v5.7.2 Minor Enhancements and Bug Fixes

VCert CLI and SDK

• Enhances VCert to validate in preflight if the certificate about to be provisioned is expired. [PR-498]

VCert CLI

• Fixes warning behavior when providing a platform using plataform flag is set. [PR-499]
• Fixes some mentions of old flag --idp-jwt to current one --external-jwt. [PR-518]

VCert Playbook

• Fixes bug that would prevent VCert to work on proxy environments. [PR-532]

5204249d20276687b4241b875d17f0d6d12bfef0  vcert_v5.7.2_darwin.zip
17f0c2f33dd1b0f37fdfaabb04a97a53720c557b  vcert_v5.7.2_darwin_arm.zip
489dadf6b0ea10d5285c342b38d4aff6c91eb826  vcert_v5.7.2_linux.zip
8b49d3f9b57b38e588252553a44425a65e3f5051  vcert_v5.7.2_linux86.zip
62b3f9ba282ed34696ed4fa578c258b4af102975  vcert_v5.7.2_linux_arm.zip
af65700415278dbc13d74b7c56892bd63e08d22b  vcert_v5.7.2_windows.zip
56f8c6cfb46dcf7bd50324b005b81bbc1b8ec9d2  vcert_v5.7.2_windows86.zip
049f43329cfdb7560821ba203273d67fbfba2435  vcert_v5.7.2_windows_arm.zip

v5.7.1 Support for VCP Provisioning

VCert SDK

This enables a new method Provision Certificate where you can provide:

• Certificate ID or Pickup ID (a.k.a Request ID in VCP)
• Keystore ID: The ID in VCP where you chose to perform provisioning
• Keystore Name: Name of your Cloud Keystore (along with Provider Name)
• Provider Name: Name of yout Cloud Provider (along with Keystore Name)
• Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.
• Certificate Name: Name of the certificate that should have when provisioned (valid for Azure Key Vault or Google Certificate Manager)
• ARN: AWS Resource Name. To be specified in case of doing a certificate replacement, in which you would point to an already existing ARN.

Important

⚠️ This is a breaking change against the previous v5.7.0 pre-release, since now we removed the ProvisionCertificate function
from endpoint.go file and thus removing it to be defined for other connectors, since this provision feature only makes sense
for Venafi Control Plane's perspective

VCert CLI

Enabled command provision and subcommand cloudkeystore which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:

• --certificate-id: The id of the certificate to be provisioned to a cloud keystore.
• --keystore-id: The id of the cloud keystore where the certificate will be provisioned.
• --keystore-name: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.
• --pickup-id: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.
• --provider-name: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.
• --certificate-name: Use to specify Cloud Keystore Certificate Name to be set or replaced by provisioned certificate (only for Azure Key Vault and Google Certificate Manager)
• --arn: Use to specify AWS Resource Name which provisioned certificate will replace (only for AWS Certificate Manager)

Example returned info for Azure Key Vault:

cloudId: https://my-key-vault.vault.azure.net/certificates/something-venafi-example-com/asdf4q23g528cuhip4bjdeonvszr0fnc6
azureName: something-venafi-example-com
azureVersion: asdf4q23g528cuhip4bjdeonvszr0fnc6
machineIdentityId: 9326192f-30a6-47f2-8b95-3523d3eacd68
machineIdentityActionType: New

Notice cloudId, which is the generic ID of the Cloud platform where your certificate is located.

To find out more, check here

NEW CHANGES

VCert Playbook

Enhancements:

• Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

Fixes:

• Fixes issue when default time and thus timeout attribute works correctly as it should had in request block. (PR#476)
• Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)

06098debc2560701f3763b954260ddcaf8354bea  vcert_v5.7.1_darwin.zip
141f07fe6d50b76d3fdef22ec42544a25aad1b96  vcert_v5.7.1_darwin_arm.zip
ae78e784ee6e683bc502fab809b5d1e02597ab4d  vcert_v5.7.1_linux.zip
eb5ceeaf1636b0b49c5c79b0f86d04e7e24a8fc1  vcert_v5.7.1_linux86.zip
32fc59bbba619a20d4556c4c47ebf27256cfd268  vcert_v5.7.1_linux_arm.zip
87cb9fdf0faaf26ffd3fc83d7647d042f4e7b04b  vcert_v5.7.1_windows.zip
0d1120f6773186175bede431b63543648cb7c90d  vcert_v5.7.1_windows86.zip
b6b45cb1ce9d83ef549b36e6d1ea454ddccc0964  vcert_v5.7.1_windows_arm.zip

v5.7.0: Support for VCP Provisioning - (Pre-release)

NEW FEATURE: Support for VCP Provisioning

Added new feature that allows users to provision certificates from VCP

VCert SDK

This enables a new method Provision Certificate where you can provide:

• Certificate ID or Pickup ID (a.k.a Request ID in VCP)
• Keystore ID: The ID in VCP where you chose to perform provisioning
• Keystore Name: Name of your Cloud Keystore (along with Provider Name)
• Provider Name: Name of yout Cloud Provider (along with Keystore Name)
• Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.

