Spelling

* access
* adminclient
* ampersand
* and
* ascii
* associated
* auto-detected
* browser
* certificate
* certificates
* characters
* command
* compatibility
* consist
* decodes
* digital
* distinguished
* doesn't
* encoded
* encrypted
* encrypting
* entities
* error
* extension
* from the
* from
* github
* herd
* inspecting
* interchangeable
* interchangeably
* issuing
* json
* macos
* mixed
* onboarding
* outer
* parameter
* parses
* password
* preexisting
* processed
* publickey
* reference
* remaining
* renegotiate
* represents
* secrecy
* serialization
* smartypants
* smartypantsable
* subcommand
* subject
* subtle
* suppression
* the
* tidiness
* too-soon
* truststore
* unmarshaling
* use
* wrapping

Signed-off-by: Josh Soref <[email protected]>

Author: jsoref

.github/workflows/release.yml

@@ -47,7 +47,7 @@ jobs:
           prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
 
   goreleaser:
-    name: Upload Assets to Github w/ goreleaser
+    name: Upload Assets to GitHub w/ goreleaser
     runs-on: ubuntu-latest
     needs: create_release
     steps:
@@ -177,12 +177,12 @@ jobs:
           token: ${{ secrets.DOCS_PAT }}
           path: './docs'
       - name: Update Reference
-        id: update_refrence
+        id: update_reference
         run: |
           ./bin/step help --markdown ./docs/src/pages/docs/step-cli/reference
           cd ./docs
           git config user.email "[email protected]"
-          git config user.name "Github Action CI"
+          git config user.name "GitHub Action CI"
           git add . && git commit -a -m "step-cli ${{ needs.create_release.outputs.vversion }} reference update"
       - name: Push changes
         uses: ad-m/[email protected]

.goreleaser.yml

@@ -169,7 +169,7 @@ release:
     - 📦 [step-cli_{{ .Version }}_amd64.deb](https://dl.step.sm/gh-release/cli/gh-release-header/{{ .Tag }}/step-cli_{{ .Version }}_amd64.deb)
     - 📦 [step-cli_{{ .Version }}_amd64.rpm](https://dl.step.sm/gh-release/cli/gh-release-header/{{ .Tag }}/step-cli_{{ .Version }}_amd64.rpm)
 
-    #### OSX Darwin
+    #### macOS Darwin
 
     - 📦 [step_darwin_{{ .Version }}_amd64.tar.gz](https://dl.step.sm/gh-release/cli/gh-release-header/{{ .Tag }}/step_darwin_{{ .Version }}_amd64.tar.gz)
     - 📦 [step_darwin_{{ .Version }}_arm64.tar.gz](https://dl.step.sm/gh-release/cli/gh-release-header/{{ .Tag }}/step_darwin_{{ .Version }}_arm64.tar.gz)
@@ -212,7 +212,7 @@ release:
   # Defaults to false.
   #disable: true
 
-  # You can add extra pre-existing files to the release.
+  # You can add extra preexisting files to the release.
   # The filename on the release will be the last part of the path (base). If
   # another file with the same name exists, the latest one found will be used.
   # Defaults to empty.

CHANGELOG.md

@@ -163,11 +163,11 @@ to the value of provisioner-password-file flag.
 
 ## [0.0.2]
 ### Added
-- `--bundle` flag to cert/inspect for inpecting all the full chain or bundle
+- `--bundle` flag to cert/inspect for inspecting all the full chain or bundle
 given a path. Default behavior is unchanged; only inspect the first (leaf)
 certificate.
 - distribution.md with documentation on how to create releases.
-- travis build and upload artifacts to Github Releases on tagged pushes.
+- travis build and upload artifacts to GitHub Releases on tagged pushes.
 - logging of invalid http requests to the oauth server
 ### Changed
 - default PEM format encryption alg AES128 -> AES256

Makefile

@@ -91,7 +91,7 @@ define BUNDLE
 	# $(2) -- Binary Output Dir Name
 	# $(3) -- Step Platform Name
 	# $(4) -- Step Binary Architecture
-	# $(5) -- Step Binary Name (For Windows Comaptibility)
+	# $(5) -- Step Binary Name (For Windows Compatibility)
 	$(q) ./make/bundle.sh $(1) "$(BINARY_OUTPUT)$(2)" "$(RELEASE)" "$(VERSION)" "$(3)" "$(4)" "$(5)"
 endef
 

