diff --git a/REFERENCE.md b/REFERENCE.md
new file mode 100644
index 0000000000000000000000000000000000000000..d137c74821975a3aa726fdb54c4cd8aa029851a2
--- /dev/null
+++ b/REFERENCE.md
@@ -0,0 +1,496 @@
+# Reference
+
+<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
+
+## Table of Contents
+
+### Classes
+
+#### Public Classes
+
+* [`cfssl`](#cfssl): Install and configure CFSSL, serve process and CRL generation.
+* [`cfssl::ca::intermediates`](#cfsslcaintermediates): Creates `cfssl::ca::intermediate` defined types.
+* [`cfssl::ca::root`](#cfsslcaroot): Init a selfsigned root authority
+
+#### Private Classes
+
+* `cfssl::goose`: Install a database migration tool used by CFSSL
+
+### Defined types
+
+* [`cfssl::ca::intermediate`](#cfsslcaintermediate): Creates an intermediate authority signed by root authority
+
+### Data types
+
+* [`Cfssl::Authkey`](#cfsslauthkey): Struct representing authentication key used by CFSSL serve during sign requests
+* [`Cfssl::Ca::Key`](#cfsslcakey): Cryptographic algorithm used for creating key pairs.
+* [`Cfssl::Serveconfig`](#cfsslserveconfig): Struct representing CFSSL serve configuration
+* [`Cfssl::Signing::Profile`](#cfsslsigningprofile): Struct describing a profile in CFSSL serve config file.
+* [`Cfssl::Usage`](#cfsslusage): List of usages accepted by CFSSL for X509 certificat
+
+## Classes
+
+### <a name="cfssl"></a>`cfssl`
+
+Install and configure CFSSL, serve process and CRL generation.
+
+#### Examples
+
+#####
+
+```puppet
+class { 'cfssl':
+ rootca_manifest => {
+ cn => 'MYEXEMPLE ROOT CA',
+ subject => {
+ 'C' => 'FR',
+ 'L' => 'MONTPELLIER',
+ 'O' => 'MYEXEMPLE ORG',
+ },
+ },
+ intermediatesca => {
+ 'MYEXEMPLE INTERMDIATE CA' => {
+ subject => {
+ 'C' => 'FR',
+ 'L' => 'MONTPELLIER',
+ 'O' => 'MYEXEMPLE ORG',
+ },
+ },
+ },
+ serve_ca => 'MYEXEMPLE INTERMDIATE CA',
+ crl_manage => true,
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `cfssl` class:
+
+* [`downloadurl`](#downloadurl)
+* [`version`](#version)
+* [`downloadchecksum`](#downloadchecksum)
+* [`checksum_type`](#checksum_type)
+* [`sysuser`](#sysuser)
+* [`sysgroup`](#sysgroup)
+* [`binding_ip`](#binding_ip)
+* [`port`](#port)
+* [`log_level`](#log_level)
+* [`logdir`](#logdir)
+* [`dbname`](#dbname)
+* [`dbuser`](#dbuser)
+* [`dbpassword`](#dbpassword)
+* [`confdir`](#confdir)
+* [`binpath`](#binpath)
+* [`rootca_manifest`](#rootca_manifest)
+* [`intermediatesca`](#intermediatesca)
+* [`serve_config`](#serve_config)
+* [`crl_manage`](#crl_manage)
+* [`crldir`](#crldir)
+* [`crl_expiry`](#crl_expiry)
+* [`crl_gentimer`](#crl_gentimer)
+* [`serve_ca`](#serve_ca)
+
+##### <a name="downloadurl"></a>`downloadurl`
+
+Data type: `Stdlib::HTTPSUrl`
+
+CFSSL download URL
+
+Default value: `'https://github.com/cloudflare/cfssl/releases/download'`
+
+##### <a name="version"></a>`version`
+
+Data type: `String[1]`
+
+Downloaded version of CFSSL binary
+
+Default value: `'1.6.3'`
+
+##### <a name="downloadchecksum"></a>`downloadchecksum`
+
+Data type: `String[1]`
+
+Checksum of CFSSL binary
+
+Default value: `'16b42bfc592dc4d0ba1e51304f466cae7257edec13743384caf4106195ab6047'`
+
+##### <a name="checksum_type"></a>`checksum_type`
+
+Data type: `Enum['md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512']`
+
+Type of checksum used
+
+Default value: `'sha256'`
+
+##### <a name="sysuser"></a>`sysuser`
+
+Data type: `String[1]`
+
+Operating system user account owner of CFSSL files
+
+Default value: `'cfssl'`
+
+##### <a name="sysgroup"></a>`sysgroup`
+
+Data type: `String[1]`
+
+Operating system group owner of CFSSL files
+
+Default value: `'cfssl'`
+
+##### <a name="binding_ip"></a>`binding_ip`
+
+Data type: `Stdlib::IP::Address`
+
+IP adresse binded by CFSSL serve process.
