Add examples of KMS URIs without the --kms flag

Author: maraino

command/ca/rekey.go

@@ -83,12 +83,16 @@ Rekey a certificate forcing the overwrite of the previous certificate and key
 $ step ca rekey --force internal.crt internal.key
 '''
 
-Rekey a certificate which key is in a KMS, with another from the same KMS:
+Rekey a certificate using a KMS, with another from the same KMS:
+'''
+$ step ca rekey --private-key yubikey:slot-id=9a yubikey.crt yubikey:slot-id=82
+'''
+
+Rekey a certificate using a KMS with the <--kms> flag:
 '''
 $ step ca rekey \
   --kms 'pkcs11:module-path=/usr/local/lib/softhsm/libsofthsm2.so;token=smallstep?pin-value=password' \
-  --private-key 'pkcs11:id=4002'
-  pkcs11.crt 'pkcs11:id=4001'
+  --private-key 'pkcs11:id=4002' pkcs11.crt 'pkcs11:id=4001'
 '''
 
 Rekey a certificate providing the <--ca-url> and <--root> flags:

command/ca/renew.go

@@ -107,6 +107,11 @@ $ step ca renew --mtls=false --force internal.crt internal.key
 
 Renew a certificate which key is in a KMS:
 '''
+$ step ca renew yubikey.crt yubikey:slot-id=9a
+'''
+
+Renew a certificate which key is in a KMS, using the <--kms> flag:
+'''
 $ step ca renew \
   --kms 'pkcs11:module-path=/usr/local/lib/softhsm/libsofthsm2.so;token=smallstep?pin-value=password' \
   pkcs11.crt 'pkcs11:id=4001'

command/certificate/create.go

@@ -330,8 +330,18 @@ $ step certificate create --csr --template csr.tpl --san coyote@acme.corp \
   "Wile E. Coyote" coyote.csr coyote.key
 '''
 
+Create a CSR using <step-kms-plugin>:
+'''
+$ step certificate create --csr --key yubikey:slot-id=9a coyote@acme.corp coyote.csr
+'''
+
 Create a root certificate using <step-kms-plugin>:
 '''
+$ step certificate create --profile root-ca --key yubikey:slot-id=9a 'KMS Root' root_ca.crt
+'''
+
+Create a root certificate using <step-kms-plugin> and the <--kms> flag:
+'''
 $ step kms create \
   --kms 'pkcs11:module-path=/usr/local/lib/softhsm/libsofthsm2.so;token=smallstep?pin-value=password' \
   'pkcs11:id=4000;object=root-key'