Updated documentation.

README.md

@@ -23,10 +23,14 @@ The tool is designed to be used from the command line. It has a simple command s
 lab-ca <command> [options]
 ```
 
-There are two commands available:
+The main commands available are:
 
-- `initca` - initialize a new CA - this command creates a new CA and a self-signed CA certificate.
-- `issue` - issue a new certificate - this command creates a new certificate signed by the CA.
+- `initca`    — Initialize a new CA and create a self-signed CA certificate.
+- `issue`     — Issue a new certificate signed by the CA.
+- `provision` — Provision multiple certificates from a batch file (HCL) in one go.
+- `revoke`    — Revoke a certificate by name or serial number.
+- `crl`       — Generate a Certificate Revocation List (CRL) from revoked certificates.
+- `version`   — Show version information for the tool.
 
 Run the command with `-h` or `--help` or without any arguments to see the usage information. Each command has its own set of options, arguments, and a help message.
 
@@ -70,35 +74,47 @@ The `paths` block defines where the command will store the generated certificate
 
 > **NOTE:** The command does not encrypt private keys. It is not designed to be used in a production environment.
 
-## Certificate Issuance
+## Certificate Issuance and Provisioning
 
-To issue a new certificate, you can use the `issue` command and specify the certificate definition on the command line, or use batch mode and provide a file with certificate definitions.
+To issue a new certificate, you can use the `issue` command and specify the certificate definition on the command line, or use the `provision` command to provide a file with multiple certificate definitions for batch processing.
 
-The definition file also uses HCL syntax. Here is an example of a certificate definition:
+The definition file also uses HCL syntax. Here is an example of a certificate definition file:
 
 ```hcl
 defaults {
-    subject = "{{ .Name }}.example.com"
-    type = "server"
+    subject  = "{{ .Name }}.example.org"
+    type     = "server"
     validity = "1y"
-    san = ["DNS:{{ .Name }}.example.com"]
+    san      = ["DNS:{{ .Name }}.example.org"]
 }
 
-certificate "grafana" {
-    # from default: subject = "{{ .Name }}.example.com" # result: grafana.example.com
-    # from default: type = "server"
-    # from default: validity = "1y"
-    # from default: san = ["DNS:{{ .Name }}.example.com"] # result: [ "DNS:grafana.example.com" ]
+variables = {
+    Domain  = "example.net"
+    Country = "EX"
 }
 
-certificate "loki" {
-    subject = "{{ .Name }}.example.net" # result: loki.example.net
+certificate "service1" {
+    # from default: subject = "{{ .Name }}.example.org"
     # from default: type = "server"
     # from default: validity = "1y"
-    san = ["DNS:{{ .Name }}.example.net"] # result: [ "DNS:loki.example.net" ]
+    # from default: san = ["DNS:{{ .Name }}.example.org"]
+}
+
+certificate "service2" {
+    subject = "{{ .Name }}.example.net"
+    # from default: type = "server"
+    # from default: validity = "1y"
+    san = ["DNS:{{ .Name }}.example.net"]
+}
+
+certificate "service3" {}
+
+certificate "service4" {
+    subject = "{{ .Name }}.{{ .Domain }}"
+    san     = ["DNS:{{ .Name }}.{{ .Domain }}"]
 }
 ```
 
-Values specified in the `defaults` block will be used for all certificates unless overridden in individual certificate definitions. Go-style template syntax is also supported, so you can use `{{ .Name }}` to refer to the certificate name.
+Values specified in the `defaults` block will be used for all certificates unless overridden in individual certificate definitions. Go-style template syntax is also supported, so you can use `{{ .Name }}` to refer to the certificate name, and variables from the `variables` map can be used in templates as well.
 
 You can use DNS or IP SANs for server certificates (`server` and `server-only`), and email SANs for email certificates (`email`). The command will check if the SAN is valid based on the type of certificate.