README.md

@@ -27,7 +27,7 @@ Step CLI's command groups illustrate its wide-ranging uses:
 
 - [`step certificate`](https://smallstep.com/docs/step-cli/reference/certificate/): Work with X.509 (TLS/HTTPS) certificates.
   - Create, revoke, validate, lint, and bundle X.509 certificates.
-  - Install (and remove) X.509 certificates into your system's (and brower's) trust store.
+  - Install (and remove) X.509 certificates into your system's (and browser's) trust store.
   - Validate certificate deployment and renewal status for automation
   - Create key pairs (RSA, ECDSA, EdDSA) and certificate signing requests (CSRs)
   - [Sign CSRs](https://smallstep.com/docs/step-cli/reference/certificate/sign/)

autocomplete/README.md

@@ -1,2 +1,2 @@
 ## Deprecated
-The files in this folder are deprecated and will be removed in the future. The prefered way to acces the completion scripts is through `step completion <shell>`.
+The files in this folder are deprecated and will be removed in the future. The prefered way to access the completion scripts is through `step completion <shell>`.

command/README.md

@@ -79,8 +79,8 @@ required, and ensuring they're printed out as a part of the `step help` or
 `step <command> -h` flow. If you need to add a different type of annotation to
 document an argument just add it to the `usage.Argument` struct!
 
-When you add a flag, look into the pre-existing ones inside the `flags`
-package. Could you use one of the pre-existing flags in order to reduce
+When you add a flag, look into the preexisting ones inside the `flags`
+package. Could you use one of the preexisting flags in order to reduce
 duplication? If not, make sure to add a flag so it could be used in future!
 
 The `errs` package contains functionality for defining and working with errors

command/base64/base64.go

@@ -53,7 +53,7 @@ YWJjMTIzJCVeJiooKV8rLT1-Cg==
 '''
 
 Decode an url encoded base64 string. The encoding type can be enforced
-using the '-u' or '-r' flags, but it will be autodetected if they are not
+using the '-u' or '-r' flags, but it will be auto-detected if they are not
 passed:
 '''
 $ echo YWJjMTIzJCVeJiooKV8rLT1-Cg== | step base64 -d

command/ca/ca.go

@@ -74,7 +74,7 @@ $ step ca renew internal.crt internal.key \
 			revokeCertificateCommand(),
 			provisioner.Command(),
 			signCertificateCommand(),
-			rootComand(),
+			rootCommand(),
 			rootsCommand(),
 			federationCommand(),
 			acme.Command(),

command/ca/provisioner/caConfigClient.go

@@ -12,7 +12,7 @@ import (
 	"go.step.sm/linkedca"
 )
 
-// nodb implements the certificates/Admiclient interface with noops.
+// nodb implements the certificates/Adminclient interface with noops.
 type nodb struct{}
 
 func newNoDB() *nodb {
@@ -179,7 +179,7 @@ func (client *caConfigClient) loadProvisioner(opts ...ca.ProvisionerOption) (pro
 		return nil, errors.New("provisioner options must define either ID or Name to remove")
 	}
 
-	return prov, errors.Wrapf(err, "erorr loading provisioner")
+	return prov, errors.Wrapf(err, "error loading provisioner")
 }
 
 func (client *caConfigClient) GetProvisioners(opts ...ca.ProvisionerOption) (provisioner.List, error) {

command/ca/provisioner/provisioner.go

@@ -578,7 +578,7 @@ Use the '--remove-domain' flag multiple times to remove multiple domains.`,
 	}
 	oidcGroupFlag = cli.StringSliceFlag{
 		Name: "group",
-		Usage: `The <group> list used to validate the groups extenstion in an OpenID Connect token.
+		Usage: `The <group> list used to validate the groups extension in an OpenID Connect token.
 Use the '--group' flag multiple times to configure multiple groups.`,
 	}
 	oidcTenantIDFlag = cli.StringFlag{