+
+Default value: `'127.0.0.1'`
+
+##### <a name="port"></a>`port`
+
+Data type: `Stdlib::Port`
+
+The port used by CFSSL serve process.
+
+Default value: `8080`
+
+##### <a name="log_level"></a>`log_level`
+
+Data type: `Enum['0','1','2','3','4']`
+
+The loglevel defined for CFSSL serve process.
+
+Default value: `'1'`
+
+##### <a name="logdir"></a>`logdir`
+
+Data type: `Stdlib::Absolutepath`
+
+The directory where log are written.
+
+Default value: `'/var/log/cfssl'`
+
+##### <a name="dbname"></a>`dbname`
+
+Data type: `String[1]`
+
+The name of database used by CFSSL.
+
+Default value: `'db_cfssl'`
+
+##### <a name="dbuser"></a>`dbuser`
+
+Data type: `String[1]`
+
+A Postgresql role used by CFSSL to connect the database.
+
+Default value: `'u_cfssl'`
+
+##### <a name="dbpassword"></a>`dbpassword`
+
+Data type: `String[1]`
+
+A password of the dbuser.
+
+Default value: `'changeme'`
+
+##### <a name="confdir"></a>`confdir`
+
+Data type: `Stdlib::Absolutepath`
+
+The directory where configurations are written.
+
+Default value: `'/etc/cfssl'`
+
+##### <a name="binpath"></a>`binpath`
+
+Data type: `Stdlib::Absolutepath`
+
+The path when CFSSL binaries are.
+
+Default value: `'/usr/local/bin'`
+
+##### <a name="rootca_manifest"></a>`rootca_manifest`
+
+Data type: `Hash`
+
+Manifest defining the root autority.
+
+Default value: `{ cn => 'EXEMPLE ROOT CA', subject => { 'C' => 'FR', 'L' => 'MONTPELLIER', 'O' => 'EXEMPLE ORG', } }`
+
+##### <a name="intermediatesca"></a>`intermediatesca`
+
+Data type: `Hash`
+
+Manifests defining intermediat autorities signed by root autority.
+
+Default value: `{}`
+
+##### <a name="serve_config"></a>`serve_config`
+
+Data type: `Cfssl::Serveconfig`
+
+The configuration of CFSSL serve process.
+
+Default value: `{ signing => { 'default' => { expiry => '1h', usages => ['client auth'] } } }`
+
+##### <a name="crl_manage"></a>`crl_manage`
+
+Data type: `Boolean`
+
+If true a CRL file is generated from the served autority.
+
+Default value: ``false``
+
+##### <a name="crldir"></a>`crldir`
+
+Data type: `Stdlib::Absolutepath`
+
+A directory where the CRL file is written.
+
+Default value: `'/var/cfssl'`
+
+##### <a name="crl_expiry"></a>`crl_expiry`
+
+Data type: `Integer`
+
+A value, in seconds, after which the CRL should expire from the moment of the request
+
+Default value: `604800`
+
+##### <a name="crl_gentimer"></a>`crl_gentimer`
+
+Data type: `String[1]`
+
+
+
+Default value: `'*:00:00'`
+
+##### <a name="serve_ca"></a>`serve_ca`
+
+Data type: `Optional[String[1]]`
+
+The Certificate authority served with CFSSL serve
+
+Default value: ``undef``
+
+### <a name="cfsslcaintermediates"></a>`cfssl::ca::intermediates`
+
+Creates `cfssl::ca::intermediate` defined types.
