Support more secure env var method for passing inputs to signer tool

psiphon/common/protocol/signer/README.md

@@ -3,8 +3,15 @@
 Example usage:
 
 ```
-./signer -server-entry $ENCODED_SERVER_ENTRY -public-key $PUBLIC_KEY -private-key $PRIVATE_KEY sign
+./signer -server-entry <...> -public-key <...> -private-key <...> sign
+```
+
+or:
+
+```
+SIGNER_SERVER_ENTRY=<...> SIGNER_PUBLIC_KEY=<...> SIGNER_PRIVATE_KEY=<...> ./signer sign
 ```
 
 * Signer is a tool that adds signatures to encoded server entries (`sign` mode) and generates signing key pairs (`generate` mode).
 * In `sign` mode, the output is an copy of the input encoded server entry with an additional `signature` field.
+* Inputs may be provided as either command line flags or environment variables.

psiphon/common/protocol/signer/main.go

@@ -56,6 +56,21 @@ func main() {
 		command = args[0]
 	}
 
+	envPublicKey := os.Getenv("SIGNER_PUBLIC_KEY")
+	if envPublicKey != "" {
+		publicKey = envPublicKey
+	}
+
+	envPrivateKey := os.Getenv("SIGNER_PRIVATE_KEY")
+	if envPrivateKey != "" {
+		privateKey = envPrivateKey
+	}
+
+	envEncodedServerEntry := os.Getenv("SIGNER_SERVER_ENTRY")
+	if envEncodedServerEntry != "" {
+		encodedServerEntry = envEncodedServerEntry
+	}
+
 	var err error
 	switch command {
 	case "generate":