diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index 0e42dfc..63d3834 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -108,7 +108,7 @@ jobs: - name: Save Store Types JSON Artifact if: success() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: store-types path: | @@ -117,14 +117,14 @@ jobs: - name: Save Invalid Store Types JSON Artifact if: success() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: invalid-repos path: ./tools/store-type-merge/invalid_repos.json - name: Save logs directory if: success() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: logs path: ./tools/store-type-merge/log diff --git a/CHANGELOG.md b/CHANGELOG.md index caccc66..cffcb1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +# v1.8.2 + +## Fixes + +### CLI + +- Silence logging of initial `store-type` fetch +- `store-types`: Update internal definitions to latest from Keyfactor GitHub repos. +- `version` update internal version to `1.8.2` + +### Chores + +- `docs`: Add `migration` auto docs +- `docs`: Refresh auto docs +- `deps`: Update all deps to latest versions + + # v1.8.1 ## Fixes diff --git a/cmd/helpers.go b/cmd/helpers.go index b5086c7..e82dc5b 100644 --- a/cmd/helpers.go +++ b/cmd/helpers.go @@ -186,7 +186,10 @@ func informDebug(debugFlag bool) { if debugModeEnabled { //zerolog.SetGlobalLevel(zerolog.InfoLevel) zerolog.SetGlobalLevel(zerolog.DebugLevel) + return } + // Else no logs should be emitted + zerolog.SetGlobalLevel(zerolog.Disabled) } func initLogger() { @@ -359,7 +362,7 @@ func outputResult(result interface{}, format string) { fmt.Println(fmt.Sprintf("%s", result)) } log.Debug(). - Interface("result", result). + Str("result", fmt.Sprintf("%s", result)). Str("format", format). Msg(fmt.Sprintf("%s outputResult", DebugFuncExit)) } diff --git a/cmd/storeTypes.go b/cmd/storeTypes.go index ca2be2b..bc681e8 100644 --- a/cmd/storeTypes.go +++ b/cmd/storeTypes.go @@ -636,10 +636,11 @@ func readStoreTypesConfig(fp, gitRef string, gitRepo string, offline bool) (map[ } func init() { - offline = true // temporarily set to true as it runs before the flag is set - debugFlag = false // temporarily set to false as it runs before the flag is set + offline = true // temporarily set to true as it runs before the flag is set var gitRef string var gitRepo string + + informDebug(false) // Do not output debug information for initial setup of store-types command validTypesString := strings.Join(getValidStoreTypes("", DefaultGitRef, DefaultGitRepo), ", ") offline = false //revert this so that flag is not set to true by default RootCmd.AddCommand(storeTypesCmd) diff --git a/cmd/store_types.json b/cmd/store_types.json index 927642e..d79022a 100644 --- a/cmd/store_types.json +++ b/cmd/store_types.json @@ -260,6 +260,167 @@ "ClientMachineDescription": "This is the AWS Account ID that will be used for access. This will dictate what certificates are usable by the orchestrator. Note: this does not have any effect on EC2 inferred credentials, which are limited to a specific role/account.", "StorePathDescription": "The AWS Region, or a comma-separated list of multiple regions, the store will operate in." }, + { + "Name": "AWS Certificate Manager v3", + "ShortName": "AWS-ACM-v3", + "Capability": "AWS-ACM-v3", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "UseDefaultSdkAuth", + "DisplayName": "Use Default SDK Auth", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "IsPAMEligible": false, + "Description": "A switch to enable the store to use Default SDK credentials" + }, + { + "Name": "DefaultSdkAssumeRole", + "DisplayName": "Assume new Role using Default SDK Auth", + "Type": "Bool", + "DependsOn": "UseDefaultSdkAuth", + "DefaultValue": "false", + "Required": false, + "IsPAMEligible": false, + "Description": "A switch to enable the store to assume a new Role when using Default SDK credentials" + }, + { + "Name": "UseOAuth", + "DisplayName": "Use OAuth 2.0 Provider", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "IsPAMEligible": false, + "Description": "A switch to enable the store to use an OAuth provider workflow to authenticate with AWS" + }, + { + "Name": "OAuthScope", + "DisplayName": "OAuth Scope", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "This is the OAuth Scope needed for Okta OAuth, defined in Okta" + }, + { + "Name": "OAuthGrantType", + "DisplayName": "OAuth Grant Type", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "client_credentials", + "Required": false, + "IsPAMEligible": false, + "Description": "In OAuth 2.0, the term 'grant