VCert CLI

Enabled command provision and subcommand cloudkeystore which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:

• --certificate-id: The id of the certificate to be provisioned to a cloud keystore.
• --keystore-id: The id of the cloud keystore where the certificate will be provisioned.
• --keystore-name: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.
• --pickup-id: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.
• --provider-name: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag. |

To find out more, check here

NEW CHANGES

VCert Playbook

Enhancements:

• Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

Fixes:

• Fixes issue when default time and thus timeout attribute works correctly as it should had in request block. (PR#476)
• Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)

f4ed7ab4f1ed1b3c081261eaf515d78b459a5634  vcert_v5.7.0_darwin.zip
ca664fa67a5f42f5e253fbded9b7d00da64d31eb  vcert_v5.7.0_darwin_arm.zip
fc0dc007255da2a2da92d4da212247c549740844  vcert_v5.7.0_linux.zip
5eb11699b2f609cbf7e3e88169ae1a382bbbd282  vcert_v5.7.0_linux86.zip
5e80627e9f4aaf619c11b579a83a24dc5ed388f8  vcert_v5.7.0_linux_arm.zip
48455cf508aab24e5684b03d4663f3b526035266  vcert_v5.7.0_windows.zip
b2d02e5026fb3893c268154571963b0555233c2f  vcert_v5.7.0_windows86.zip
2dcfb190cfcbfdf4ff86fb3a30a89dceefa37b50  vcert_v5.7.0_windows_arm.zip

v5.7.0-rc2

NEW CHANGES

VCert SDK

Enhancements

• Enables Certificate Provisioning with Service Account Auth (PR#473)
• Adds ability to provision certificate using keystore and provider name (PR#469)

Fixes:

• Fixes graphql client initialization in cloud connector (PR#477)
• Exposes GetCloudKestoreByName in Cloud Connector (VCP) (PR#479)
• Enables graphclient in singleton, sets user agent and exposes GetCloudProviderByName in Cloud Connector (PR#474)

VCert Playbook

Enhancements:

• Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

Fixes:

• Fixes issue when default time and thus timeout attribute works correctly as it should had in request block. (PR#476)
• Fixes issue of environment variables are not set by allowing default values when setting an environment variable. (PR#472)

e748bad6f52ea00ff323836ff4e77f963cc07f14  vcert_v5.7.0-rc2_darwin.zip
24a0318de995290a9b8d9224b19e5b3a050bb046  vcert_v5.7.0-rc2_darwin_arm.zip
d29d290accb592e709b60f3153d0d100a779ec01  vcert_v5.7.0-rc2_linux.zip
3cd9c04c891e5a697f255f159e970685e33b5705  vcert_v5.7.0-rc2_linux86.zip
b80f966afb87f41ec0327c4a230e4143d31b3aac  vcert_v5.7.0-rc2_linux_arm.zip
7b778b0a0d4f3c1c74f62002b53d643961b5c931  vcert_v5.7.0-rc2_windows.zip
ffec942f2c784f20c012ed0238175cfaad69e419  vcert_v5.7.0-rc2_windows86.zip
e004c02e2116a8f6a075c725adb64d1a1ded377e  vcert_v5.7.0-rc2_windows_arm.zip

5.7.0-rc1: Support for VCP Provisioning (VCert SDK)

NEW FEATURE: Support for VCP Provisioning (api-key support only)

VCert SDK

Added new feature that allows users to provision certificates from VCP using VCert SDK. This enables a new method Provision Certificate where you can provide:

• Certificate ID or Pickup ID (a.k.a Request ID in VCP)
• Keystore ID: The ID in VCP where you chose to perform provisioning
  (PR#461)

Enhancements:

VCert SDK

• Only call DEK endpoints if the CSR is a ServiceGeneratedCSR (PR#450)

VCert Playbook

• Enables direct supply of a valid accessToken via the playbook for VCP, improves errors on expired access token as well as improves playbook validation for VCP credentials, and prevents more than one kind of credential to be set. (PR#456) (PR#457)

