diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c41090c..4e69755b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +v2.11.1 +- Bug Fix: added ability to set SSH port when managing Linux servers to Discovery jobs +- Added "@" as a valid character for Linux file paths + v2.11.0 - Added ability to set SSH port when managing Linux servers - Bug Fix - Issue adding new certificate with private key to RFPEM store on Windows diff --git a/README.md b/README.md index 6b055791..f82e541f 100644 --- a/README.md +++ b/README.md @@ -270,7 +270,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store - +
RFPEM (RFPEM) @@ -347,7 +347,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store -
+
RFPkcs12 (RFPkcs12) @@ -420,7 +420,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store -
+
RFDER (RFDER) @@ -494,7 +494,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store -
+
RFKDB (RFKDB) @@ -567,7 +567,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store -
+
RFORA (RFORA) @@ -641,7 +641,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store -
+ @@ -650,6 +650,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 1. **Download the latest Remote File Universal Orchestrator extension from GitHub.** Navigate to the [Remote File Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/remote-file-orchestrator/releases/latest). Refer to the compatibility matrix below to determine whether the `net6.0` or `net8.0` asset should be downloaded. Then, click the corresponding asset to download the zip archive. + | Universal Orchestrator Version | Latest .NET version installed on the Universal Orchestrator server | `rollForward` condition in `Orchestrator.runtimeconfig.json` | `remote-file-orchestrator` .NET version to download | | --------- | ----------- | ----------- | ----------- | | Older than `11.0.0` | | | `net6.0` | @@ -686,7 +687,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store To configure a PAM provider, [reference the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) to select an extension, and follow the associated instructions to install it on the Universal Orchestrator (remote). -> The above installation steps can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions). +> The above installation steps can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions). ## Post Installation @@ -793,6 +794,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
RFJKS (RFJKS) +### Store Creation + * **Manually with the Command UI**
Create Certificate Stores manually in the UI @@ -804,6 +807,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Add a Certificate Store.** Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFJKS" or the customized certificate store name from the previous step. | @@ -820,27 +824,9 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | - - - -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | - - Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- -
+ * **Using kfutil**
Create Certificate Stores with kfutil @@ -853,6 +839,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Populate the generated CSV file** Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFJKS" or the customized certificate store name from the previous step. | @@ -869,31 +856,30 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | + 3. **Import the CSV file to create the certificate stores** - + ```shell + kfutil stores import csv --store-type-name RFJKS --file RFJKS.csv + ``` -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator +* **PAM Provider Eligible Fields** +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | + If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | + | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | + | StorePassword | Password to use when reading/writing to store | - 3. **Import the CSV file to create the certificate stores** + Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - ```shell - kfutil stores import csv --store-type-name RFJKS --file RFJKS.csv - ``` + > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
@@ -901,6 +887,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
RFPEM (RFPEM) +### Store Creation + * **Manually with the Command UI**
Create Certificate Stores manually in the UI @@ -912,6 +900,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Add a Certificate Store.** Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFPEM" or the customized certificate store name from the previous step. | @@ -932,27 +921,9 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value' | - - - -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value' | - - Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- -
+ * **Using kfutil**
Create Certificate Stores with kfutil @@ -965,6 +936,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Populate the generated CSV file** Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFPEM" or the customized certificate store name from the previous step. | @@ -985,31 +957,30 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value' | + 3. **Import the CSV file to create the certificate stores** - + ```shell + kfutil stores import csv --store-type-name RFPEM --file RFPEM.csv + ``` -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator +* **PAM Provider Eligible Fields** +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value' | + If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | + | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | + | StorePassword | Password to use when reading/writing to store | - 3. **Import the CSV file to create the certificate stores** + Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - ```shell - kfutil stores import csv --store-type-name RFPEM --file RFPEM.csv - ``` + > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
