Combine chain certs #19
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated to new workflow
…hashicorp-vault-orchestrator into changes-before-public
…shicorp-vault-orchestrator into kv-sub-path-support
…shicorp-vault-orchestrator into kv-sub-path-support
Approving Adam's changes to store the unencrypted private key and not the secret.
Allows Cert Stores to be allow a boolean value for SubfolderInventory. Allows inventory to be done on a root storepath and all of the component/subdirectories. Included documentation update to README.md
Adds toggle for recursive subfolder inventory
…shicorp-vault-orchestrator into kv-sub-path-support
Ran into errors when a storePath contained secrets that were not in the correct format. If the secret did not contain the keys PUBLIC_KEY, and PRIVATE_KEY inventory jobs would stop and discontinue. (At the point it met the "unexpected" secret) Code implemented here will ignore secrets that do not include the correct keys in the "secret". Added a note in regards to this to the documentation.
…rets Adding InputValidation for KeyValue secrets
…shicorp-vault-orchestrator into kv-sub-path-support
…icorp-vault-orchestrator into include-pem-chain
…icorp-vault-orchestrator into include-pem-chain
…shicorp-vault-orchestrator into combine_chain_certs
…shicorp-vault-orchestrator into combine_chain_certs
fiddlermikey
added a commit
that referenced
this pull request
Jun 28, 2023
* Kv sub path support (#12) * updated to support 2 store types. HCVKV and HCV. * Updated to distinguish between multiple supported store types. * updated doc to reflect multiple store type configs. * removed sensitive info from tracelog. * Removed KEY_SECRET from PutCertificate Task * Modified PutCertificate to include ---BEGIN ----END banners (for key+cert) * Allows Cert Stores to be allow a boolean value for SubfolderInventory. Allows inventory to be done on a root storepath and all of the component/subdirectories. Included documentation update to README.md * Adding InputValidation for KeyValue secrets * Update generated README * Include pem chain (#17) * Fixed store path and mount point mapping * Fixed issue with path not being resolved before attempting to write cert. * Allows for Recursive subfolder inventory * Update readme to call out cert store limits * Adding InputValidation for KeyValue secrets * including certificate chain when enrolling via platform. * added flag on store type to indicate whether to include cert chain * fixed issue when checking for revocation time for inventory. * Combine chain certs (#19) * updated documentation to store Vault token as a secret instead of plain string. * Updated property names. now including full chain in ca_chain field. * fixed issue with revocation time check. * updated fields. the full chain is now stored in certificate if selected. * Fixed issue where improperly formatted secrets would cause inventory to bail. * Update changelog version info * updated integration manifest * Update generated README * Create keyfactor-merge-store-types.yml --------- Co-authored-by: Joe VanWanzeele <76071503+joevanwanzeeleKF@users.noreply.github.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> Co-authored-by: Michael Henderson <mhenderson@keyfactor.com> Co-authored-by: JoeKF <jvanwanzeele@keyfactor.com>
fiddlermikey
added a commit
that referenced
this pull request
Jun 28, 2023
* Kv sub path support (#12) * updated to support 2 store types. HCVKV and HCV. * Updated to distinguish between multiple supported store types. * updated doc to reflect multiple store type configs. * removed sensitive info from tracelog. * Removed KEY_SECRET from PutCertificate Task * Modified PutCertificate to include ---BEGIN ----END banners (for key+cert) * Allows Cert Stores to be allow a boolean value for SubfolderInventory. Allows inventory to be done on a root storepath and all of the component/subdirectories. Included documentation update to README.md * Adding InputValidation for KeyValue secrets * Update generated README * Include pem chain (#17) * Fixed store path and mount point mapping * Fixed issue with path not being resolved before attempting to write cert. * Allows for Recursive subfolder inventory * Update readme to call out cert store limits * Adding InputValidation for KeyValue secrets * including certificate chain when enrolling via platform. * added flag on store type to indicate whether to include cert chain * fixed issue when checking for revocation time for inventory. * Combine chain certs (#19) * updated documentation to store Vault token as a secret instead of plain string. * Updated property names. now including full chain in ca_chain field. * fixed issue with revocation time check. * updated fields. the full chain is now stored in certificate if selected. * Fixed issue where improperly formatted secrets would cause inventory to bail. * Update changelog version info * updated integration manifest * Update generated README * Create keyfactor-merge-store-types.yml --------- Co-authored-by: Joe VanWanzeele <76071503+joevanwanzeeleKF@users.noreply.github.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> Co-authored-by: Michael Henderson <mhenderson@keyfactor.com> Co-authored-by: JoeKF <jvanwanzeele@keyfactor.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added support for storing certs in sub-paths
Updated documentation to specify storing the token as a secret.
Breaking Change: the properties have been renamed from:
PUBLIC_KEYtocertificatePRIVATE_KEYtoprivate_keyPUBLIC_KEY_<n>for each CA chain certificate toca_chainBreaking Change: Added a flag on the Keyfactor Certificate store definition to indicate whether to store the full CA chain along with the certificate
ca_chaincontains all certificates in the CA chain, including the leaf.