General Fixes

VCert SDK

• Fixed Cloud toPolicy SAN regex processing (PR#449)
• Fixed issue with local generated CSR in cloud connector(PR#455

0e27f9a4cb4b098adcf93dd9eeac9ce4c3058837  vcert_5.7.0-rc1_darwin.zip
0815af70d11a4e5711b600724e8823dd69981876  vcert_5.7.0-rc1_darwin_arm.zip
6a04ef5145d476741d314f459f12beb876e2f8d4  vcert_5.7.0-rc1_linux.zip
67a5602a6b777c36762658667f4c017dd119f350  vcert_5.7.0-rc1_linux86.zip
5df51e60a319a2ba72cb28c1994238c278f36262  vcert_5.7.0-rc1_linux_arm.zip
9b55b3372323ede99b3e6caf7a5d237ac45eee27  vcert_5.7.0-rc1_windows.zip
c2c74666ebd14d30ec01cbe509a0c10f46e0cddc  vcert_5.7.0-rc1_windows86.zip
6183b92389e847f68362904bc35ea5e9fcea4af3  vcert_5.7.0-rc1_windows_arm.zip

v5.6.4

Due to unforeseen issues with proxy.golang.org we have released a new version with exactly the same features as v5.6.3

DO NOT USE v5.6.3 as it is cached to a version with a breaking bug

This is the final release of the service account authentication feature

General:

• Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box. Courtesy of @BeardedPrincess

VCert SDK:

• Adds TokenURL to endpoint.Authentication
• Cloud Connector will stop using the TokenURL attribute from endpoint.OAuthProvider and start using the new one (above)

VCert CLI:

• Internal changes to make use fo the new TokenURL attribute
• Renames getcred command flag --idp-jwt back to --external-jwt
• Fixes an issue whereby using getcred command to request a TPP access token by using username/password threw the deprecation warning message. This should not happen for getcred command
• Fixes an issue whereby requesting an access token for VCP platform printed the wrong expiration date. Now it properly prints the expiration date

VCert SDK:

• Adds new attribute config.connection.credentials.tokenURL to Playbook. This attribute should be used to pass the VCP token url value
• Stops using config.connection.credentials.idP.tokenURL for the VCP token url value
• Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and errors will be reported at the end of the run. Courtesy of @maelvls

0e29e25ba264997f9dfef980156e86509e30c902  vcert_v5.6.4_darwin.zip
75f9aa0d2484a3c1a4a955b462258ea976e73379  vcert_v5.6.4_darwin_arm.zip
2b5e3c6a8447d1e736640482ca7c020551ff9dd6  vcert_v5.6.4_linux.zip
3d014472d71b91d0d3ff76984d861f3643f43905  vcert_v5.6.4_linux86.zip
51ca899a7a921e3a0dea4cbe744227f3b0a97ada  vcert_v5.6.4_linux_arm.zip
91d9097455e389a9273f60802c5d0c59118252d0  vcert_v5.6.4_windows.zip
b27a230bbcc6d7b2339a14117ad9f094f948af57  vcert_v5.6.4_windows86.zip
284e5490e1176551d7ba48113f860529c7bce864  vcert_v5.6.4_windows_arm.zip

v5.6.3

This release is cached to a version with a breaking bug in proxy.golang.org. DO NOT USE

General:

• Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box. Courtesy of @BeardedPrincess

VCert SDK:

• Adds TokenURL to endpoint.Authentication
• Cloud Connector will stop using the TokenURL attribute from endpoint.OAuthProvider and start using the new one (above)

VCert CLI:

• Internal changes to make use fo the new TokenURL attribute
• Renames getcred command flag --idp-jwt back to --external-jwt
• Fixes an issue whereby using getcred command to request a TPP access token by using username/password threw the deprecation warning message. This should not happen for getcred command
• Fixes an issue whereby requesting an access token for VCP platform printed the wrong expiration date. Now it properly prints the expiration date

VCert SDK:

• Adds new attribute config.connection.credentials.tokenURL to Playbook. This attribute should be used to pass the VCP token url value
• Stops using config.connection.credentials.idP.tokenURL for the VCP token url value
• Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and errors will be reported at the end of the run. Courtesy of @maelvls

