Keyfactor · spbsoluble · Jun 12, 2025 · Jun 4, 2025 · Jun 6, 2025 · Jun 6, 2025
diff --git a/.github/config/.terraform.lock.hcl b/.github/config/.terraform.lock.hcl
diff --git a/.github/config/MODULE.MD b/.github/config/MODULE.MD
@@ -9,14 +9,13 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_github"></a> [github](#provider\_github) | 6.3.1 |
+| <a name="provider_github"></a> [github](#provider\_github) | 6.6.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_keyfactor_github_test_environment_12_3_0_kc"></a> [keyfactor\_github\_test\_environment\_12\_3\_0\_kc](#module\_keyfactor\_github\_test\_environment\_12\_3\_0\_kc) | git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
-| <a name="module_keyfactor_github_test_environment_ad_10_5_0"></a> [keyfactor\_github\_test\_environment\_ad\_10\_5\_0](#module\_keyfactor\_github\_test\_environment\_ad\_10\_5\_0) | git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
+| <a name="module_keyfactor_github_test_environment_ses_2441"></a> [keyfactor\_github\_test\_environment\_ses\_2441](#module\_keyfactor\_github\_test\_environment\_ses\_2441) | git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
 
 ## Resources
 
@@ -28,11 +27,15 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
+| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int1230-oauth.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
+| <a name="input_keyfactor_auth_token_url_ses_2441"></a> [keyfactor\_auth\_token\_url\_ses\_2441](#input\_keyfactor\_auth\_token\_url\_ses\_2441) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://auth.kftestlab.com/oauth2/token"` | no |
 | <a name="input_keyfactor_client_id_12_3_0"></a> [keyfactor\_client\_id\_12\_3\_0](#input\_keyfactor\_client\_id\_12\_3\_0) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_client_id_ses_2441"></a> [keyfactor\_client\_id\_ses\_2441](#input\_keyfactor\_client\_id\_ses\_2441) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
 | <a name="input_keyfactor_client_secret_12_3_0"></a> [keyfactor\_client\_secret\_12\_3\_0](#input\_keyfactor\_client\_secret\_12\_3\_0) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_client_secret_ses_2441"></a> [keyfactor\_client\_secret\_ses\_2441](#input\_keyfactor\_client\_secret\_ses\_2441) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
 | <a name="input_keyfactor_hostname_10_5_0"></a> [keyfactor\_hostname\_10\_5\_0](#input\_keyfactor\_hostname\_10\_5\_0) | The hostname of the Keyfactor instance | `string` | `"integrations1050-lab.kfdelivery.com"` | no |
-| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int-oidc-lab.eastus2.cloudapp.azure.com"` | no |
+| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int1230-oauth.eastus2.cloudapp.azure.com"` | no |
+| <a name="input_keyfactor_hostname_ses_2441"></a> [keyfactor\_hostname\_ses\_2441](#input\_keyfactor\_hostname\_ses\_2441) | The hostname of the Keyfactor instance | `string` | `"int2441.kftestlab.com"` | no |
 | <a name="input_keyfactor_password_10_5_0"></a> [keyfactor\_password\_10\_5\_0](#input\_keyfactor\_password\_10\_5\_0) | The password to authenticate with the Keyfactor instance | `string` | n/a | yes |
 | <a name="input_keyfactor_username_10_5_0"></a> [keyfactor\_username\_10\_5\_0](#input\_keyfactor\_username\_10\_5\_0) | The username to authenticate with the Keyfactor instance | `string` | n/a | yes |
 

diff --git a/.github/config/README.md b/.github/config/README.md
@@ -58,14 +58,13 @@ module "keyfactor_github_test_environment_12_3_0_kc" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_github"></a> [github](#provider\_github) | 6.3.1 |
+| <a name="provider_github"></a> [github](#provider\_github) | 6.6.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_keyfactor_github_test_environment_12_3_0_kc"></a> [keyfactor\_github\_test\_environment\_12\_3\_0\_kc](#module\_keyfactor\_github\_test\_environment\_12\_3\_0\_kc) | git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
-| <a name="module_keyfactor_github_test_environment_ad_10_5_0"></a> [keyfactor\_github\_test\_environment\_ad\_10\_5\_0](#module\_keyfactor\_github\_test\_environment\_ad\_10\_5\_0) | git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
+| <a name="module_keyfactor_github_test_environment_ses_2441"></a> [keyfactor\_github\_test\_environment\_ses\_2441](#module\_keyfactor\_github\_test\_environment\_ses\_2441) | git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
 
