repart: add --private-key-source and drop --private-key-uri

It turns out it's mostly PKCS11 that supports the URI format,
and other engines just take files. For example the tpm2-tss-openssl
engine just takes a sealed private key file path as the key input,
and the engine needs to be specified separately.

Add --private-key-source=file|engine:foo|provider:bar to
manually specify how to use the private key parameter.

Follow-up for 0a8264080a5d4b5e13e65eed80ac98a476f7fe43

1 files changed, 0 insertions, 8 deletions

diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index 302ca67b57..00492829bd 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -129,14 +129,6 @@ All tools:
 * `$SYSTEMD_VERITY_SHARING=0` — if set, sharing dm-verity devices by
   using a stable `<ROOTHASH>-verity` device mapper name will be disabled.
 
-* `$SYSTEMD_OPENSSL_KEY_LOADER`— when using OpenSSL to load a key via an engine
-  or a provider, can be used to force the usage of one or the other interface.
-  Set to 'engine' to force the usage of the old engine API, and to 'provider'
-  force the usage of the new provider API. If unset, the provider will be tried
-  first and the engine as a fallback if that fails. Providers are the new OpenSSL
-  3 API, but there are very few if any in a production-ready state, so engines
-  are still needed.
-
 `systemctl`:
 
 * `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID 1's private D-Bus