@@ -1017,6 +988,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
RFPkcs12 (RFPkcs12) +### Store Creation + * **Manually with the Command UI**
Create Certificate Stores manually in the UI @@ -1028,6 +1001,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Add a Certificate Store.** Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFPkcs12" or the customized certificate store name from the previous step. | @@ -1044,27 +1018,9 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | - - - -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | - - Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- -
+ * **Using kfutil**
Create Certificate Stores with kfutil @@ -1077,6 +1033,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Populate the generated CSV file** Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFPkcs12" or the customized certificate store name from the previous step. | @@ -1093,31 +1050,30 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | + 3. **Import the CSV file to create the certificate stores** - + ```shell + kfutil stores import csv --store-type-name RFPkcs12 --file RFPkcs12.csv + ``` -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator +* **PAM Provider Eligible Fields** +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | + If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | + | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | + | StorePassword | Password to use when reading/writing to store | - 3. **Import the CSV file to create the certificate stores** + Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - ```shell - kfutil stores import csv --store-type-name RFPkcs12 --file RFPkcs12.csv - ``` + > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
@@ -1125,6 +1081,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
RFDER (RFDER) +### Store Creation + * **Manually with the Command UI**
Create Certificate Stores manually in the UI @@ -1136,6 +1094,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Add a Certificate Store.** Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFDER" or the customized certificate store name from the previous step. | @@ -1153,27 +1112,9 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | - - - -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | - - Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- -
+ * **Using kfutil**
Create Certificate Stores with kfutil @@ -1186,6 +1127,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Populate the generated CSV file** Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFDER" or the customized certificate store name from the previous step. | @@ -1203,31 +1145,30 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | + 3. **Import the CSV file to create the certificate stores** - + ```shell + kfutil stores import csv --store-type-name RFDER --file RFDER.csv + ``` -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator +* **PAM Provider Eligible Fields** +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | + If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | + | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | + | StorePassword | Password to use when reading/writing to store | - 3. **Import the CSV file to create the certificate stores** + Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - ```shell - kfutil stores import csv --store-type-name RFDER --file RFDER.csv - ``` + > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
@@ -1235,6 +1176,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
RFKDB (RFKDB) +### Store Creation + * **Manually with the Command UI**
Create Certificate Stores manually in the UI @@ -1246,6 +1189,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Add a Certificate Store.** Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFKDB" or the customized certificate store name from the previous step. | @@ -1262,27 +1206,9 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | - - - -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | - - Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- -
+ * **Using kfutil**
Create Certificate Stores with kfutil @@ -1295,6 +1221,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Populate the generated CSV file** Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFKDB" or the customized certificate store name from the previous step. | @@ -1311,31 +1238,30 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | + 3. **Import the CSV file to create the certificate stores** - + ```shell + kfutil stores import csv --store-type-name RFKDB --file RFKDB.csv + ``` -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator +* **PAM Provider Eligible Fields** +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | + If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | + | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | + | StorePassword | Password to use when reading/writing to store | - 3. **Import the CSV file to create the certificate stores** + Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - ```shell - kfutil stores import csv --store-type-name RFKDB --file RFKDB.csv - ``` + > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
@@ -1343,6 +1269,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