+
+#### Examples
+
+#####
+
+```puppet
+class { 'cfssl::ca::intermediates':
+ 'MYEXEMPLE INTERMDIATE CA' => {
+ subject => {
+ 'C' => 'FR',
+ 'L' => 'MONTPELLIER',
+ 'O' => 'MYEXEMPLE ORG',
+ },
+ key => {
+ algo => 'ecdsa',
+ size => 256,
+ },
+ },
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `cfssl::ca::intermediates` class:
+
+* [`intermediates`](#intermediates)
+
+##### <a name="intermediates"></a>`intermediates`
+
+Data type: `Hash`
+
+A hash wherethe key is the common name and the value represents a hash
+of `cfssl::ca::intermediate` defined type's parameters.
+
+Default value: `{}`
+
+### <a name="cfsslcaroot"></a>`cfssl::ca::root`
+
+Init a selfsigned root authority
+
+#### Examples
+
+#####
+
+```puppet
+class { 'cfssl::ca::root':
+ cn => 'MYEXEMPLE ROOT CA',
+ subject => {
+ 'C' => 'FR',
+ 'L' => 'MONTPELLIER',
+ 'O' => 'MYEXEMPLE ORG',
+ },
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `cfssl::ca::root` class:
+
+* [`subject`](#subject)
+* [`cn`](#cn)
+* [`expiry`](#expiry)
+* [`key`](#key)
+
+##### <a name="subject"></a>`subject`
+
+Data type: `Hash`
+
+Hash like Subject in X509 that identifies the entity associated
+
+##### <a name="cn"></a>`cn`
+
+Data type: `String[1]`
+
+Common name of authority
+
+##### <a name="expiry"></a>`expiry`
+
+Data type: `String[1]`
+
+Duration of authority
+
+Default value: `'43800h'`
+
+##### <a name="key"></a>`key`
+
+Data type: `Cfssl::Ca::Key`
+
+Cryptographic algorithm used for creating key pairs.
+
+Default value: `{ algo => 'rsa', size => 2048 }`
+
+## Defined types
+
+### <a name="cfsslcaintermediate"></a>`cfssl::ca::intermediate`
+
+Creates an intermediate authority signed by root authority
+
+#### Examples
+
+#####
+
+```puppet
+cfssl::ca::intermediate { 'MYEXEMPLE INTERMDIATE CA':
+ subject => {
+ 'C' => 'FR',
+ 'L' => 'MONTPELLIER',
+ 'O' => 'MYEXEMPLE ORG',
+ },
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `cfssl::ca::intermediate` defined type:
+
+* [`subject`](#subject)
+* [`expiry`](#expiry)
+* [`key`](#key)
+
+##### <a name="subject"></a>`subject`
+
+Data type: `Hash`
+
+Hash like Subject in X509 that identifies the entity associated
+
+Default value: `{ 'C' => 'FR', 'L' => 'MONTPELLIER', 'O' => 'EXEMPLE ORG', }`
+
+##### <a name="expiry"></a>`expiry`
+
+Data type: `String[1]`
+
+Duration of authority
+
+Default value: `'26280h'`
+
+##### <a name="key"></a>`key`
+
+Data type: `Cfssl::Ca::Key`
+
+Cryptographic algorithm used for creating key pairs.
+
+Default value: `{ algo => 'rsa', size => 2048 }`
+
+## Data types
+
+### <a name="cfsslauthkey"></a>`Cfssl::Authkey`
+
+Struct representing authentication key used by CFSSL serve during sign requests
+
+Alias of
+
+```puppet
+Struct[{
+ type => Enum['standard'],
+ key => String[1],
+}]
+```
+
+### <a name="cfsslcakey"></a>`Cfssl::Ca::Key`
+
+Cryptographic algorithm used for creating key pairs.
+
+Alias of
+
+```puppet
+Struct[{
+ algo => Enum['rsa','ecdsa'],
+ size => Integer,
+}]
+```
+
+### <a name="cfsslserveconfig"></a>`Cfssl::Serveconfig`
+
+Struct representing CFSSL serve configuration
+
+Alias of
+
+```puppet
+Struct[{
+ auth_keys => Optional[Hash[String,Cfssl::Authkey]],
+ signing => Struct[{
+ 'default' => Cfssl::Signing::Profile,
+ profiles => Optional[Hash[String,Cfssl::Signing::Profile]],
+ }],
+}]
+```
+
+### <a name="cfsslsigningprofile"></a>`Cfssl::Signing::Profile`
+
+Struct describing a profile in CFSSL serve config file.
