Minor tweaks for online docs.

command/crypto/hash/hash.go

@@ -101,29 +101,30 @@ For examples, see **step help crypto hash**.
 
 : <algorithm> must be one of:
 
-    **sha1** (or sha)
+		**sha1** (or sha)
-    :  SHA-1 produces a 160-bit hash value
+		:  SHA-1 produces a 160-bit hash value
 
-    **sha224**
+		**sha224**
-    :  SHA-224 produces a 224-bit hash value
+		:  SHA-224 produces a 224-bit hash value
 
-    **sha256** (default)
+		**sha256** (default)
-    :  SHA-256 produces a 256-bit hash value
+		:  SHA-256 produces a 256-bit hash value
 
-    **sha384**
+		**sha384**
-    :  SHA-384 produces a 384-bit hash value
+		:  SHA-384 produces a 384-bit hash value
 
-    **sha512**
+		**sha512**
-    :  SHA-512 produces a 512-bit hash value
+		:  SHA-512 produces a 512-bit hash value
 
-    **sha512-224**
+		**sha512-224**
-    :  SHA-512/224 uses SHA-512 and truncates the output to 224 bits
+		:  SHA-512/224 uses SHA-512 and truncates the output to 224 bits
 
-    **sha512-256**
+		**sha512-256**
-    :  SHA-512/256 uses SHA-512 and truncates the output to 256 bits
+		:  SHA-512/256 uses SHA-512 and truncates the output to 256 bits
 
-    **md5** (requires --insecure)
+		**md5** (requires --insecure)
-    :  MD5 produces a 128-bit hash value`,
+		:  MD5 produces a 128-bit hash value
+`,
 			},
 			cli.BoolFlag{
 				Name:   "insecure",
@@ -160,29 +161,30 @@ For examples, see **step help crypto hash**.
 
 : <algorithm> must be one of:
 
-    **sha1** (or sha)
+		**sha1** (or sha)
-    :  SHA-1 produces a 160-bit hash value
+		:  SHA-1 produces a 160-bit hash value
 
-    **sha224**
+		**sha224**
-    :  SHA-224 produces a 224-bit hash value
+		:  SHA-224 produces a 224-bit hash value
 
-    **sha256** (default)
+		**sha256** (default)
-    :  SHA-256 produces a 256-bit hash value
+		:  SHA-256 produces a 256-bit hash value
 
-    **sha384**
+		**sha384**
-    :  SHA-384 produces a 384-bit hash value
+		:  SHA-384 produces a 384-bit hash value
 
-    **sha512**
+		**sha512**
-    :  SHA-512 produces a 512-bit hash value
+		:  SHA-512 produces a 512-bit hash value
 
-    **sha512-224**
+		**sha512-224**
-    :  SHA-512/224 produces a 224-bit hash value
+		:  SHA-512/224 produces a 224-bit hash value
 
-    **sha512-256**
+		**sha512-256**
-    :  SHA-512/256 produces a 256-bit hash value
+		:  SHA-512/256 produces a 256-bit hash value
 
-    **md5** (requires --insecure)
+		**md5** (requires --insecure)
-    :  MD5 produces a 128-bit hash value`,
+		:  MD5 produces a 128-bit hash value
+`,
 			},
 			cli.BoolFlag{
 				Name:   "insecure",

command/crypto/jwe/jwe.go

@@ -25,22 +25,22 @@ be encrypted to multiple parties (using multiple keys).
 A typical JWE in compact serialization is a dot-separated string with five
 parts:
 
-    * Header: metadata describing how the plaintext payload was processed to
+* Header: metadata describing how the plaintext payload was processed to
-      produce ciphertext (e.g., which algorithms were used to encrypt the
+  produce ciphertext (e.g., which algorithms were used to encrypt the
-      content encryption key and the plaintext payload)
+  content encryption key and the plaintext payload)
 
-    * Encrypted Key: the "content encryption key" that was used to encrypt the
+* Encrypted Key: the "content encryption key" that was used to encrypt the
-      plaintext payload, encrypted for the JWE recipient(s) (see: "what's with
+  plaintext payload, encrypted for the JWE recipient(s) (see: "what's with
-      the encrypted key" below)
+  the encrypted key" below)
 
