Releases: Venafi/vcert
v5.8.0 Enables RSA 3072 bit key size for TPP (VCert SDK)
VCert SDK
- Enables RSA 3072 bit key size for TPP certificate enrollment. [PR-536]
3431b3db815a8bc7f940352534e307d0219593ae vcert_v5.8.0_darwin.zip
6bf5310065eb809f43198c7f24c5b2cce362bd11 vcert_v5.8.0_darwin_arm.zip
6bca49e354d1e1c9fd11c7591730ae8097f1647c vcert_v5.8.0_linux.zip
ccb5f66862736b30d49ebc6b03a61a332a167b36 vcert_v5.8.0_linux86.zip
8b7a319eebc6db3dc3ecfa24615407a76b7b46ef vcert_v5.8.0_linux_arm.zip
260ce186535112d56c7df0ed92df990bae285c6f vcert_v5.8.0_windows.zip
3cb328afffc9d150928056b07d2f6a1a53fba0a5 vcert_v5.8.0_windows86.zip
65f74e20680c9ea57532319ce2ece2aaf3a62dbc vcert_v5.8.0_windows_arm.zip
v5.7.2 Minor Enhancements and Bug Fixes
VCert CLI and SDK
- Enhances VCert to validate in preflight if the certificate about to be provisioned is expired. [PR-498]
VCert CLI
- Fixes warning behavior when providing a platform using plataform flag is set. [PR-499]
- Fixes some mentions of old flag
--idp-jwt
to current one--external-jwt
. [PR-518]
VCert Playbook
- Fixes bug that would prevent VCert to work on proxy environments. [PR-532]
5204249d20276687b4241b875d17f0d6d12bfef0 vcert_v5.7.2_darwin.zip
17f0c2f33dd1b0f37fdfaabb04a97a53720c557b vcert_v5.7.2_darwin_arm.zip
489dadf6b0ea10d5285c342b38d4aff6c91eb826 vcert_v5.7.2_linux.zip
8b49d3f9b57b38e588252553a44425a65e3f5051 vcert_v5.7.2_linux86.zip
62b3f9ba282ed34696ed4fa578c258b4af102975 vcert_v5.7.2_linux_arm.zip
af65700415278dbc13d74b7c56892bd63e08d22b vcert_v5.7.2_windows.zip
56f8c6cfb46dcf7bd50324b005b81bbc1b8ec9d2 vcert_v5.7.2_windows86.zip
049f43329cfdb7560821ba203273d67fbfba2435 vcert_v5.7.2_windows_arm.zip
v5.7.1 Support for VCP Provisioning
VCert SDK
This enables a new method Provision Certificate where you can provide:
- Certificate ID or Pickup ID (a.k.a Request ID in VCP)
- Keystore ID: The ID in VCP where you chose to perform provisioning
- Keystore Name: Name of your Cloud Keystore (along with Provider Name)
- Provider Name: Name of yout Cloud Provider (along with Keystore Name)
- Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.
- Certificate Name: Name of the certificate that should have when provisioned (valid for Azure Key Vault or Google Certificate Manager)
- ARN: AWS Resource Name. To be specified in case of doing a certificate replacement, in which you would point to an already existing ARN.
Important
ProvisionCertificate
function
from endpoint.go
file and thus removing it to be defined for other connectors, since this provision
feature only makes sense
for Venafi Control Plane's perspective
VCert CLI
Enabled command provision
and subcommand cloudkeystore
which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:
--certificate-id
: The id of the certificate to be provisioned to a cloud keystore.--keystore-id
: The id of the cloud keystore where the certificate will be provisioned.--keystore-name
: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.--pickup-id
: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.--provider-name
: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.--certificate-name
: Use to specify Cloud Keystore Certificate Name to be set or replaced by provisioned certificate (only for Azure Key Vault and Google Certificate Manager)--arn
: Use to specify AWS Resource Name which provisioned certificate will replace (only for AWS Certificate Manager)
Example returned info for Azure Key Vault:
cloudId: https://my-key-vault.vault.azure.net/certificates/something-venafi-example-com/asdf4q23g528cuhip4bjdeonvszr0fnc6
azureName: something-venafi-example-com
azureVersion: asdf4q23g528cuhip4bjdeonvszr0fnc6
machineIdentityId: 9326192f-30a6-47f2-8b95-3523d3eacd68
machineIdentityActionType: New
Notice cloudId
, which is the generic ID of the Cloud platform where your certificate is located.
