[fix] Use lowercase for positional argument placeholders

README.md

@@ -260,7 +260,7 @@ dev oidc:"https://acme.com/groups":developer https://login.microsoftonline.com/9
 
 To add new rule run:
 
-`sudo opkssh add {USER} {EMAIL/SUB/GROUP} {ISSUER}`
+`sudo opkssh add <user> <email/sub/group> <issuer>`
 
 These `auth_id` files can be edited by hand or you can use the add command to add new policies.
 For convenience you can use the shorthand `google` or `azure` rather than specifying the entire issuer.
@@ -320,16 +320,16 @@ AuthorizedKeysCommandUser opksshuser
 To log in using a custom OpenID Provider, run:
 
 ```bash
-opkssh login --provider="{ISSUER},{CLIENT_ID}"
+opkssh login --provider="<issuer>,<client_id>"
 ```
 
 or in the rare case that a client secret is required by the OpenID Provider:
 
 ```bash
-opkssh login --provider="{ISSUER},{CLIENT_ID},{CLIENT_SECRET},{SCOPES}"
+opkssh login --provider="<issuer>,<client_id>,<client_secret>,<scopes>"
 ```
 
-where ISSUER, CLIENT_ID and CLIENT_SECRET correspond to the issuer client ID and client secret of the custom OpenID Provider.
+where issuer, client_id and client_secret correspond to the issuer client ID and client secret of the custom OpenID Provider.
 
 For example if the issuer is `https://authentik.local/application/o/opkssh/` and the client ID was `ClientID123`:
 
@@ -524,5 +524,4 @@ For integration tests run:
 - [CONTRIBUTING.md](https://github.com/openpubkey/opkssh/blob/main/CONTRIBUTING.md) Guide to contributing to opkssh (includes developer help).
 - [docs/gitlab-selfhosted.md](docs/gitlab-selfhosted.md) Guide on configuring and using a self hosted GitLab instance with opkssh.
 - [docs/paramiko.md](docs/paramiko.md) Guide to using the python SSH paramiko library with opkssh.
-- [docs/putty.md](docs/putty.md) Guide to using PuTTY with opkssh.
-
+- [docs/putty.md](docs/putty.md) Guide to using PuTTY with opkssh.

docs/config.md

@@ -151,7 +151,7 @@ dev oidc-match-end:email:@example.com https://login.microsoftonline.com/9188040d
 
 These `auth_id` files can be edited by hand or you can use the add command to add new policies. The add command has the following syntax.
 
-`sudo opkssh add {USER} {EMAIL|SUB|CLAIM} {ISSUER}`
+`sudo opkssh add <user> <email|sub|claim> <issuer>`
 
 For convenience you can use the shorthand `google`, `azure`, `gitlab` rather than specifying the entire issuer.
 This is especially useful in the case of azure where the issuer contains a long and hard to remember random string.

main.go

@@ -75,16 +75,16 @@ This program allows users to:
 
 	addCmd := &cobra.Command{
 		SilenceUsage: true,
-		Use:          "add <PRINCIPAL> <EMAIL|SUB|GROUP> <ISSUER>",
+		Use:          "add <principal> <email|sub|group> <issuer>",
 		Short:        "Appends new rule to the policy file",
 		Long: `Add appends a new policy entry in the auth_id policy file granting SSH access to the specified email or subscriber ID (sub) or group.
 
 It first attempts to write to the system-wide file (/etc/opk/auth_id). If it lacks permissions to update this file it falls back to writing to the user-specific file (~/.opk/auth_id).
 
 Arguments:
-  PRINCIPAL            The target user account (requested principal).
-  EMAIL|SUB|GROUP      Email address, subscriber ID or group authorized to assume this principal. If using an OIDC group, the argument needs to be in the format of oidc:groups:<groupId>.
-  ISSUER               OpenID Connect provider (issuer) URL associated with the email/sub/group.
+  principal            The target user account (requested principal).
+  email|sub|group      Email address, subscriber ID or group authorized to assume this principal. If using an OIDC group, the argument needs to be in the format of oidc:groups:<groupId>.
+  issuer               OpenID Connect provider (issuer) URL associated with the email/sub/group.
 `,
 		Args: cobra.ExactArgs(3),
 		Example: `  opkssh add root alice@example.com https://accounts.google.com
@@ -208,9 +208,9 @@ Arguments:
 
 	readhomeCmd := &cobra.Command{
 		SilenceUsage: true,
-		Use:          "readhome <PRINCIPAL>",
+		Use:          "readhome <principal>",
 		Short:        "Read the principal's home policy file",
-		Long: `Read the principal's policy file (/home/<PRINCIPAL>/.opk/auth_id).
+		Long: `Read the principal's policy file (/home/<principal>/.opk/auth_id).
 
 You should not call this command directly. It is called by the opkssh verify command as part of the AuthorizedKeysCommand process to read the user's policy  (principals) home file (~/.opk/auth_id) with sudoer permissions. This allows us to use an unprivileged user as the AuthorizedKeysCommand user.
 `,
@@ -232,7 +232,7 @@ You should not call this command directly. It is called by the opkssh verify com
 	var serverConfigPathArg string
 	verifyCmd := &cobra.Command{
 		SilenceUsage: true,
-		Use:          "verify <PRINCIPAL> <CERT> <KEY_TYPE>",
+		Use:          "verify <principal> <cert> <key_type>",
 		Short:        "Verify an SSH key (used by sshd AuthorizedKeysCommand)",
 		Long: `Verify extracts a PK token from a base64-encoded SSH certificate and verifies it against policy. It expects an allowed provider file at /etc/opk/providers and a user policy file at either /etc/opk/auth_id or ~/.opk/auth_id.
 
@@ -256,9 +256,9 @@ Verification checks performed:
 If all checks pass, Verify authorizes the SSH connection.
 
 Arguments:
-  PRINCIPAL    Target username.
-  CERT         Base64-encoded SSH certificate.
-  KEY_TYPE     SSH certificate key type (e.g., ecdsa-sha2-nistp256-cert-v01@openssh.com)`,
+  principal    Target username.
+  cert         Base64-encoded SSH certificate.
+  key_type     SSH certificate key type (e.g., ecdsa-sha2-nistp256-cert-v01@openssh.com)`,
 		Args:    cobra.ExactArgs(3),
 		Example: `  opkssh verify root <base64-encoded-cert> ecdsa-sha2-nistp256-cert-v01@openssh.com`,
 		RunE: func(cmd *cobra.Command, args []string) error {

scripts/installing.md

@@ -83,7 +83,7 @@ If you do not have root access, you can create a new auth_id file in at ~/auth_i
 sudo touch /etc/opk/auth_id
 sudo chown root:opksshuser /etc/opk/auth_id
 sudo chmod 640 /etc/opk/auth_id
-sudo opkssh add {USER} {EMAIL} {ISSUER}
+sudo opkssh add <user> <email> <issuer>
 ```
 
 **4: Configure sshd to use opkssh.** Check which configuration file is active.