Skip to content

Releases: Venafi/vcert

v5.8.0 Enables RSA 3072 bit key size for TPP (VCert SDK)

06 Jan 19:55
dbcec10
Compare
Choose a tag to compare

VCert SDK

  • Enables RSA 3072 bit key size for TPP certificate enrollment. [PR-536]
3431b3db815a8bc7f940352534e307d0219593ae  vcert_v5.8.0_darwin.zip
6bf5310065eb809f43198c7f24c5b2cce362bd11  vcert_v5.8.0_darwin_arm.zip
6bca49e354d1e1c9fd11c7591730ae8097f1647c  vcert_v5.8.0_linux.zip
ccb5f66862736b30d49ebc6b03a61a332a167b36  vcert_v5.8.0_linux86.zip
8b7a319eebc6db3dc3ecfa24615407a76b7b46ef  vcert_v5.8.0_linux_arm.zip
260ce186535112d56c7df0ed92df990bae285c6f  vcert_v5.8.0_windows.zip
3cb328afffc9d150928056b07d2f6a1a53fba0a5  vcert_v5.8.0_windows86.zip
65f74e20680c9ea57532319ce2ece2aaf3a62dbc  vcert_v5.8.0_windows_arm.zip

v5.7.2 Minor Enhancements and Bug Fixes

12 Nov 19:10
5e219b3
Compare
Choose a tag to compare

VCert CLI and SDK

  • Enhances VCert to validate in preflight if the certificate about to be provisioned is expired. [PR-498]

VCert CLI

  • Fixes warning behavior when providing a platform using plataform flag is set. [PR-499]
  • Fixes some mentions of old flag --idp-jwt to current one --external-jwt. [PR-518]

VCert Playbook

  • Fixes bug that would prevent VCert to work on proxy environments. [PR-532]
5204249d20276687b4241b875d17f0d6d12bfef0  vcert_v5.7.2_darwin.zip
17f0c2f33dd1b0f37fdfaabb04a97a53720c557b  vcert_v5.7.2_darwin_arm.zip
489dadf6b0ea10d5285c342b38d4aff6c91eb826  vcert_v5.7.2_linux.zip
8b49d3f9b57b38e588252553a44425a65e3f5051  vcert_v5.7.2_linux86.zip
62b3f9ba282ed34696ed4fa578c258b4af102975  vcert_v5.7.2_linux_arm.zip
af65700415278dbc13d74b7c56892bd63e08d22b  vcert_v5.7.2_windows.zip
56f8c6cfb46dcf7bd50324b005b81bbc1b8ec9d2  vcert_v5.7.2_windows86.zip
049f43329cfdb7560821ba203273d67fbfba2435  vcert_v5.7.2_windows_arm.zip

v5.7.1 Support for VCP Provisioning

07 Jun 18:18
bbf788e
Compare
Choose a tag to compare

VCert SDK

This enables a new method Provision Certificate where you can provide:

  • Certificate ID or Pickup ID (a.k.a Request ID in VCP)
  • Keystore ID: The ID in VCP where you chose to perform provisioning
  • Keystore Name: Name of your Cloud Keystore (along with Provider Name)
  • Provider Name: Name of yout Cloud Provider (along with Keystore Name)
  • Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.
  • Certificate Name: Name of the certificate that should have when provisioned (valid for Azure Key Vault or Google Certificate Manager)
  • ARN: AWS Resource Name. To be specified in case of doing a certificate replacement, in which you would point to an already existing ARN.

Important

⚠️ This is a breaking change against the previous v5.7.0 pre-release, since now we removed the ProvisionCertificate function
from endpoint.go file and thus removing it to be defined for other connectors, since this provision feature only makes sense
for Venafi Control Plane's perspective

VCert CLI

Enabled command provision and subcommand cloudkeystore which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:

  • --certificate-id: The id of the certificate to be provisioned to a cloud keystore.
  • --keystore-id: The id of the cloud keystore where the certificate will be provisioned.
  • --keystore-name: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.
  • --pickup-id: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.
  • --provider-name: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.
  • --certificate-name: Use to specify Cloud Keystore Certificate Name to be set or replaced by provisioned certificate (only for Azure Key Vault and Google Certificate Manager)
  • --arn: Use to specify AWS Resource Name which provisioned certificate will replace (only for AWS Certificate Manager)

Example returned info for Azure Key Vault:

cloudId: https://my-key-vault.vault.azure.net/certificates/something-venafi-example-com/asdf4q23g528cuhip4bjdeonvszr0fnc6
azureName: something-venafi-example-com
azureVersion: asdf4q23g528cuhip4bjdeonvszr0fnc6
machineIdentityId: 9326192f-30a6-47f2-8b95-3523d3eacd68
machineIdentityActionType: New

Notice cloudId, which is the generic ID of the Cloud platform where your certificate is located.

