- Enables adding a custom timeout for requests by fixing bug below
- Fixes bug for current
server_timeout
role attribute
- Added
ignore_local_storage
andmin_cert_time_left
new attributes atissue
path, which bypassesprevent-reissue-local
feature, if enabled, and requests the certificate, and handles certificate time left considered to be valid, respectively - Fixes bug that wouldn't let to create
venafi
secret in a Vault cluster environment where refresh tokens were provided - Added more logs for refresh token process
- Starting from release, binaries are signed
- Added ability to ignore search-certificate in local storage. Fixes behaviour for prevent-reissue features to have certificate default validity.
- Introduced
proactive refresh
feature, which now relies on handling refreshing theaccess_token
by passing two refresh tokens in thevenafi
secret (refresh_token
andrefresh_token_2
) - Solved scenario when many requests are sent in parallel
- Added flag
ignore_local
in role parameters to always ignore local storage when issuing a certificate
Added ability to store certificates by hash string
Improved the prevention of an issuance of the certificate if it exists Vault storage, adding a new feature that bases searching using a hash string
Adds bug fix for Prevent-reissue feature to work on VaaS
Added feature in order to prevent an issuance of the certificate if it is already inside Vault storage
Fixed a thread locking bug
Fixed a bug about storing private keys behavior and validation of certificate mismatch
Fixed issue with revocation while disabling secrets engine
Fix for a bug with the use of a synchronized block in pathVenafiCertObtain function.
Support for CSR Service generated and Revoke action and changed the default format of private keys.
Updated to the latest VCert client version (v4.14.2) to address a timing issue that caused certificates requested from Venafi as a Service to fail sporadically.
Updated Venafi Cloud integration to use OutagePREDICT instead of DevOpsACCELERATE.
Resolved issue that unintentionally required trust_bundle_file to be specified for Venafi API services secured by certificates issued by non-publicly trusted CAs #79.
Added text file containing SHA256 hash to release assets (zip archives).
Discontinued darwin 386 (32-bit macOS) releases since support was dropped in Go 1.15 and Vault 1.6.0
Updated credential requirements for Trust Protection Platform to support initialization with only a refresh_token
.
Added ca_chain
, issuing_ca
, and expiration
values to the output of /issue
and /sign
operations.
Added zone
role parameter to allow for multiple zones to be used and avoid issues with Trust Protection Platform token refresh.
Added support for requesting specific validity periods using the Vault native ttl
and max_ttl
parameters.
Added support for Trust Protection Platform Custom Fields.
Added support for token authentication with Trust Protection Platform (API Application ID "hashicorp-vault-by-venafi").
Deprecated legacy username/password for Trust Protection Platform.
Discontinued the apikey
, tpp_user
, tpp_password
, tpp_url
, cloud_url
, trust_bundle_file
, and zone
role settings.
Updated to prevent certificates from being enrolled by Performance Standby (regression) and Performance Secondary (new issue).
Extended trust bundle option to Venafi Cloud.
Added Source Application Tagging for Venafi Cloud.
Reverted to no error on attempt to revoke (unsupported) to restore ability to disable backend.
Introduced no_store
and store_by
parameters to replace store_by_cn
and store_by_serial
(now deprecated).
Added Source Application Tagging for Trust Protection Platform.
Resolved issue involving the handling of IP SANs.
Updated to prevent issuing certificate twice with Vault Enterprise Performance Standbys.
Updated to latest VCert-Go library.
Added support for signing externally generated CSRs.
Fixed issue related to Windows. hashicorp/go-plugin#111
Updated CSR generation to populate Subject OU, O, ST, L, and C from Venafi policy.
Initial Release.