-    * Initialization Vector: an initialization vector for use with the specified
+* Initialization Vector: an initialization vector for use with the specified
-      encryption algorithm, if applicable
+  encryption algorithm, if applicable
 
-    * Ciphertext: the ciphertext value resulting produced from authenticated
+* Ciphertext: the ciphertext value resulting produced from authenticated
-      encryption of the plaintext with additional authenticated data
+  encryption of the plaintext with additional authenticated data
 
-    * Authentication Tag: value resulting fromthe authenticated encryption of
+* Authentication Tag: value resulting fromthe authenticated encryption of
-      the plaintext with additional authenticated data
+  the plaintext with additional authenticated data
 
 ## What's with encrypted key?
 

command/crypto/kdf/kdf.go

@@ -137,17 +137,18 @@ appear in places you might not expect. If omitted input is read from STDIN.`,
 
 :  <algorithm> must be one of:
 
-    **scrypt**
+		**scrypt**
-    :  A password-based KDF designed to use exponential time and memory.
+		:  A password-based KDF designed to use exponential time and memory.
 
-    **bcrypt**
+		**bcrypt**
-    :  A password-based KDF designed to use exponential time.
+		:  A password-based KDF designed to use exponential time.
 
-    **argon2i**
+		**argon2i**
-    : A password-based KDF optimized to resist side-channel attacks.
+		: A password-based KDF optimized to resist side-channel attacks.
 
-    **argon2id**
+		**argon2id**
-    : A password-based KDF optimized to resist GPU and side-channel attacks.`,
+		: A password-based KDF optimized to resist GPU and side-channel attacks.
+`,
 			},
 			cli.BoolFlag{
 				Name:   "insecure",

command/oauth/cmd.go

@@ -65,8 +65,7 @@ func init() {
 	cmd := cli.Command{
 		Name:  "oauth",
 		Usage: "authorization and single sign-on using OAuth & OIDC",
-		UsageText: `
+		UsageText: `**step oauth** [**--provider**=<provider>] [**--client-id**=<client-id> **--client-secret**=<client-secret>]
-**step oauth** [**--provider**=<provider>] [**--client-id**=<client-id> **--client-secret**=<client-secret>]
   [**--scope**=<scope> ...] [**--bare** [**--oidc**]] [**--header** [**--oidc**]]
 
 **step oauth** **--authorization-endpoint**=<authorization-endpoint> **--token-endpoint**=<token-endpoint>
@@ -121,7 +120,7 @@ $ step oauth --oidc --bare
 '''
 
 Use a custom OAuth2.0 server:
-''''
+'''
 $ step oauth --client-id my-client-id --client-secret my-client-secret \
   --provider https://example.org
 '''`,

flags/flags.go

@@ -178,7 +178,7 @@ generating key.`,
 		Name: "offline",
 		Usage: `Creates a certificate without contacting the certificate authority. Offline mode
 uses the configuration, certificates, and keys created with **step ca init**,
-but can accept a different configuration file using '--ca-config>' flag.`,
+but can accept a different configuration file using **--ca-config** flag.`,
 	}
 
 	// CaConfig is a cli.Flag used to pass the CA configuration file.
@@ -242,7 +242,7 @@ be stored in the 'sshpop' header.`,
 	TeamURL = cli.StringFlag{
 		Name: "team-url",
 		Usage: `The <url> step queries to retrieve initial team configuration. Only used with
-the --team option. If the url contains <\<\>> placeholders, they are replaced with the team ID.`,
+the **--team** option. If the url contains <\<\>> placeholders, they are replaced with the team ID.`,
 	}
 
 	// RedirectURL is a cli.Flag used to pass the OAuth redirect URL.
@@ -261,7 +261,7 @@ the --team option. If the url contains <\<\>> placeholders, they are replaced wi
 	// TemplateSet is a cli.Flag used to send key-value pairs to the ca.
 	TemplateSet = cli.StringSliceFlag{
 		Name:  "set",
-		Usage: "The <key=value> pair with template data variables to send to the CA. Use the '--set' flag multiple times to add multiple variables.",
+		Usage: "The <key=value> pair with template data variables to send to the CA. Use the **--set** flag multiple times to add multiple variables.",
 	}
 
 	// TemplateSetFile is a cli.Flag used to send a JSON file to the CA.