+
+Alias of
+
+```puppet
+Struct[{
+ expiry => String[1],
+ usages => Array[Cfssl::Usage],
+ crl_url => Optional[Stdlib::HTTPUrl],
+ ocsp_url => Optional[Stdlib::HTTPUrl],
+ not_before => Optional[String[1]],
+ not_after => Optional[String[1]],
+ name_whitelist => Optional[String[1]],
+ auth_key => Optional[String[1]],
+}]
+```
+
+### <a name="cfsslusage"></a>`Cfssl::Usage`
+
+List of usages accepted by CFSSL for X509 certificat
+
+Alias of
+
+```puppet
+Enum['signing', 'digital signature', 'content commitment', 'key encipherment', 'key agreement', 'data encipherment', 'cert sign', 'crl sign', 'encipher only', 'decipher only', 'any', 'server auth', 'client auth', 'code signing', 'email protection', 's/mime', 'ipsec end system', 'ipsec tunnel', 'ipsec user', 'timestamping', 'ocsp signing', 'microsoft sgc', 'netscape sgc']
+```
+
diff --git a/manifests/ca/intermediate.pp b/manifests/ca/intermediate.pp
index 303e71c09f030efd4df75c8d7e4933d835755ace..68f1d20f26f4de7f0bc51c9f766c8c6fd0709135 100644
--- a/manifests/ca/intermediate.pp
+++ b/manifests/ca/intermediate.pp
@@ -1,9 +1,20 @@
-# @summary A short summary of the purpose of this defined type.
+# @summary Creates an intermediate authority signed by root authority
#
-# A description of what this defined type does
+# Creates an intermediate authority signed by root authority
#
# @example
-# cfssl::ca::intermediate { 'namevar': }
+# cfssl::ca::intermediate { 'MYEXEMPLE INTERMDIATE CA':
+# subject => {
+# 'C' => 'FR',
+# 'L' => 'MONTPELLIER',
+# 'O' => 'MYEXEMPLE ORG',
+# },
+# }
+#
+# @param subject Hash like Subject in X509 that identifies the entity associated
+# @param expiry Duration of authority
+# @param key Cryptographic algorithm used for creating key pairs.
+#
define cfssl::ca::intermediate (
Hash $subject = { 'C' => 'FR', 'L' => 'MONTPELLIER', 'O' => 'EXEMPLE ORG', },
String[1] $expiry = '26280h',
diff --git a/manifests/ca/intermediates.pp b/manifests/ca/intermediates.pp
index 4269d89f27088dd504ccc50e8df6643a061d06ee..1a771b0ae7256e5ffb586d151a040bf61b150a80 100644
--- a/manifests/ca/intermediates.pp
+++ b/manifests/ca/intermediates.pp
@@ -1,9 +1,26 @@
-# @summary A short summary of the purpose of this class
+# @summary Creates `cfssl::ca::intermediate` defined types.
#
-# A description of what this class does
+# Creates `cfssl::ca::intermediate` defined types.
#
# @example
-# include cfssl::ca::intermediates
+# class { 'cfssl::ca::intermediates':
+# 'MYEXEMPLE INTERMDIATE CA' => {
+# subject => {
+# 'C' => 'FR',
+# 'L' => 'MONTPELLIER',
+# 'O' => 'MYEXEMPLE ORG',
+# },
+# key => {
+# algo => 'ecdsa',
+# size => 256,
+# },
+# },
+# }
+#
+# @param intermediates
+# A hash wherethe key is the common name and the value represents a hash
+# of `cfssl::ca::intermediate` defined type's parameters.
+#
class cfssl::ca::intermediates (
Hash $intermediates = {},
) {
diff --git a/manifests/ca/root.pp b/manifests/ca/root.pp
index 4bf94421f9046f5f519312fff721fcf52f3a93d3..bb2e048d96b5c45f63bb9d21b13e0dc42894dc61 100644
--- a/manifests/ca/root.pp
+++ b/manifests/ca/root.pp
@@ -1,9 +1,21 @@
-# @summary A short summary of the purpose of this class
+# @summary Init a selfsigned root authority
#
-# A description of what this class does
+# Init a selfsigned root authority
#
# @example
-# include cfssl::ca::root
+# class { 'cfssl::ca::root':
+# cn => 'MYEXEMPLE ROOT CA',
+# subject => {
+# 'C' => 'FR',
+# 'L' => 'MONTPELLIER',
+# 'O' => 'MYEXEMPLE ORG',
+# },
+# }
+#
+# @param subject Hash like Subject in X509 that identifies the entity associated
+# @param cn Common name of authority
+# @param expiry Duration of authority
+# @param key Cryptographic algorithm used for creating key pairs.
