you need anything else on this?

Additional Context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).