To find out more, check here
NEW CHANGES
VCert Playbook
Enhancements:
- Allows the use of
useLegacyP12
attribute ininstallations
block as an option in playbooks. (PR#464)
Fixes:
- Fixes issue when default time and thus
timeout
attribute works correctly as it should had inrequest
block. (PR#476) - Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)
06098debc2560701f3763b954260ddcaf8354bea vcert_v5.7.1_darwin.zip
141f07fe6d50b76d3fdef22ec42544a25aad1b96 vcert_v5.7.1_darwin_arm.zip
ae78e784ee6e683bc502fab809b5d1e02597ab4d vcert_v5.7.1_linux.zip
eb5ceeaf1636b0b49c5c79b0f86d04e7e24a8fc1 vcert_v5.7.1_linux86.zip
32fc59bbba619a20d4556c4c47ebf27256cfd268 vcert_v5.7.1_linux_arm.zip
87cb9fdf0faaf26ffd3fc83d7647d042f4e7b04b vcert_v5.7.1_windows.zip
0d1120f6773186175bede431b63543648cb7c90d vcert_v5.7.1_windows86.zip
b6b45cb1ce9d83ef549b36e6d1ea454ddccc0964 vcert_v5.7.1_windows_arm.zip
v5.7.0: Support for VCP Provisioning - (Pre-release)
NEW FEATURE: Support for VCP Provisioning
Added new feature that allows users to provision certificates from VCP
VCert SDK
This enables a new method Provision Certificate where you can provide:
- Certificate ID or Pickup ID (a.k.a Request ID in VCP)
- Keystore ID: The ID in VCP where you chose to perform provisioning
- Keystore Name: Name of your Cloud Keystore (along with Provider Name)
- Provider Name: Name of yout Cloud Provider (along with Keystore Name)
- Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.
VCert CLI
Enabled command provision
and subcommand cloudkeystore
which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:
--certificate-id
: The id of the certificate to be provisioned to a cloud keystore.--keystore-id
: The id of the cloud keystore where the certificate will be provisioned.--keystore-name
: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.--pickup-id
: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.--provider-name
: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag. |
To find out more, check here
NEW CHANGES
VCert Playbook
Enhancements:
- Allows the use of
useLegacyP12
attribute ininstallations
block as an option in playbooks. (PR#464)
Fixes:
- Fixes issue when default time and thus
timeout
attribute works correctly as it should had inrequest
block. (PR#476) - Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)
f4ed7ab4f1ed1b3c081261eaf515d78b459a5634 vcert_v5.7.0_darwin.zip
ca664fa67a5f42f5e253fbded9b7d00da64d31eb vcert_v5.7.0_darwin_arm.zip
fc0dc007255da2a2da92d4da212247c549740844 vcert_v5.7.0_linux.zip
5eb11699b2f609cbf7e3e88169ae1a382bbbd282 vcert_v5.7.0_linux86.zip
5e80627e9f4aaf619c11b579a83a24dc5ed388f8 vcert_v5.7.0_linux_arm.zip
48455cf508aab24e5684b03d4663f3b526035266 vcert_v5.7.0_windows.zip
b2d02e5026fb3893c268154571963b0555233c2f vcert_v5.7.0_windows86.zip
2dcfb190cfcbfdf4ff86fb3a30a89dceefa37b50 vcert_v5.7.0_windows_arm.zip
v5.7.0-rc2
NEW CHANGES
VCert SDK
Enhancements
- Enables Certificate Provisioning with Service Account Auth (PR#473)
- Adds ability to provision certificate using keystore and provider name (PR#469)
Fixes:
- Fixes graphql client initialization in cloud connector (PR#477)
- Exposes
GetCloudKestoreByName
in Cloud Connector (VCP) (PR#479) - Enables graphclient in singleton, sets user agent and exposes
GetCloudProviderByName
in Cloud Connector (PR#474)
VCert Playbook
Enhancements:
- Allows the use of
useLegacyP12
attribute ininstallations
block as an option in playbooks. (PR#464)
Fixes:
- Fixes issue when default time and thus
timeout
attribute works correctly as it should had inrequest
block. (PR#476) - Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)
e748bad6f52ea00ff323836ff4e77f963cc07f14 vcert_v5.7.0-rc2_darwin.zip
24a0318de995290a9b8d9224b19e5b3a050bb046 vcert_v5.7.0-rc2_darwin_arm.zip