#
class cfssl::ca::root (
Hash $subject,
diff --git a/manifests/goose.pp b/manifests/goose.pp
index 80162a6b9cbfe083df24d41abd327773eb18d9c1..363e106f8638c7688bffd63d5544fe5c081eb24d 100644
--- a/manifests/goose.pp
+++ b/manifests/goose.pp
@@ -1,10 +1,14 @@
-# @summary A short summary of the purpose of this class
+# @summary Install a database migration tool used by CFSSL
#
-# A description of what this class does
+# Install a database migration tool used by CFSSL
#
# @example
# include cfssl::goose
+#
+# @api private
+#
class cfssl::goose {
+ assert_private()
# stuffs for goose : a database migration tool used by CFSSL
package { 'golang-1.16':
ensure => present,
diff --git a/manifests/init.pp b/manifests/init.pp
index bdc5dcb6418ffa9e2a9f705db141266eb3b7180c..5c3f5251aad5c9b2be156ecc23404a60ca6c1961 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,14 +1,55 @@
-# @summary A short summary of the purpose of this class
+# @summary Install and configure CFSSL, serve process and CRL generation.
#
-# A description of what this class does
+# Install and configure CFSSL, serve process and CRL generation.
#
# @example
-# include cfssl
+# class { 'cfssl':
+# rootca_manifest => {
+# cn => 'MYEXEMPLE ROOT CA',
+# subject => {
+# 'C' => 'FR',
+# 'L' => 'MONTPELLIER',
+# 'O' => 'MYEXEMPLE ORG',
+# },
+# },
+# intermediatesca => {
+# 'MYEXEMPLE INTERMDIATE CA' => {
+# subject => {
+# 'C' => 'FR',
+# 'L' => 'MONTPELLIER',
+# 'O' => 'MYEXEMPLE ORG',
+# },
+# },
+# },
+# serve_ca => 'MYEXEMPLE INTERMDIATE CA',
+# crl_manage => true,
+# }
#
+# @param downloadurl CFSSL download URL
+# @param version Downloaded version of CFSSL binary
+# @param downloadchecksum Checksum of CFSSL binary
+# @param checksum_type Type of checksum used
+# @param sysuser Operating system user account owner of CFSSL files
+# @param sysgroup Operating system group owner of CFSSL files
+# @param binding_ip IP adresse binded by CFSSL serve process.
+# @param port The port used by CFSSL serve process.
+# @param log_level The loglevel defined for CFSSL serve process.
+# @param logdir The directory where log are written.
+# @param dbname The name of database used by CFSSL.
+# @param dbuser A Postgresql role used by CFSSL to connect the database.
+# @param dbpassword A password of the dbuser.
+# @param confdir The directory where configurations are written.
+# @param binpath The path when CFSSL binaries are.
+# @param rootca_manifest Manifest defining the root autority.
+# @param intermediatesca Manifests defining intermediat autorities signed by root autority.
+# @param serve_config The configuration of CFSSL serve process.
+# @param crl_manage If true a CRL file is generated from the served autority.
+# @param crldir A directory where the CRL file is written.
