Skip to content

v5.7.1 Support for VCP Provisioning

Latest
Latest
Compare
Choose a tag to compare
@vfidevbot vfidevbot released this 07 Jun 18:18
· 18 commits to master since this release
v5.7.1
bbf788e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

VCert SDK

This enables a new method Provision Certificate where you can provide:

  • Certificate ID or Pickup ID (a.k.a Request ID in VCP)
  • Keystore ID: The ID in VCP where you chose to perform provisioning
  • Keystore Name: Name of your Cloud Keystore (along with Provider Name)
  • Provider Name: Name of yout Cloud Provider (along with Keystore Name)
  • Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.
  • Certificate Name: Name of the certificate that should have when provisioned (valid for Azure Key Vault or Google Certificate Manager)
  • ARN: AWS Resource Name. To be specified in case of doing a certificate replacement, in which you would point to an already existing ARN.

Important

⚠️ This is a breaking change against the previous v5.7.0 pre-release, since now we removed the ProvisionCertificate function
from endpoint.go file and thus removing it to be defined for other connectors, since this provision feature only makes sense
for Venafi Control Plane's perspective

VCert CLI

Enabled command provision and subcommand cloudkeystore which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:

  • --certificate-id: The id of the certificate to be provisioned to a cloud keystore.
  • --keystore-id: The id of the cloud keystore where the certificate will be provisioned.
  • --keystore-name: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.
  • --pickup-id: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.
  • --provider-name: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.
  • --certificate-name: Use to specify Cloud Keystore Certificate Name to be set or replaced by provisioned certificate (only for Azure Key Vault and Google Certificate Manager)
  • --arn: Use to specify AWS Resource Name which provisioned certificate will replace (only for AWS Certificate Manager)

Example returned info for Azure Key Vault:

cloudId: https://my-key-vault.vault.azure.net/certificates/something-venafi-example-com/asdf4q23g528cuhip4bjdeonvszr0fnc6
azureName: something-venafi-example-com
azureVersion: asdf4q23g528cuhip4bjdeonvszr0fnc6
machineIdentityId: 9326192f-30a6-47f2-8b95-3523d3eacd68
machineIdentityActionType: New

Notice cloudId, which is the generic ID of the Cloud platform where your certificate is located.

To find out more, check here

NEW CHANGES

VCert Playbook

Enhancements:

  • Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

Fixes:

  • Fixes issue when default time and thus timeout attribute works correctly as it should had in request block. (PR#476)
  • Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)
06098debc2560701f3763b954260ddcaf8354bea  vcert_v5.7.1_darwin.zip
141f07fe6d50b76d3fdef22ec42544a25aad1b96  vcert_v5.7.1_darwin_arm.zip
ae78e784ee6e683bc502fab809b5d1e02597ab4d  vcert_v5.7.1_linux.zip
eb5ceeaf1636b0b49c5c79b0f86d04e7e24a8fc1  vcert_v5.7.1_linux86.zip
32fc59bbba619a20d4556c4c47ebf27256cfd268  vcert_v5.7.1_linux_arm.zip
87cb9fdf0faaf26ffd3fc83d7647d042f4e7b04b  vcert_v5.7.1_windows.zip
0d1120f6773186175bede431b63543648cb7c90d  vcert_v5.7.1_windows86.zip
b6b45cb1ce9d83ef549b36e6d1ea454ddccc0964  vcert_v5.7.1_windows_arm.zip
Assets 10
Loading