d29d290accb592e709b60f3153d0d100a779ec01 vcert_v5.7.0-rc2_linux.zip
3cd9c04c891e5a697f255f159e970685e33b5705 vcert_v5.7.0-rc2_linux86.zip
b80f966afb87f41ec0327c4a230e4143d31b3aac vcert_v5.7.0-rc2_linux_arm.zip
7b778b0a0d4f3c1c74f62002b53d643961b5c931 vcert_v5.7.0-rc2_windows.zip
ffec942f2c784f20c012ed0238175cfaad69e419 vcert_v5.7.0-rc2_windows86.zip
e004c02e2116a8f6a075c725adb64d1a1ded377e vcert_v5.7.0-rc2_windows_arm.zip
5.7.0-rc1: Support for VCP Provisioning (VCert SDK)
NEW FEATURE: Support for VCP Provisioning (api-key support only)
VCert SDK
Added new feature that allows users to provision certificates from VCP using VCert SDK. This enables a new method Provision Certificate where you can provide:
- Certificate ID or Pickup ID (a.k.a Request ID in VCP)
- Keystore ID: The ID in VCP where you chose to perform provisioning
(PR#461)
Enhancements:
VCert SDK
- Only call DEK endpoints if the CSR is a ServiceGeneratedCSR (PR#450)
VCert Playbook
- Enables direct supply of a valid accessToken via the playbook for VCP, improves errors on expired access token as well as improves playbook validation for VCP credentials, and prevents more than one kind of credential to be set. (PR#456) (PR#457)
General Fixes
VCert SDK
- Fixed Cloud toPolicy SAN regex processing (PR#449)
- Fixed issue with local generated CSR in cloud connector(PR#455
0e27f9a4cb4b098adcf93dd9eeac9ce4c3058837 vcert_5.7.0-rc1_darwin.zip
0815af70d11a4e5711b600724e8823dd69981876 vcert_5.7.0-rc1_darwin_arm.zip
6a04ef5145d476741d314f459f12beb876e2f8d4 vcert_5.7.0-rc1_linux.zip
67a5602a6b777c36762658667f4c017dd119f350 vcert_5.7.0-rc1_linux86.zip
5df51e60a319a2ba72cb28c1994238c278f36262 vcert_5.7.0-rc1_linux_arm.zip
9b55b3372323ede99b3e6caf7a5d237ac45eee27 vcert_5.7.0-rc1_windows.zip
c2c74666ebd14d30ec01cbe509a0c10f46e0cddc vcert_5.7.0-rc1_windows86.zip
6183b92389e847f68362904bc35ea5e9fcea4af3 vcert_5.7.0-rc1_windows_arm.zip
v5.6.4
Due to unforeseen issues with proxy.golang.org we have released a new version with exactly the same features as v5.6.3
DO NOT USE v5.6.3 as it is cached to a version with a breaking bug
This is the final release of the service account authentication feature
General:
- Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box. Courtesy of @BeardedPrincess
VCert SDK:
- Adds TokenURL to endpoint.Authentication
- Cloud Connector will stop using the TokenURL attribute from endpoint.OAuthProvider and start using the new one (above)
VCert CLI:
- Internal changes to make use fo the new TokenURL attribute
- Renames getcred command flag --idp-jwt back to --external-jwt
- Fixes an issue whereby using getcred command to request a TPP access token by using username/password threw the deprecation warning message. This should not happen for getcred command
- Fixes an issue whereby requesting an access token for VCP platform printed the wrong expiration date. Now it properly prints the expiration date
VCert SDK:
- Adds new attribute config.connection.credentials.tokenURL to Playbook. This attribute should be used to pass the VCP token url value
- Stops using config.connection.credentials.idP.tokenURL for the VCP token url value
- Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and errors will be reported at the end of the run. Courtesy of @maelvls
0e29e25ba264997f9dfef980156e86509e30c902 vcert_v5.6.4_darwin.zip
75f9aa0d2484a3c1a4a955b462258ea976e73379 vcert_v5.6.4_darwin_arm.zip
2b5e3c6a8447d1e736640482ca7c020551ff9dd6 vcert_v5.6.4_linux.zip
3d014472d71b91d0d3ff76984d861f3643f43905 vcert_v5.6.4_linux86.zip
51ca899a7a921e3a0dea4cbe744227f3b0a97ada vcert_v5.6.4_linux_arm.zip
91d9097455e389a9273f60802c5d0c59118252d0 vcert_v5.6.4_windows.zip
b27a230bbcc6d7b2339a14117ad9f094f948af57 vcert_v5.6.4_windows86.zip