To find out more, check here

NEW CHANGES

VCert Playbook

Enhancements:

  • Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

Fixes:

  • Fixes issue when default time and thus timeout attribute works correctly as it should had in request block. (PR#476)
  • Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)
06098debc2560701f3763b954260ddcaf8354bea  vcert_v5.7.1_darwin.zip
141f07fe6d50b76d3fdef22ec42544a25aad1b96  vcert_v5.7.1_darwin_arm.zip
ae78e784ee6e683bc502fab809b5d1e02597ab4d  vcert_v5.7.1_linux.zip
eb5ceeaf1636b0b49c5c79b0f86d04e7e24a8fc1  vcert_v5.7.1_linux86.zip
32fc59bbba619a20d4556c4c47ebf27256cfd268  vcert_v5.7.1_linux_arm.zip
87cb9fdf0faaf26ffd3fc83d7647d042f4e7b04b  vcert_v5.7.1_windows.zip
0d1120f6773186175bede431b63543648cb7c90d  vcert_v5.7.1_windows86.zip
b6b45cb1ce9d83ef549b36e6d1ea454ddccc0964  vcert_v5.7.1_windows_arm.zip

v5.7.0: Support for VCP Provisioning - (Pre-release)

28 May 20:31
1b471ab
Compare
Choose a tag to compare

NEW FEATURE: Support for VCP Provisioning

Added new feature that allows users to provision certificates from VCP

VCert SDK

This enables a new method Provision Certificate where you can provide:

  • Certificate ID or Pickup ID (a.k.a Request ID in VCP)
  • Keystore ID: The ID in VCP where you chose to perform provisioning
  • Keystore Name: Name of your Cloud Keystore (along with Provider Name)
  • Provider Name: Name of yout Cloud Provider (along with Keystore Name)
  • Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.

VCert CLI

Enabled command provision and subcommand cloudkeystore which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:

  • --certificate-id: The id of the certificate to be provisioned to a cloud keystore.
  • --keystore-id: The id of the cloud keystore where the certificate will be provisioned.
  • --keystore-name: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.
  • --pickup-id: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.
  • --provider-name: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag. |

To find out more, check here

NEW CHANGES

VCert Playbook

Enhancements:

  • Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

Fixes:

  • Fixes issue when default time and thus timeout attribute works correctly as it should had in request block. (PR#476)
  • Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)
f4ed7ab4f1ed1b3c081261eaf515d78b459a5634  vcert_v5.7.0_darwin.zip
ca664fa67a5f42f5e253fbded9b7d00da64d31eb  vcert_v5.7.0_darwin_arm.zip
fc0dc007255da2a2da92d4da212247c549740844  vcert_v5.7.0_linux.zip
5eb11699b2f609cbf7e3e88169ae1a382bbbd282  vcert_v5.7.0_linux86.zip
5e80627e9f4aaf619c11b579a83a24dc5ed388f8  vcert_v5.7.0_linux_arm.zip
48455cf508aab24e5684b03d4663f3b526035266  vcert_v5.7.0_windows.zip
b2d02e5026fb3893c268154571963b0555233c2f  vcert_v5.7.0_windows86.zip
2dcfb190cfcbfdf4ff86fb3a30a89dceefa37b50  vcert_v5.7.0_windows_arm.zip

v5.7.0-rc2

22 May 22:50
a03a6d9
Compare
Choose a tag to compare
v5.7.0-rc2 Pre-release
Pre-release

NEW CHANGES

VCert SDK

Enhancements

  • Enables Certificate Provisioning with Service Account Auth (PR#473)
  • Adds ability to provision certificate using keystore and provider name (PR#469)

Fixes:

  • Fixes graphql client initialization in cloud connector (PR#477)
  • Exposes GetCloudKestoreByName in Cloud Connector (VCP) (PR#479)
  • Enables graphclient in singleton, sets user agent and exposes GetCloudProviderByName in Cloud Connector (PR#474)

VCert Playbook

Enhancements:

  • Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

Fixes:

  • Fixes issue when default time and thus timeout attribute works correctly as it should had in request block. (PR#476)
  • Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)
e748bad6f52ea00ff323836ff4e77f963cc07f14  vcert_v5.7.0-rc2_darwin.zip
24a0318de995290a9b8d9224b19e5b3a050bb046  vcert_v5.7.0-rc2_darwin_arm.zip
d29d290accb592e709b60f3153d0d100a779ec01  vcert_v5.7.0-rc2_linux.zip
3cd9c04c891e5a697f255f159e970685e33b5705  vcert_v5.7.0-rc2_linux86.zip
b80f966afb87f41ec0327c4a230e4143d31b3aac  vcert_v5.7.0-rc2_linux_arm.zip
7b778b0a0d4f3c1c74f62002b53d643961b5c931  vcert_v5.7.0-rc2_windows.zip
ffec942f2c784f20c012ed0238175cfaad69e419  vcert_v5.7.0-rc2_windows86.zip
e004c02e2116a8f6a075c725adb64d1a1ded377e  vcert_v5.7.0-rc2_windows_arm.zip