3807c0ba059f8a446f2590195083490ad572ee5d  vcert_v5.6.3_darwin.zip
4e7cb8c7b455f1bd7ccba2773d6fbe385aa93be5  vcert_v5.6.3_darwin_arm.zip
2ff618ab402cc989b01e3319926ee12572a416ec  vcert_v5.6.3_linux.zip
124b1a312d3f70d0c8fa0ffec33a8a6f6519fc34  vcert_v5.6.3_linux86.zip
ea124687845db01764328c3fbb39d78cb8403da3  vcert_v5.6.3_linux_arm.zip
55b253142e1029b77b0a631d3c167188766ff98d  vcert_v5.6.3_windows.zip
a0e1f367ddfe264a2ec1b0877c836e65a0ea4180  vcert_v5.6.3_windows86.zip
3c4dcd7fa2ca3df46d10bf50273b35f50b60b9fc  vcert_v5.6.3_windows_arm.zip

v5.6.2 Service account authentication for Venafi Control Plane

VCert SDK:

• Removes TenantID from endpoint.Authentication struct
• cloud.Connector will use endpoint.Authentication.OAuthProvider.TokenURL instead of building the URL (using the
  tenantID) to obtain the access token

VCert CLI:

• Removes --tenant-id flag for getcred command
• Adds --token-url flag for getcred command

VCert Playbook:

• Removes tenantId attribute from config.connection.credentials object
• Now uses config.connection.credentials.idP.tokenURL for Venafi Control Plane service account authentication

ddf8e5a41a05e20b54238e4d48a4cf958ca30487  vcert_v5.6.2_darwin.zip
a3c987495b42ec0b511940bc1b70e9314e86d497  vcert_v5.6.2_darwin_arm.zip
c1a88bdcec87f4869a25b9b8b0c23dc58d10934a  vcert_v5.6.2_linux.zip
e820090cf84e97c770085d16dbdfc8ef693ace95  vcert_v5.6.2_linux86.zip
a5bc566abe21ec61a5910d0594912216419cf3cf  vcert_v5.6.2_linux_arm.zip
0e57d7c1dffe873655a4dab2ae67096a4fd5b6ba  vcert_v5.6.2_windows.zip
48ca70bb81b2f69bb2057e529b144c56dbeded83  vcert_v5.6.2_windows86.zip
405466cadb8f16a62a7655c4c492cb764782acc2  vcert_v5.6.2_windows_arm.zip

v5.6.1 Added User-Agent HTTP header to requests

VCert SDK:

• Added User-Agent HTTP header to requests made by VCert. This enhancement allows PKI admins to keep track of VCert usage and to know which software is being used to connect to the REST API. User-Agent value is vcert/v5

3fda99b8353df7459f8388b4dacf6613a728154d  vcert_v5.6.1_darwin.zip
ea5352c40c621d053af1f201de8e2295a6951413  vcert_v5.6.1_darwin_arm.zip
b34e88225210289f8b2ac6cb3c580d289bb03e2d  vcert_v5.6.1_linux.zip
1d8df2544d2eeddc53f13ccc51a127b1e89c07f3  vcert_v5.6.1_linux86.zip
8f49394d1e6b666e57d3ddad93fe5a2c6fae66fe  vcert_v5.6.1_linux_arm.zip
592a9dff4a344bf918d143750ca8961310c53d25  vcert_v5.6.1_windows.zip
9794d674b7162d0626b8390e82ac659b7fe5e546  vcert_v5.6.1_windows86.zip
399748eb87c948058998b1e8c3ffb7ab24807a0c  vcert_v5.6.1_windows_arm.zip

v5.6.0 Beta for service account authentication in VCP platform

This is a beta release and feature is subject to change.

Added a new authentication method for VCP: service account.

The getcred command gets two new attributes: --tenant-id and --externalJWT to request an access token from a TLSPC service account.
All other commands now accept an access token in combination with --platform tlspc to use the token as authentication mechanism instead of API key

a394ec7e2cde082a798a09dbd83e336ff2248f93  vcert_v5.6.0_darwin.zip
53c0fb558ee7f6e9fe46142c156558beed6bdd6e  vcert_v5.6.0_darwin_arm.zip
bbb0a3f473810c2c18a429c54786fe2b9a00fb1c  vcert_v5.6.0_linux.zip
1335e012814d6f8afc03d28f37e738ebe2d359fa  vcert_v5.6.0_linux86.zip
181ebe64edf8f682e7535606000dd848cfe8ed20  vcert_v5.6.0_linux_arm.zip
271ee89df0c472804819e5f24540962b6f062bd9  vcert_v5.6.0_windows.zip
b718b5a316a0c66928e0610b6fa4fda3f6559c4f  vcert_v5.6.0_windows86.zip
ddd1323b511e97dd0c71fa4e6e509bbc61718b76  vcert_v5.6.0_windows_arm.zip