284e5490e1176551d7ba48113f860529c7bce864 vcert_v5.6.4_windows_arm.zip
v5.6.3
This release is cached to a version with a breaking bug in proxy.golang.org. DO NOT USE
General:
- Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box. Courtesy of @BeardedPrincess
VCert SDK:
- Adds TokenURL to endpoint.Authentication
- Cloud Connector will stop using the TokenURL attribute from endpoint.OAuthProvider and start using the new one (above)
VCert CLI:
- Internal changes to make use fo the new TokenURL attribute
- Renames getcred command flag --idp-jwt back to --external-jwt
- Fixes an issue whereby using getcred command to request a TPP access token by using username/password threw the deprecation warning message. This should not happen for getcred command
- Fixes an issue whereby requesting an access token for VCP platform printed the wrong expiration date. Now it properly prints the expiration date
VCert SDK:
- Adds new attribute config.connection.credentials.tokenURL to Playbook. This attribute should be used to pass the VCP token url value
- Stops using config.connection.credentials.idP.tokenURL for the VCP token url value
- Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and errors will be reported at the end of the run. Courtesy of @maelvls
3807c0ba059f8a446f2590195083490ad572ee5d vcert_v5.6.3_darwin.zip
4e7cb8c7b455f1bd7ccba2773d6fbe385aa93be5 vcert_v5.6.3_darwin_arm.zip
2ff618ab402cc989b01e3319926ee12572a416ec vcert_v5.6.3_linux.zip
124b1a312d3f70d0c8fa0ffec33a8a6f6519fc34 vcert_v5.6.3_linux86.zip
ea124687845db01764328c3fbb39d78cb8403da3 vcert_v5.6.3_linux_arm.zip
55b253142e1029b77b0a631d3c167188766ff98d vcert_v5.6.3_windows.zip
a0e1f367ddfe264a2ec1b0877c836e65a0ea4180 vcert_v5.6.3_windows86.zip
3c4dcd7fa2ca3df46d10bf50273b35f50b60b9fc vcert_v5.6.3_windows_arm.zip
v5.6.2 Service account authentication for Venafi Control Plane
VCert SDK:
- Removes
TenantID
fromendpoint.Authentication
struct cloud.Connector
will useendpoint.Authentication.OAuthProvider.TokenURL
instead of building the URL (using the
tenantID
) to obtain the access token
VCert CLI:
- Removes
--tenant-id
flag forgetcred
command - Adds
--token-url
flag forgetcred
command
VCert Playbook:
- Removes
tenantId
attribute fromconfig.connection.credentials
object - Now uses
config.connection.credentials.idP.tokenURL
for Venafi Control Plane service account authentication
ddf8e5a41a05e20b54238e4d48a4cf958ca30487 vcert_v5.6.2_darwin.zip
a3c987495b42ec0b511940bc1b70e9314e86d497 vcert_v5.6.2_darwin_arm.zip
c1a88bdcec87f4869a25b9b8b0c23dc58d10934a vcert_v5.6.2_linux.zip
e820090cf84e97c770085d16dbdfc8ef693ace95 vcert_v5.6.2_linux86.zip
a5bc566abe21ec61a5910d0594912216419cf3cf vcert_v5.6.2_linux_arm.zip
0e57d7c1dffe873655a4dab2ae67096a4fd5b6ba vcert_v5.6.2_windows.zip
48ca70bb81b2f69bb2057e529b144c56dbeded83 vcert_v5.6.2_windows86.zip
405466cadb8f16a62a7655c4c492cb764782acc2 vcert_v5.6.2_windows_arm.zip
v5.6.1 Added User-Agent HTTP header to requests
VCert SDK:
- Added
User-Agent
HTTP header to requests made by VCert. This enhancement allows PKI admins to keep track of VCert usage and to know which software is being used to connect to the REST API. User-Agent value isvcert/v5
3fda99b8353df7459f8388b4dacf6613a728154d vcert_v5.6.1_darwin.zip
ea5352c40c621d053af1f201de8e2295a6951413 vcert_v5.6.1_darwin_arm.zip
b34e88225210289f8b2ac6cb3c580d289bb03e2d vcert_v5.6.1_linux.zip
1d8df2544d2eeddc53f13ccc51a127b1e89c07f3 vcert_v5.6.1_linux86.zip
8f49394d1e6b666e57d3ddad93fe5a2c6fae66fe vcert_v5.6.1_linux_arm.zip
592a9dff4a344bf918d143750ca8961310c53d25 vcert_v5.6.1_windows.zip
9794d674b7162d0626b8390e82ac659b7fe5e546 vcert_v5.6.1_windows86.zip
399748eb87c948058998b1e8c3ffb7ab24807a0c vcert_v5.6.1_windows_arm.zip