5.7.0-rc1: Support for VCP Provisioning (VCert SDK)

08 May 19:25
00e592e
Compare
Choose a tag to compare

NEW FEATURE: Support for VCP Provisioning (api-key support only)

VCert SDK

Added new feature that allows users to provision certificates from VCP using VCert SDK. This enables a new method Provision Certificate where you can provide:

  • Certificate ID or Pickup ID (a.k.a Request ID in VCP)
  • Keystore ID: The ID in VCP where you chose to perform provisioning
    (PR#461)

Enhancements:

VCert SDK

  • Only call DEK endpoints if the CSR is a ServiceGeneratedCSR (PR#450)

VCert Playbook

  • Enables direct supply of a valid accessToken via the playbook for VCP, improves errors on expired access token as well as improves playbook validation for VCP credentials, and prevents more than one kind of credential to be set. (PR#456) (PR#457)

General Fixes

VCert SDK

  • Fixed Cloud toPolicy SAN regex processing (PR#449)
  • Fixed issue with local generated CSR in cloud connector(PR#455
0e27f9a4cb4b098adcf93dd9eeac9ce4c3058837  vcert_5.7.0-rc1_darwin.zip
0815af70d11a4e5711b600724e8823dd69981876  vcert_5.7.0-rc1_darwin_arm.zip
6a04ef5145d476741d314f459f12beb876e2f8d4  vcert_5.7.0-rc1_linux.zip
67a5602a6b777c36762658667f4c017dd119f350  vcert_5.7.0-rc1_linux86.zip
5df51e60a319a2ba72cb28c1994238c278f36262  vcert_5.7.0-rc1_linux_arm.zip
9b55b3372323ede99b3e6caf7a5d237ac45eee27  vcert_5.7.0-rc1_windows.zip
c2c74666ebd14d30ec01cbe509a0c10f46e0cddc  vcert_5.7.0-rc1_windows86.zip
6183b92389e847f68362904bc35ea5e9fcea4af3  vcert_5.7.0-rc1_windows_arm.zip

v5.6.4

11 Apr 16:26
039d25d
Compare
Choose a tag to compare

Due to unforeseen issues with proxy.golang.org we have released a new version with exactly the same features as v5.6.3

DO NOT USE v5.6.3 as it is cached to a version with a breaking bug

This is the final release of the service account authentication feature

General:

  • Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box. Courtesy of @BeardedPrincess

VCert SDK:

  • Adds TokenURL to endpoint.Authentication
  • Cloud Connector will stop using the TokenURL attribute from endpoint.OAuthProvider and start using the new one (above)

VCert CLI:

  • Internal changes to make use fo the new TokenURL attribute
  • Renames getcred command flag --idp-jwt back to --external-jwt
  • Fixes an issue whereby using getcred command to request a TPP access token by using username/password threw the deprecation warning message. This should not happen for getcred command
  • Fixes an issue whereby requesting an access token for VCP platform printed the wrong expiration date. Now it properly prints the expiration date

VCert SDK:

  • Adds new attribute config.connection.credentials.tokenURL to Playbook. This attribute should be used to pass the VCP token url value
  • Stops using config.connection.credentials.idP.tokenURL for the VCP token url value
  • Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and errors will be reported at the end of the run. Courtesy of @maelvls
0e29e25ba264997f9dfef980156e86509e30c902  vcert_v5.6.4_darwin.zip
75f9aa0d2484a3c1a4a955b462258ea976e73379  vcert_v5.6.4_darwin_arm.zip
2b5e3c6a8447d1e736640482ca7c020551ff9dd6  vcert_v5.6.4_linux.zip
3d014472d71b91d0d3ff76984d861f3643f43905  vcert_v5.6.4_linux86.zip
51ca899a7a921e3a0dea4cbe744227f3b0a97ada  vcert_v5.6.4_linux_arm.zip
91d9097455e389a9273f60802c5d0c59118252d0  vcert_v5.6.4_windows.zip
b27a230bbcc6d7b2339a14117ad9f094f948af57  vcert_v5.6.4_windows86.zip
284e5490e1176551d7ba48113f860529c7bce864  vcert_v5.6.4_windows_arm.zip

v5.6.3

10 Apr 22:47
039d25d
Compare
Choose a tag to compare
v5.6.3 Pre-release
Pre-release

This release is cached to a version with a breaking bug in proxy.golang.org. DO NOT USE