RFORA (RFORA) +### Store Creation + * **Manually with the Command UI**
Create Certificate Stores manually in the UI @@ -1354,6 +1282,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Add a Certificate Store.** Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFORA" or the customized certificate store name from the previous step. | @@ -1371,27 +1300,9 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | - - - -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | - - Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- -
+ * **Using kfutil**
Create Certificate Stores with kfutil @@ -1404,6 +1315,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store 2. **Populate the generated CSV file** Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | | --------- | ----------- | | Category | Select "RFORA" or the customized certificate store name from the previous step. | @@ -1421,31 +1333,30 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | - | Store Password | Password used to secure the Certificate Store | + 3. **Import the CSV file to create the certificate stores** - + ```shell + kfutil stores import csv --store-type-name RFORA --file RFORA.csv + ``` -
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator +* **PAM Provider Eligible Fields** +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator - If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - | Attribute | Description | - | --------- | ----------- | - | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | - | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | - | Store Password | Password used to secure the Certificate Store | + If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. - > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. -
- + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | + | ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | + | StorePassword | Password to use when reading/writing to store | - 3. **Import the CSV file to create the certificate stores** + Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. - ```shell - kfutil stores import csv --store-type-name RFORA --file RFORA.csv - ``` + > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
diff --git a/RemoteFile/Discovery.cs b/RemoteFile/Discovery.cs index fe4d40b8..b820b1f6 100644 --- a/RemoteFile/Discovery.cs +++ b/RemoteFile/Discovery.cs @@ -58,7 +58,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd ApplicationSettings.Initialize(this.GetType().Assembly.Location); - certificateStore = new RemoteCertificateStore(config.ClientMachine, userName, userPassword, directoriesToSearch[0].Substring(0, 1) == "/" ? RemoteCertificateStore.ServerTypeEnum.Linux : RemoteCertificateStore.ServerTypeEnum.Windows); + certificateStore = new RemoteCertificateStore(config.ClientMachine, userName, userPassword, directoriesToSearch[0].Substring(0, 1) == "/" ? RemoteCertificateStore.ServerTypeEnum.Linux : RemoteCertificateStore.ServerTypeEnum.Windows, ApplicationSettings.SSHPort); certificateStore.Initialize(ApplicationSettings.DefaultSudoImpersonatedUser); if (directoriesToSearch.Length == 0) diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs index b550113e..cada5195 100644 --- a/RemoteFile/RemoteCertificateStore.cs +++ b/RemoteFile/RemoteCertificateStore.cs @@ -96,7 +96,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas logger.MethodExit(LogLevel.Debug); } - internal RemoteCertificateStore(string server, string serverId, string serverPassword, ServerTypeEnum serverType) + internal RemoteCertificateStore(string server, string serverId, string serverPassword, ServerTypeEnum serverType, int sshPort) { logger = LogHandler.GetClassLogger(this.GetType()); logger.MethodEntry(LogLevel.Debug); @@ -105,6 +105,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas ServerId = serverId; ServerPassword = serverPassword ?? string.Empty; ServerType = serverType; + SSHPort = sshPort; logger.MethodExit(LogLevel.Debug); } @@ -148,11 +149,11 @@ internal List FindStores(string[] paths, string[] extensions, string[] f logger.MethodEntry(LogLevel.Debug); if (!AreValuesSafeRegex(paths)) - throw new RemoteFileException(@"Invalid/unsafe directories to search value supplied. Only alphanumeric, /, and \ characters are allowed."); + throw new RemoteFileException(@"Invalid/unsafe directories to search value supplied. Only alphanumeric characters are allowed along with special characters of @ and / (Linux) and : and \ (Windows)."); if (!AreValuesSafeRegex(extensions)) - throw new RemoteFileException(@"Invalid/unsafe file extension value supplied. Only alphanumeric, /, and \ characters are allowed."); + throw new RemoteFileException(@"Invalid/unsafe file extension value supplied. Only alphanumeric characters are allowed along with special characters of @ and / (Linux) and : and \ (Windows)."); if (!AreValuesSafeRegex(files)) - throw new RemoteFileException(@"Invalid/unsafe file name value supplied. Only alphanumeric, /, and \ characters are allowed."); + throw new RemoteFileException(@"Invalid/unsafe file name value supplied. Only alphanumeric characters are allowed along with special characters of @ and / (Linux) and : and \ (Windows)."); logger.MethodExit(LogLevel.Debug); @@ -510,7 +511,7 @@ private bool IsValueSafeRegex(string value) { logger.MethodEntry(LogLevel.Debug); - Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-_/.]*$" : $@"^[\d\s\w-_/.:)(\\\\]*$"); + Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-_/@.]*$" : $@"^[\d\s\w-_/.:)(\\\\]*$"); logger.MethodExit(LogLevel.Debug);