 ## Resources
 
@@ -77,11 +76,15 @@ module "keyfactor_github_test_environment_12_3_0_kc" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
+| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int1230-oauth.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
+| <a name="input_keyfactor_auth_token_url_ses_2441"></a> [keyfactor\_auth\_token\_url\_ses\_2441](#input\_keyfactor\_auth\_token\_url\_ses\_2441) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://auth.kftestlab.com/oauth2/token"` | no |
 | <a name="input_keyfactor_client_id_12_3_0"></a> [keyfactor\_client\_id\_12\_3\_0](#input\_keyfactor\_client\_id\_12\_3\_0) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_client_id_ses_2441"></a> [keyfactor\_client\_id\_ses\_2441](#input\_keyfactor\_client\_id\_ses\_2441) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
 | <a name="input_keyfactor_client_secret_12_3_0"></a> [keyfactor\_client\_secret\_12\_3\_0](#input\_keyfactor\_client\_secret\_12\_3\_0) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_client_secret_ses_2441"></a> [keyfactor\_client\_secret\_ses\_2441](#input\_keyfactor\_client\_secret\_ses\_2441) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
 | <a name="input_keyfactor_hostname_10_5_0"></a> [keyfactor\_hostname\_10\_5\_0](#input\_keyfactor\_hostname\_10\_5\_0) | The hostname of the Keyfactor instance | `string` | `"integrations1050-lab.kfdelivery.com"` | no |
-| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int-oidc-lab.eastus2.cloudapp.azure.com"` | no |
+| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int1230-oauth.eastus2.cloudapp.azure.com"` | no |
+| <a name="input_keyfactor_hostname_ses_2441"></a> [keyfactor\_hostname\_ses\_2441](#input\_keyfactor\_hostname\_ses\_2441) | The hostname of the Keyfactor instance | `string` | `"int2441.kftestlab.com"` | no |
 | <a name="input_keyfactor_password_10_5_0"></a> [keyfactor\_password\_10\_5\_0](#input\_keyfactor\_password\_10\_5\_0) | The password to authenticate with the Keyfactor instance | `string` | n/a | yes |
 | <a name="input_keyfactor_username_10_5_0"></a> [keyfactor\_username\_10\_5\_0](#input\_keyfactor\_username\_10\_5\_0) | The username to authenticate with the Keyfactor instance | `string` | n/a | yes |
 

diff --git a/.github/config/environments.tf b/.github/config/environments.tf
@@ -1,13 +1,13 @@
-module "keyfactor_github_test_environment_ad_10_5_0" {
-  source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
-
-  gh_environment_name = "KFC_10_5_0"
-  gh_repo_name        = data.github_repository.repo.name
-  keyfactor_hostname  = var.keyfactor_hostname_10_5_0
-  keyfactor_username  = var.keyfactor_username_10_5_0
-  keyfactor_password  = var.keyfactor_password_10_5_0
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
+# module "keyfactor_github_test_environment_ad_10_5_0" {
+#   source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
+# 
+#   gh_environment_name = "KFC_10_5_0"
+#   gh_repo_name        = data.github_repository.repo.name
+#   keyfactor_hostname  = var.keyfactor_hostname_10_5_0
+#   keyfactor_username  = var.keyfactor_username_10_5_0
+#   keyfactor_password  = var.keyfactor_password_10_5_0
+#   keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
+# }
 
 # module "keyfactor_github_test_environment_11_5_0_kc" {
 #   source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-kc.git?ref=main"
@@ -21,15 +21,29 @@ module "keyfactor_github_test_environment_ad_10_5_0" {
 #   keyfactor_tls_skip_verify = true
 # }
 
