Add TLDR examples for SSH and TLS sign commands

hsm_secrets/ssh/__init__.py

@@ -59,6 +59,10 @@ def get_ca(ctx: HsmSecretsCtx, get_all: bool, cert_ids: Sequence[str]):
 def sign_ssh_user_key(ctx: HsmSecretsCtx, out: str, ca: str|None, username: str|None, certid: str|None, validity: int, principals: str, extensions: str, keyfile: str):
     """Make and sign an SSH user certificate
 
+    TYPICAL USAGE:
+
+        $ ssh sign-user -u john.doe -p admin,users id_ed25519_sk_jdoe.pub
+
     [keyfile]: file containing the public key to sign (default: stdin)
 
     If --ca is not specified, the default CA key is used (as specified in the config file).
@@ -89,6 +93,10 @@ def sign_ssh_user_key(ctx: HsmSecretsCtx, out: str, ca: str|None, username: str|
 def sign_ssh_host_key(ctx: HsmSecretsCtx, out: str, ca: str|None, hostname: str, validity: int, principals: str|None, keyfile: str):
     """Make and sign an SSH host certificate
 
+    TYPICAL USAGE:
+
+        $ ssh sign-host -H wiki.example.com -p "wiki.*,192.168.80.80" ssh_host_rsa_key.pub
+
     [keyfile]: file containing the public key to sign (default: stdin)
 
     If --ca is not specified, the default CA key is used (as specified in the config file).

hsm_secrets/tls/__init__.py

@@ -35,6 +35,10 @@ def cmd_tls(ctx: click.Context):
 def server_cert(ctx: HsmSecretsCtx, out: click.Path, common_name: str, san_dns: list[str], san_ip: list[str], validity: int, keyfmt: str, sign_crt: str):
     """Create a TLS server certificate + key
 
+    TYPICAL USAGE:
+
+        $ hsm-secrets tls server-cert -o wiki.example.com.pem -c wiki.example.com -d intraweb.example.com
+
     Create a new TLS server certificate for the given CN and (optional) SANs.
     Basic name fields are read from the config file (country, org, etc.)