command/ca/rekey.go

@@ -166,7 +166,7 @@ flag.`,
 			cli.StringFlag{
 				Name: "pid-file",
 				Usage: `The <file> from which to read the process id that will be signaled after the certificate
-has been rekeyed. By default the the SIGHUP (1) signal will be used, but this can be configured with the **--signal**
+has been rekeyed. By default the SIGHUP (1) signal will be used, but this can be configured with the **--signal**
 flag.`,
 			},
 			cli.IntFlag{

command/ca/renew.go

@@ -177,7 +177,7 @@ flag.`,
 			cli.StringFlag{
 				Name: "pid-file",
 				Usage: `The <file> from which to read the process id that will be signaled after the certificate
-has been renewed. By default the the SIGHUP (1) signal will be used, but this can be configured with the **--signal**
+has been renewed. By default the SIGHUP (1) signal will be used, but this can be configured with the **--signal**
 flag.`,
 			},
 			cli.IntFlag{

command/ca/revoke.go

@@ -126,7 +126,7 @@ $ step ca revoke --offline 308893286343609293989051180431574390766
 '''
 
 Revoke a certificate in offline mode using --cert and --key (the cert/key pair
-will be validated against the root and intermediate certifcates configured in
+will be validated against the root and intermediate certificates configured in
 the step CA):
 '''
 $ step ca revoke --offline --cert foo.crt --key foo.key

command/ca/root.go

@@ -16,7 +16,7 @@ import (
 	"go.step.sm/cli-utils/ui"
 )
 
-func rootComand() cli.Command {
+func rootCommand() cli.Command {
 	return cli.Command{
 		Name:   "root",
 		Action: command.ActionFunc(rootAction),

command/certificate/bundle.go

@@ -28,7 +28,7 @@ func bundleCommand() cli.Command {
 : The path to a leaf certificate to bundle with issuing certificate(s).
 
 <ca>
-: The path to the Certificate Authority issusing certificate.
+: The path to the Certificate Authority issuing certificate.
 
 <bundle-file>
 : The path to write the bundle.

command/certificate/install.go

@@ -43,17 +43,17 @@ Install a certificate in all the supported truststores:
 $ step certificate install --all root-ca.pem
 '''
 
-Install a certificate in Firefox and the system trustore:
+Install a certificate in Firefox and the system truststore:
 '''
 $ step certificate install --firefox root--ca.pem
 '''
 
-Install a certificate in Java and the system trustore:
+Install a certificate in Java and the system truststore:
 '''
 $ step certificate install --java root-ca.pem
 '''
 
-Install a certificate in Firefox, Java, but not in the system trustore:
+Install a certificate in Firefox, Java, but not in the system truststore:
 '''
 $ step certificate install --firefox --java --no-system root-ca.pem
 '''`,
@@ -113,12 +113,12 @@ Uninstall a certificate from all the supported truststores:
 $ step certificate uninstall --all root-ca.pem
 '''
 
-Uninstall a certificate from Firefox and the system trustore:
+Uninstall a certificate from Firefox and the system truststore:
 '''
 $ step certificate uninstall --firefox root--ca.pem
 '''
 
-Uninstall a certificate infrom Java and the system trustore:
+Uninstall a certificate from Java and the system truststore:
 '''
 $ step certificate uninstall --java root-ca.pem
 '''

command/certificate/p12.go

@@ -149,7 +149,7 @@ func p12Action(ctx *cli.Context) error {
 
 		// The first certificate in the bundle will be our server cert
 		x509Cert := x509CertBundle[0]
-		// Any remaning certs will be intermediates for the server
+		// Any remaining certs will be intermediates for the server
 		x509CAs = append(x509CAs, x509CertBundle[1:]...)
 
 		pkcs12Data, err = pkcs12.Encode(rand.Reader, key, x509Cert, x509CAs, password)

command/certificate/remote.go

@@ -71,7 +71,7 @@ func getPeerCertificates(addr, serverName, roots string, insecure bool) ([]*x509
 // by the URL prefix is used.
 //
 // Examples:
-// trimURL("https://smallstep.com/onbaording") -> "smallstep.com:443", true, nil
+// trimURL("https://smallstep.com/onboarding") -> "smallstep.com:443", true, nil
 // trimURL("https://ca.smallSTEP.com:8080") -> "ca.smallSTEP.com:8080", true, nil
 // trimURL("./certs/root_ca.crt") -> "", false, nil
 // trimURL("hTtPs://sMaLlStEp.cOm") -> "sMaLlStEp.cOm:443", true, nil

