From b97afdb8e55bb688a096aa163a7e2207945a6679 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 22 Oct 2025 09:59:54 -0700 Subject: [PATCH 1/6] fix(ci): Update store-type merge logic to handle ref=main and not commit to this repo's main. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- .github/workflows/update-stores.yml | 39 ++++++++++++++++------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index e2140eb..1330fe9 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -28,6 +28,15 @@ jobs: run: | echo "TARGET_REPO_BRANCH=${{ github.event.client_payload.targetRef }}" | tee -a $GITHUB_ENV echo "KFUTIL_ARG=${{ github.event.client_payload.targetRepo }}" | tee -a $GITHUB_ENV + - name: Set Branch Name based on targetRef + id: set-branch-name + run: | + if [ "${{ env.TARGET_REPO_BRANCH }}" == "main" ]; then + echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}_${{ env.TARGET_REPO_BRANCH }}" | tee -a $GITHUB_ENV + else + echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}" | tee -a $GITHUB_ENV + fi + - name: Check Open PRs for Existing Branch id: check-branch uses: actions/github-script@v7 @@ -41,8 +50,8 @@ jobs: repo, state: "open" }); - // Filter out ones matching the KFUTIL_ARG from payload (repository_dispatch) or input (workflow_dispatch) - const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.KFUTIL_ARG }}'); // Look for an existing branch with the orchestrator repo name + // Filter out ones matching our branch naming convention + const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.BRANCH_NAME }}'); const isBranch = (filteredData.length > 0) if (isBranch) { const { @@ -54,9 +63,9 @@ jobs: } else { core.setOutput('PR_BRANCH', 'create') // No branch, create one } - console.log(`Branch exists?`) - console.log(filteredData.length > 0) - console.log(`targetRepo: ${{env.KFUTIL_ARG}}`) + console.log(`Branch exists? ${filteredData.length > 0}`) + console.log(`Branch name: ${{env.BRANCH_NAME}}`) + - name: set env.PR_BRANCH value for jobs run: | echo "PR_BRANCH=${{steps.check-branch.outputs.PR_BRANCH}}" | tee -a $GITHUB_ENV @@ -72,7 +81,7 @@ jobs: cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} - ref: '${{env.KFUTIL_ARG}}' + ref: '${{env.BRANCH_NAME}}' # If the branch does not exist, first check out the main branch from kfutil. - name: Check out main @@ -160,13 +169,13 @@ jobs: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: add: | - store_types.json + store_types.json ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io cwd: './merge-folder/' - new_branch: ${{env.KFUTIL_ARG}} + new_branch: ${{env.BRANCH_NAME}} - name: Add and Commit to existing branch if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'commit' }} @@ -187,18 +196,14 @@ jobs: uses: actions/github-script@v7 with: script: | - console.log(`Created ${{env.KFUTIL_ARG}} `) - console.log("Commit to ${{env.KFUTIL_ARG}} for PR") + console.log(`Created ${{env.BRANCH_NAME}} `) + console.log("Commit to ${{env.BRANCH_NAME}} for PR") const owner = context.repo.owner; const repo = context.repo.repo; - - // Get the current branch name that the workflow is running on - const baseBranch = context.payload.ref ? + const baseBranch = context.payload.ref ? context.payload.ref.replace('refs/heads/', '') : 'main'; - console.log(`Base branch for PR: ${baseBranch}`); - - const newBranch = '${{env.KFUTIL_ARG}}'; + const newBranch = '${{env.BRANCH_NAME}}'; const response = await github.rest.pulls.create({ owner, repo, @@ -208,5 +213,3 @@ jobs: body: 'The cert store update from ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} needs to be verified and merged if correct.', }); console.log(`Pull request created: ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} : ${response.data.html_url}`); - env: - GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }} From a20ee50c0c037831ff14f12ade9e47a10c7dba4b Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 22 Oct 2025 17:03:30 +0000 Subject: [PATCH 2/6] Update store_types.json for all:main --- cmd/store_types.json | 239 ++++++++++++++++++++++++++++++++++++++++++- store_types.json | 239 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 470 insertions(+), 8 deletions(-) diff --git a/cmd/store_types.json b/cmd/store_types.json index 6fac9af..b3152c9 100644 --- a/cmd/store_types.json +++ b/cmd/store_types.json @@ -17,6 +17,19 @@ "OnRemove": false, "OnReenrollment": false } + }, + { + "Name": "PreserveExistingTags", + "DisplayName": "Preserve Existing Tags", + "Description": "If true, this will perform a union of any tags provided with enrollment with the tags on the existing cert with the same alias and apply the result to the new certificate.", + "Type": "Bool", + "DefaultValue": "False", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } } ], "JobProperties": [], @@ -957,7 +970,7 @@ "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden", - "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the the \"host\" value from the API credentials file.", + "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the \"host\" value from the API credentials file.", "StorePathDescription": "The Akamai network the certificate will be managed from. Value can be either \"Production\" or \"Staging\"." }, { @@ -1064,6 +1077,77 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, + { + "Name": "Axis IP Camera", + "ShortName": "AxisIPCamera", + "Capability": "AxisIPCamera", + "ServerRequired": true, + "BlueprintAllowed": false, + "PowerShell": false, + "CustomAliasAllowed": "Required", + "PrivateKeyAllowed": "Forbidden", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the username of the configured \"service\" user on the camera" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the password of the configured \"service\" user on the camera" + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be \"True\"" + } + ], + "EntryParameters": [ + { + "Name": "CertUsage", + "DisplayName": "Certificate Usage", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": false, + "OnReenrollment": true + }, + "Options": "HTTPS,IEEE802.X,MQTT,Trust,Other", + "Description": "The Certificate Usage to assign to the cert after enrollment. Can be left 'Other' to be assigned later." + } + ], + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `0b7c3d2f9e8a`", + "StorePathType": "", + "StorePathValue": "", + "JobProperties": [] + }, { "Name": "Azure App Registration (Application)", "ShortName": "AzureApp", @@ -1481,6 +1565,99 @@ "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" }, + { + "Name": "Bosch IP