-module "keyfactor_github_test_environment_12_3_0_kc" {
+# module "keyfactor_github_test_environment_12_3_0_kc" {
+#   source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
+# 
+#   gh_environment_name       = "KFC_12_3_0_KC"
+#   gh_repo_name              = data.github_repository.repo.name
+#   keyfactor_hostname        = var.keyfactor_hostname_12_3_0_KC
+#   keyfactor_auth_token_url  = var.keyfactor_auth_token_url_12_3_0_KC
+#   keyfactor_client_id       = var.keyfactor_client_id_12_3_0
+#   keyfactor_client_secret   = var.keyfactor_client_secret_12_3_0
+#   keyfactor_tls_skip_verify = true
+#   keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
+# }
+
+module "keyfactor_github_test_environment_ses_2441" {
   source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
 
-  gh_environment_name       = "KFC_12_3_0_KC"
+  gh_environment_name       = "ses_2441"
   gh_repo_name              = data.github_repository.repo.name
-  keyfactor_hostname        = var.keyfactor_hostname_12_3_0_KC
-  keyfactor_auth_token_url  = var.keyfactor_auth_token_url_12_3_0_KC
-  keyfactor_client_id       = var.keyfactor_client_id_12_3_0
-  keyfactor_client_secret   = var.keyfactor_client_secret_12_3_0
+  keyfactor_hostname        = var.keyfactor_hostname_ses_2441
+  keyfactor_auth_token_url  = var.keyfactor_auth_token_url_ses_2441
+  keyfactor_client_id       = var.keyfactor_client_id_ses_2441
+  keyfactor_client_secret   = var.keyfactor_client_secret_ses_2441
   keyfactor_tls_skip_verify = true
+  keyfactor_api_path        = "/Keyfactor/API"
   keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
+}
diff --git a/.github/config/variables.tf b/.github/config/variables.tf
@@ -37,3 +37,25 @@ variable "keyfactor_auth_token_url_12_3_0_KC" {
   default     = "https://int1230-oauth.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"
 }
 
+variable "keyfactor_client_id_ses_2441" {
+  description = "The client ID to authenticate with the Keyfactor instance using Keycloak client credentials"
+  type        = string
+}
+
+variable "keyfactor_client_secret_ses_2441" {
+  description = "The client secret to authenticate with the Keyfactor instance using Keycloak client credentials"
+  type        = string
+}
+
+variable "keyfactor_hostname_ses_2441" {
+  description = "The hostname of the Keyfactor instance"
+  type        = string
+  default     = "int2441.kftestlab.com"
+
+}
+
+variable "keyfactor_auth_token_url_ses_2441" {
+  description = "The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token"
+  type        = string
+  default     = "https://auth.kftestlab.com/oauth2/token"
+}
diff --git a/.github/workflows/go_tests.yml b/.github/workflows/go_tests.yml
@@ -12,7 +12,8 @@ jobs:
       matrix:
         environment:
 #          - "KFC_10_5_0"
-          - "KFC_12_3_0_KC"
+#          - "KFC_12_3_0_KC"
+            - "ses_2441"
     environment: ${{ matrix.environment }}
     steps:
       - name: Check out code
@@ -21,15 +22,11 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: 1.24
 
       - name: Get Public IP
         run: curl -s https://api.ipify.org
 
-      - name: Validate lab cert is present
-        run: |
-          cat lib/certs/int-oidc-lab.eastus2.cloudapp.azure.com.crt
-
       - name: Run tests
         run: |
           if [ -n "${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }}" ]; then
@@ -48,4 +45,6 @@ jobs:
           KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }}
           KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }}
           TEST_KEYFACTOR_AD_AUTH: ${{ vars.TEST_KEYFACTOR_AD_AUTH }}
-          TEST_KEYFACTOR_KC_AUTH: ${{ vars.TEST_KEYFACTOR_KC_AUTH }}
+          TEST_KEYFACTOR_OAUTH: ${{ vars.TEST_KEYFACTOR_OAUTH }}
+          TEST_UNTRUSTED_CERT: ${{ vars.TEST_UNTRUSTED_CERT }}
+          KEYFACTOR_API_PATH: ${{ vars.KEYFACTOR_API_PATH }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v1.3.0
+
+## Features
+- Add support for fetching an oauth2 token using the `client_credentials` grant type without connecting to Keyfactor Command.
+- Add placeholders for omitted `Authorization` header in the `curl` command string output in trace logging.
+
+## Bug Fixes
+- Log `curl` command string at `trace` level after request is sent to include any transport mutations.
+
+## Chores
+- Bump Go version to `1.24`.
+
 # v1.2.0
 
 ## Features