command/crl/inspect.go

@@ -266,7 +266,7 @@ func inspectAction(ctx *cli.Context) error {
 type CRL struct {
 	Version             int                  `json:"version"`
 	SignatureAlgorithm  SignatureAlgorithm   `json:"signature_algorithm"`
-	Issuer              DistinguisedName     `json:"issuer"`
+	Issuer              DistinguishedName    `json:"issuer"`
 	ThisUpdate          time.Time            `json:"this_update"`
 	NextUpdate          time.Time            `json:"next_update"`
 	RevokedCertificates []RevokedCertificate `json:"revoked_certificates"`
@@ -417,8 +417,8 @@ type Signature struct {
 	Reason             string             `json:"reason,omitempty"`
 }
 
-// DistinguisedName is the JSON representation of the CRL issuer.
-type DistinguisedName struct {
+// DistinguishedName is the JSON representation of the CRL issuer.
+type DistinguishedName struct {
 	Country            []string                 `json:"country,omitempty"`
 	Organization       []string                 `json:"organization,omitempty"`
 	OrganizationalUnit []string                 `json:"organizational_unit,omitempty"`
@@ -433,7 +433,7 @@ type DistinguisedName struct {
 }
 
 // String returns the one line representation of the distinguished name.
-func (d DistinguisedName) String() string {
+func (d DistinguishedName) String() string {
 	var parts []string
 	for _, dn := range d.raw {
 		v := strings.ReplaceAll(pkix.RDNSequence{dn}.String(), "\\,", ",")
@@ -442,7 +442,7 @@ func (d DistinguisedName) String() string {
 	return strings.Join(parts, " ")
 }
 
-func newDistinguishedName(seq pkix.RDNSequence) DistinguisedName {
+func newDistinguishedName(seq pkix.RDNSequence) DistinguishedName {
 	var n pkix.Name
 	n.FillFromRDNSequence(&seq)
 
@@ -463,7 +463,7 @@ func newDistinguishedName(seq pkix.RDNSequence) DistinguisedName {
 		}
 	}
 
-	return DistinguisedName{
+	return DistinguishedName{
 		Country:            n.Country,
 		Organization:       n.Organization,
 		OrganizationalUnit: n.OrganizationalUnit,

command/crypto/crypto.go

@@ -74,7 +74,7 @@ risks. That said, many of these factors are beyond the scope of this tool.
    compared to RSA. The strength of these keys is generally considered sufficient
    for the predictable and foreseeable future.
 
-:  Note that for cryptographic protocols that have perfect forward secrecry and
+:  Note that for cryptographic protocols that have perfect forward secrecy and
    only use asymmetric keys for symmetric key negotiation your system will remain
    secure against future threats as long as the keys are large enough that they
    cannot be cracked today. In other words, sizing your keys to protect against
@@ -111,7 +111,7 @@ risks. That said, many of these factors are beyond the scope of this tool.
    opted not to gate non-safe curves**. We've further elected to make **P-256**
    the default curve for EC keys.
 
-:  Still, it is important to be aware of the security risks assocated with their
+:  Still, it is important to be aware of the security risks associated with their
    risk. You should consider using "safe curves" if possible. We may change our
    mind as support for safe curves improves.
 

command/crypto/jwe/encrypt.go

@@ -72,13 +72,13 @@ options must match unless the **--subtle** flag is also passed.
     :  ECDH-ES using Concat KDF and CEK wrapped with "A256KW
 
     **A128GCMKW**
-    :  Key wrappiung with AES GCM using 128-bit key
+    :  Key wrapping with AES GCM using 128-bit key
 
     **A192GCMKW**
-    :  Key wrappiung with AES GCM using 192-bit key
+    :  Key wrapping with AES GCM using 192-bit key
 
     **A256GCMKW** (default for oct keys)
-    :  Key wrappiung with AES GCM using 256-bit key
+    :  Key wrapping with AES GCM using 256-bit key
 
     **PBES2-HS256+A128KW**
     :  PBES2 with HMAC SHA-256 and "A128KW" wrapping

command/crypto/jwe/jwe.go

@@ -39,7 +39,7 @@ parts:
 * Ciphertext: the ciphertext value resulting produced from authenticated
   encryption of the plaintext with additional authenticated data
 