Camera", + "ShortName": "BoschIPCamera", + "Capability": "BoschIPCamera", + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": false + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the username of the configured \"service\" user on the camera" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the password of the configured \"service\" user on the camera" + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera." + } + ], + "EntryParameters": [ + { + "Name": "CertificateUsage", + "DisplayName": "Certificate Usage", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client", + "Description": "The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later." + }, + { + "Name": "Name", + "DisplayName": "Name (Alias)", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "Description": "The certificate Alias, entered again." + }, + { + "Name": "Overwrite", + "DisplayName": "Overwrite", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "false", + "Description": "Select `True` if using an existing Alias name to remove and replace an existing certificate." + } + ], + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" + }, { "Name": "CiscoAsa", "ShortName": "CiscoAsa", @@ -3133,7 +3310,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -4055,6 +4232,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4169,6 +4355,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4283,6 +4478,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4406,6 +4610,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4556,6 +4769,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4670,6 +4892,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -5015,7 +5246,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -5150,7 +5381,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Optional string value specifying the name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing private keys. Example: 'Microsoft Strong Cryptographic Provider'." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", diff --git a/store_types.json b/store_types.json index 6fac9af..b3152c9 100644 --- a/store_types.json +++ b/store_types.json @@ -17,6 +17,19 @@ "OnRemove": false, "OnReenrollment": false } + }, + { + "Name": "PreserveExistingTags", + "DisplayName": "Preserve Existing Tags", + "Description": "If true, this will perform a union of any tags provided with enrollment with the tags on the existing cert with the same alias and apply the result to the new certificate.", + "Type": "Bool", + "DefaultValue": "False", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } } ], "JobProperties": [], @@ -957,7 +970,7 @@ "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden", - "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the the \"host\" value from the API credentials file.", + "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the \"host\" value from the API credentials file.", "StorePathDescription": "The Akamai network the certificate will be managed from. Value can be either \"Production\" or \"Staging\"." }, { @@ -1064,6 +1077,77 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, + { + "Name": "Axis IP Camera", + "ShortName": "AxisIPCamera", + "Capability": "AxisIPCamera", + "ServerRequired": true, + "BlueprintAllowed": false, + "PowerShell": false, + "CustomAliasAllowed": "Required", + "PrivateKeyAllowed": "Forbidden", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the username of the configured \"service\" user on the camera" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the password of the configured \"service\" user on the camera" + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be \"True\"" + } + ], + "EntryParameters": [ + { + "Name": "CertUsage", + "DisplayName": "Certificate Usage", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": false, + "OnReenrollment": true + }, + "Options": "HTTPS,IEEE802.X,MQTT,Trust,Other", + "Description": "The Certificate Usage to assign to the cert after enrollment. Can be left 'Other' to be assigned later." + } + ], + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `0b7c3d2f9e8a`", + "StorePathType": "", + "StorePathValue": "", + "JobProperties": [] + }, { "Name": "Azure App Registration (Application)", "ShortName": "AzureApp", @@ -1481,6 +1565,99 @@ "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" }, + { + "Name": "Bosch IP Camera", + "ShortName": "BoschIPCamera", + "Capability": "BoschIPCamera", + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": false + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the username of the configured \"service\" user on the camera" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the password of the configured \"service\" user on the camera" + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera." + } + ], + "EntryParameters": [ + { + "Name": "CertificateUsage", + "DisplayName": "Certificate Usage", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client", + "Description": "The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later." + }, + { + "Name": "Name", + "DisplayName": "Name (Alias)", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "Description": "The certificate Alias, entered again." + }, + { + "Name": "Overwrite", + "DisplayName": "Overwrite", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "false", + "Description": "Select `True` if using an existing Alias name to remove and replace an existing certificate." + } + ], + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" + }, { "Name": "CiscoAsa", "ShortName": "CiscoAsa", @@ -3133,7 +3310,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -4055,6 +4232,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4169,6 +4355,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4283,6 +4478,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4406,6 +4610,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4556,6 +4769,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4670,6 +4892,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -5015,7 +5246,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -5150,7 +5381,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Optional string value specifying the name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing private keys. Example: 'Microsoft Strong Cryptographic Provider'." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", From 8c13152411e5ebec8fe2081b27e7e065848a8ab4 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 22 Oct 2025 10:26:22 -0700 Subject: [PATCH 3/6] fix(store-types): Remove `BIPCamera` Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- cmd/store_types.json | 93 -------------------------------------------- store_types.json | 93 -------------------------------------------- 2 files changed, 186 deletions(-) diff --git a/cmd/store_types.json b/cmd/store_types.json index b3152c9..a8314b3 100644 --- a/cmd/store_types.json +++ b/cmd/store_types.json @@ -1472,99 +1472,6 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, - { - "Name": "Bosch IP Camera", - "ShortName": "BIPCamera", - "Capability": "BIPCamera", - "PrivateKeyAllowed": "Optional", - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required", - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": false, - "Enrollment": true, - "Remove": false - }, - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "Properties": [ - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false, - "Description": "Enter the username of the configured \"service\" user on the camera" - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false, - "Description": "Enter the password of the configured \"service\" user on the camera" - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true, - "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera." - } - ], - "EntryParameters": [ - { - "Name": "CertificateUsage", - "DisplayName": "Certificate Usage", - "Type": "MultipleChoice", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client", - "Description": "The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later." - }, - { - "Name": "Name", - "DisplayName": "Name (Alias)", - "Type": "String", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": true - }, - "Description": "The certificate Alias, entered again." - }, - { - "Name": "Overwrite", - "DisplayName": "Overwrite", - "Type": "Bool", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "DefaultValue": "false", - "Description": "Select `True` if using an existing Alias name to remove and replace an existing certificate." - } - ], - "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", - "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" - }, { "Name": "Bosch IP Camera", "ShortName": "BoschIPCamera", diff --git a/store_types.json b/store_types.json index b3152c9..a8314b3 100644 --- a/store_types.json +++ b/store_types.json @@ -1472,99 +1472,6 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, - { - "Name": "Bosch IP Camera", - "ShortName": "BIPCamera", - "Capability": "BIPCamera", - "PrivateKeyAllowed": "Optional", - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required", - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": false, - "Enrollment": true, - "Remove": false - }, - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "Properties": [ - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false, - "Description": "Enter the username of the configured \"service\" user on the camera" - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false, - "Description": "Enter the password of the configured \"service\" user on the camera" - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true, - "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera." - } - ], - "EntryParameters": [ - { - "Name": "CertificateUsage", - "DisplayName": "Certificate Usage", - "Type": "MultipleChoice", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client", - "Description": "The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later." - }, - { - "Name": "Name", - "DisplayName": "Name (Alias)", - "Type": "String", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": true - }, - "Description": "The certificate Alias, entered again." - }, - { - "Name": "Overwrite", - "DisplayName": "Overwrite", - "Type": "Bool", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "DefaultValue": "false", - "Description": "Select `True` if using an existing Alias name to remove and replace an existing certificate." - } - ], - "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", - "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" - }, { "Name": "Bosch IP Camera", "ShortName": "BoschIPCamera", From 103ac4b9e40185d1f7c8b8e2642b25a9daacbe27 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 22 Oct 2025 10:30:58 -0700 Subject: [PATCH 4/6] chore(docs): Update CHANGELOG.md Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- CHANGELOG.md | 6 ++++++ store_types.json | 28 ---------------------------- 2 files changed, 6 insertions(+), 28 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 133364f..5db9d12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# v1.8.4 + +## Chores + +- `store-types`: Update internal definitions to latest from Keyfactor GitHub repos. + # v1.8.3 ## Chores diff --git a/store_types.json b/store_types.json index a8314b3..02eed62 100644 --- a/store_types.json +++ b/store_types.json @@ -434,34 +434,6 @@ "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." }, - { - "Name": "Airlock Application Firewall Certificate", - "ShortName": "AirlockWAF", - "Capability": "AirlockWAF", - "LocalStore": false, - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": true, - "Enrollment": false, - "Remove": false - }, - "Properties": [], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": true, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Required", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Allowed" - }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", From 7a0834433b8b1f8c6e414fc45fd09c41a9289920 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 22 Oct 2025 10:31:41 -0700 Subject: [PATCH 5/6] chore(PKG): Bump internal version Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- pkg/version/version.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/version/version.go b/pkg/version/version.go index 85a1ebe..bdafaf6 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -15,7 +15,7 @@ package version var ( - VERSION = "1.8.4" - BUILD_DATE = "2025-09-10" + VERSION = "1.8.5" + BUILD_DATE = "2025-10-22" COMMIT = "HEAD" ) From fd8665be3fd8e0c8478e2c5d26b1ea5c291cadd2 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 22 Oct 2025 10:37:18 -0700 Subject: [PATCH 6/6] chore(docs): Update CHANGELOG.md Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5db9d12..e5ade56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# v1.8.5 + +## Chores + +- `store-types`: Rename `BIPCamera` to `BoschIPCamera` store-type. +- `store-types`: Add `AxisIPCamera` store-type. +- `store-types`: Update internal definitions to latest from Keyfactor GitHub repos. + # v1.8.4 ## Chores