# @param crl_expiry A value, in seconds, after which the CRL should expire from the moment of the request
+# @param crl_gentimer
+# @param serve_ca The Certificate authority served with CFSSL serve
#
class cfssl (
- Hash $rootca_manifest = { cn => 'EXEMPLE ROOT CA', subject => { 'C' => 'FR', 'L' => 'MONTPELLIER', 'O' => 'EXEMPLE ORG', } },
Stdlib::HTTPSUrl $downloadurl = 'https://github.com/cloudflare/cfssl/releases/download',
String[1] $version = '1.6.3',
String[1] $downloadchecksum = '16b42bfc592dc4d0ba1e51304f466cae7257edec13743384caf4106195ab6047',
@@ -24,12 +65,13 @@ class cfssl (
String[1] $dbpassword = 'changeme',
Stdlib::Absolutepath $confdir = '/etc/cfssl',
Stdlib::Absolutepath $binpath = '/usr/local/bin',
+ Hash $rootca_manifest = { cn => 'EXEMPLE ROOT CA', subject => { 'C' => 'FR', 'L' => 'MONTPELLIER', 'O' => 'EXEMPLE ORG', } },
+ Hash $intermediatesca = {},
Cfssl::Serveconfig $serve_config = { signing => { 'default' => { expiry => '1h', usages => ['client auth'] } } },
Boolean $crl_manage = false,
Stdlib::Absolutepath $crldir = '/var/cfssl',
Integer $crl_expiry = 604800,
String[1] $crl_gentimer = '*:00:00',
- Hash $intermediatesca = {},
Optional[String[1]] $serve_ca = undef,
) {
include cfssl::goose
diff --git a/types/authkey.pp b/types/authkey.pp
index c1059d89e5669a109a876b331fe75859abbbd91f..567817c507dda1eee752d58dfe0c50825d1853d0 100644
--- a/types/authkey.pp
+++ b/types/authkey.pp
@@ -1,3 +1,4 @@
+# @summary Struct representing authentication key used by CFSSL serve during sign requests
type Cfssl::Authkey = Struct[{
type => Enum['standard'],
key => String[1],
diff --git a/types/ca/key.pp b/types/ca/key.pp
index de2ee109d1876671c0ce6ae88477c698071a1b7a..155df6b3d914d00d80b9c601af04c36a0e76c151 100644
--- a/types/ca/key.pp
+++ b/types/ca/key.pp
@@ -1,3 +1,4 @@
+# @summary Cryptographic algorithm used for creating key pairs.
type Cfssl::Ca::Key = Struct[{
algo => Enum['rsa','ecdsa'],
size => Integer,
diff --git a/types/serveconfig.pp b/types/serveconfig.pp
index 66761cdcea2651d2df522ff0cc4ae796dee34949..05b8fc58c67cc3824fb59bd464d0b8541385854f 100644
--- a/types/serveconfig.pp
+++ b/types/serveconfig.pp
@@ -1,3 +1,4 @@
+# @summary Struct representing CFSSL serve configuration
type Cfssl::Serveconfig = Struct[{
auth_keys => Optional[Hash[String,Cfssl::Authkey]],
signing => Struct[{
diff --git a/types/serveconfig.pp.save b/types/serveconfig.pp.save
deleted file mode 100644
index 1e4d42fd05bf0d4d82e6607245452519f303bc05..0000000000000000000000000000000000000000
--- a/types/serveconfig.pp.save
+++ /dev/null
@@ -1,7 +0,0 @@
-type Cfssl::Serveconfig = Struct[{
- auth_keys => Optional[Hash[String,Cfssl::Authkey]],
- signing => Struct[{
- default => Hash,
- profiles => Optional[Hash[String,Cfssl::Signing::Profile]],
- }],
-}]
diff --git a/types/serveconfig.pp.works b/types/serveconfig.pp.works
deleted file mode 100644
index d74e90741b903e5e1841d901b2753f5ea54fdc69..0000000000000000000000000000000000000000
--- a/types/serveconfig.pp.works
+++ /dev/null
@@ -1,5 +0,0 @@
-type Cfssl::Serveconfig = Struct[{
- signing => Struct[{
- defkiki => Cfssl::Signing::Profile,
- }],
-}]
diff --git a/types/signing/profile.pp b/types/signing/profile.pp
index f79196e820370210618307d8f078a461dfcd4db3..8b78f58f39ec107561f2e7ea4d08c87a8f0c016f 100644
--- a/types/signing/profile.pp
+++ b/types/signing/profile.pp
@@ -1,3 +1,4 @@
+# @summary Struct describing a profile in CFSSL serve config file.
type Cfssl::Signing::Profile = Struct[{
expiry => String[1],
usages => Array[Cfssl::Usage],
diff --git a/types/usage.pp b/types/usage.pp
index e628b1331dd9297be7122a4c7a10cb6ccab89f33..bc151cd22ef319a93c721adac711249aa78ea0b5 100644
--- a/types/usage.pp
+++ b/types/usage.pp
@@ -1,3 +1,4 @@
+# @summary List of usages accepted by CFSSL for X509 certificat
type Cfssl::Usage = Enum[
'signing',
'digital signature',