-* Authentication Tag: value resulting fromthe authenticated encryption of
+* Authentication Tag: value resulting from the authenticated encryption of
   the plaintext with additional authenticated data
 
 ## What's with encrypted key?

command/crypto/jwk/create.go

@@ -21,7 +21,7 @@ import (
 const (
 	// 128-bit salt
 	pbkdf2SaltSize = 16
-	// 100k iterations. Nist recommends at least 10k, 1Passsword uses 100k.
+	// 100k iterations. Nist recommends at least 10k, 1Password uses 100k.
 	pbkdf2Iterations = 100000
 )
 
@@ -47,7 +47,7 @@ All flags are optional. Defaults are suitable for most use cases.
 ## POSITIONAL ARGUMENTS
 
 <public-jwk-file>
-:  Path to which the the public JWK should be written
+:  Path to which the public JWK should be written
 
 <private-jwk-file>
 :  Path to which the (JWE encrypted) private JWK should be written

command/crypto/jwk/jwk.go

@@ -19,7 +19,7 @@ JWK Set is a JSON object with a "keys" member whose value is an array of JWKs.
 Cryptographic algorithms and identifiers for used by JWKs are defined by the
 JSON Web Algorithms (JWA) specification in RFC7518. This tool also supports
 extensions defined in standards track RFC8037 defining curve and algorithm
-identifiers for Edwards-curve Digial Signatures.
+identifiers for Edwards-curve Digital Signatures.
 
 JWKs and JWK Sets are used in the JSON Web Signature (JWS; RFC7515) and JSON
 Web Encryption (JWE; RFC7516) specifications for signing and encrypting JSON

command/crypto/jwt/jwt.go

@@ -55,7 +55,7 @@ eyJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tIiwiZXhwIjoxNTM1MjQyNDcyLCJpYXQiOjE1MzI1NjQw
 DlSkxICjk2h1LarwJgXPbXQe7DwpLMOCvWp3I4GMcBP_5_QYPhVNBPQEeTKAUuQjYwlxZ5zVQnyp8ujvyf1Lqw
 '''
 
-Verify the the previous token:
+Verify the previous token:
 '''
 $ echo $TOKEN | step crypto jwt verify --key p256.pub.json --iss "[email protected]" --aud "https://example.com"
 {

command/crypto/jwt/verify.go

@@ -146,7 +146,7 @@ func verifyAction(ctx *cli.Context) error {
 		kid = tok.Headers[0].KeyID
 	}
 
-	// Validate subtled
+	// Validate subtle
 	isSubtle := ctx.Bool("subtle")
 	iss := ctx.String("iss")
 	aud := ctx.String("aud")
@@ -263,7 +263,7 @@ func validateClaimsWithLeeway(ctx *cli.Context, c jose.Claims, e jose.Expected,
 
 	// we're not currently checking the subject
 	if e.Subject != "" && e.Subject != c.Subject {
-		ers = append(ers, "invalid subject subject (sub)")
+		ers = append(ers, "invalid subject (sub)")
 	}
 
 	// we're not currently checking the id

command/crypto/key/format.go

@@ -322,7 +322,7 @@ func parseJWK(ctx *cli.Context, b []byte) (interface{}, error) {
 	// Parse decrypted key
 	var jwk jose.JSONWebKey
 	if err := json.Unmarshal(b, &jwk); err != nil {
-		return nil, errors.Wrap(err, "error unmarshalling key")
+		return nil, errors.Wrap(err, "error unmarshaling key")
 	}
 	if jwk.Key == nil {
 		return nil, errors.New("error parsing key: not found")

command/crypto/nacl/box.go

@@ -286,7 +286,7 @@ func boxOpenAction(ctx *cli.Context) error {
 	copy(pb[:], pub)
 	copy(pv[:], priv)
 
-	// Fixme: if we prepend the nonce in the seal we can use use rawInput[24:]
+	// Fixme: if we prepend the nonce in the seal we can use rawInput[24:]
 	// as the message and rawInput[:24] as the nonce instead of requiring one.
 	raw, ok := box.Open(nil, rawInput, &n, &pb, &pv)
 	if !ok {