General:

  • Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box. Courtesy of @BeardedPrincess

VCert SDK:

  • Adds TokenURL to endpoint.Authentication
  • Cloud Connector will stop using the TokenURL attribute from endpoint.OAuthProvider and start using the new one (above)

VCert CLI:

  • Internal changes to make use fo the new TokenURL attribute
  • Renames getcred command flag --idp-jwt back to --external-jwt
  • Fixes an issue whereby using getcred command to request a TPP access token by using username/password threw the deprecation warning message. This should not happen for getcred command
  • Fixes an issue whereby requesting an access token for VCP platform printed the wrong expiration date. Now it properly prints the expiration date

VCert SDK:

  • Adds new attribute config.connection.credentials.tokenURL to Playbook. This attribute should be used to pass the VCP token url value
  • Stops using config.connection.credentials.idP.tokenURL for the VCP token url value
  • Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and errors will be reported at the end of the run. Courtesy of @maelvls
3807c0ba059f8a446f2590195083490ad572ee5d  vcert_v5.6.3_darwin.zip
4e7cb8c7b455f1bd7ccba2773d6fbe385aa93be5  vcert_v5.6.3_darwin_arm.zip
2ff618ab402cc989b01e3319926ee12572a416ec  vcert_v5.6.3_linux.zip
124b1a312d3f70d0c8fa0ffec33a8a6f6519fc34  vcert_v5.6.3_linux86.zip
ea124687845db01764328c3fbb39d78cb8403da3  vcert_v5.6.3_linux_arm.zip
55b253142e1029b77b0a631d3c167188766ff98d  vcert_v5.6.3_windows.zip
a0e1f367ddfe264a2ec1b0877c836e65a0ea4180  vcert_v5.6.3_windows86.zip
3c4dcd7fa2ca3df46d10bf50273b35f50b60b9fc  vcert_v5.6.3_windows_arm.zip

v5.6.2 Service account authentication for Venafi Control Plane

05 Apr 06:39
21228d0
Compare
Choose a tag to compare

VCert SDK:

  • Removes TenantID from endpoint.Authentication struct
  • cloud.Connector will use endpoint.Authentication.OAuthProvider.TokenURL instead of building the URL (using the
    tenantID) to obtain the access token

VCert CLI:

  • Removes --tenant-id flag for getcred command
  • Adds --token-url flag for getcred command

VCert Playbook:

  • Removes tenantId attribute from config.connection.credentials object
  • Now uses config.connection.credentials.idP.tokenURL for Venafi Control Plane service account authentication
ddf8e5a41a05e20b54238e4d48a4cf958ca30487  vcert_v5.6.2_darwin.zip
a3c987495b42ec0b511940bc1b70e9314e86d497  vcert_v5.6.2_darwin_arm.zip
c1a88bdcec87f4869a25b9b8b0c23dc58d10934a  vcert_v5.6.2_linux.zip
e820090cf84e97c770085d16dbdfc8ef693ace95  vcert_v5.6.2_linux86.zip
a5bc566abe21ec61a5910d0594912216419cf3cf  vcert_v5.6.2_linux_arm.zip
0e57d7c1dffe873655a4dab2ae67096a4fd5b6ba  vcert_v5.6.2_windows.zip
48ca70bb81b2f69bb2057e529b144c56dbeded83  vcert_v5.6.2_windows86.zip
405466cadb8f16a62a7655c4c492cb764782acc2  vcert_v5.6.2_windows_arm.zip

v5.6.1 Added User-Agent HTTP header to requests

02 Apr 21:53
39eb64f
Compare
Choose a tag to compare

VCert SDK:

  • Added User-Agent HTTP header to requests made by VCert. This enhancement allows PKI admins to keep track of VCert usage and to know which software is being used to connect to the REST API. User-Agent value is vcert/v5
3fda99b8353df7459f8388b4dacf6613a728154d  vcert_v5.6.1_darwin.zip
ea5352c40c621d053af1f201de8e2295a6951413  vcert_v5.6.1_darwin_arm.zip
b34e88225210289f8b2ac6cb3c580d289bb03e2d  vcert_v5.6.1_linux.zip
1d8df2544d2eeddc53f13ccc51a127b1e89c07f3  vcert_v5.6.1_linux86.zip
8f49394d1e6b666e57d3ddad93fe5a2c6fae66fe  vcert_v5.6.1_linux_arm.zip
592a9dff4a344bf918d143750ca8961310c53d25  vcert_v5.6.1_windows.zip
9794d674b7162d0626b8390e82ac659b7fe5e546  vcert_v5.6.1_windows86.zip
399748eb87c948058998b1e8c3ffb7ab24807a0c  vcert_v5.6.1_windows_arm.zip