Skip to content

Introduced store by hash. Added ability to prevent issuance with local storage
Compare
Choose a tag to compare
@vfidevbot vfidevbot released this 25 Nov 21:57
· 138 commits to master since this release
v0.11.0
88b1456
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Introducing store by hash

We enabled capability to store certificates by hash. The hash is generated by:

Common Name + SAN DNS + Zone

It's required to set any of (at least one): Common Name or SAN DNS.

Using Prevent Re-issue Local

We added the ability to prevent issuance of a certificate if it already exists inside Vault storage. The certificate ID inside Vault will be the hash string we generate, that will help us in order to load requested certificate from local storage.

Setting the following attributes in the role (all of them are required):

  • min_cert_time_left: Golang's duration format string (e.g. 24h, 23h5m20s, 10000s, etc.)
  • store_by="hash"
  • store_pkey=true
3d42133178e6e3e7b16b5417b1b1293989198df39979c033100907fd3c390c0a  venafi-pki-backend_v0.11.0_darwin.zip
bd8f0ebf1409a296a0ddd34d505b113899528fa2f3624d8ab9c4ec9e55dbc50f  venafi-pki-backend_v0.11.0_linux.zip
5eb685e3b2b2ded027ea3e8dae39331b2fab6bf4329eaece8ad697fa692c408a  venafi-pki-backend_v0.11.0_linux86.zip
4dc3ac5c0e1d942df2f5d5b4c8aa4f7900cde726b690f2a2fa88eb7a48a8a191  venafi-pki-backend_v0.11.0_windows.zip
72f0aceff20833a2a74b9bdecd7f18ca34ae9ac34ca8d4988e053d695e176c16  venafi-pki-backend_v0.11.0_windows86.zip
Assets 7
Loading