type' refers to the way an application gets an access token. In Okta this is `client_credentials`" + }, + { + "Name": "OAuthUrl", + "DisplayName": "OAuth Url", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "https://***/oauth2/default/v1/token", + "Required": false, + "IsPAMEligible": false, + "Description": "An optional parameter sts:ExternalId to pass with Assume Role calls" + }, + { + "Name": "OAuthClientId", + "DisplayName": "OAuth Client ID", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The Client ID for OAuth." + }, + { + "Name": "OAuthClientSecret", + "DisplayName": "OAuth Client Secret", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The Client Secret for OAuth." + }, + { + "Name": "UseIAM", + "DisplayName": "Use IAM User Auth", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "IsPAMEligible": false, + "Description": "A switch to enable the store to use IAM User auth to assume a role when authenticating with AWS" + }, + { + "Name": "IAMUserAccessKey", + "DisplayName": "IAM User Access Key", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The AWS Access Key for an IAM User" + }, + { + "Name": "IAMUserAccessSecret", + "DisplayName": "IAM User Access Secret", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The AWS Access Secret for an IAM User." + }, + { + "Name": "ExternalId", + "DisplayName": "sts:ExternalId", + "Type": "String", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "An optional parameter sts:ExternalId to pass with Assume Role calls" + } + ], + "EntryParameters": [ + { + "Name": "ACM Tags", + "DisplayName": "ACM Tags", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Description": "The optional ACM tags that should be assigned to the certificate. Multiple name/value pairs may be entered in the format of `Name1=Value1,Name2=Value2,...,NameN=ValueN`" + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": false, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Optional", + "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", + "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." + }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", @@ -274,36 +435,38 @@ }, "Properties": [ { - "StoreTypeId;omitempty": 0, "Name": "access_token", "DisplayName": "Access Token", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": false, + "Description": "The Akamai access_token for authentication." }, { - "StoreTypeId;omitempty": 0, "Name": "client_token", "DisplayName": "Client Token", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": false, + "Description": "The Akamai client_token for authentication." }, { - "StoreTypeId;omitempty": 0, "Name": "client_secret", "DisplayName": "Client Secret", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": false, + "Description": "The Akamai client_secret for authentication." } ], "EntryParameters": [ { - "StoreTypeId;omitempty": 0, "Name": "EnrollmentId", "DisplayName": "Enrollment ID", "Type": "String", @@ -312,10 +475,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Enrollment ID of a certificate enrollment in Akamai. This should only be supplied for ODKG when replacing an existing certificate." }, { - "StoreTypeId;omitempty": 0, "Name": "ContractId", "DisplayName": "Contract ID", "Type": "String", @@ -325,10 +488,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "The Contract ID of your account in Akamai." }, { - "StoreTypeId;omitempty": 0, "Name": "Sans", "DisplayName": "SANs", "Type": "String", @@ -337,10 +500,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": true - } + }, + "Description": "SANs for the new certificate. If multiple are supplied, they should be split with an ampersand character '&'" }, { - "StoreTypeId;omitempty": 0, "Name": "admin-addressLineOne", "DisplayName": "Admin - Address Line 1", "Type": "String", @@ -350,10 +513,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-addressLineTwo", "DisplayName": "Admin - Address Line 2", "Type": "String", @@ -362,10 +525,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Optional field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-city", "DisplayName": "Admin - City", "Type": "String", @@ -375,10 +538,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-country", "DisplayName": "Admin - Country", "Type": "String", @@ -388,10 +551,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-email", "DisplayName": "Admin - Email", "Type": "String", @@ -401,10 +564,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-firstName", "DisplayName": "Admin - First Name", "Type": "String", @@ -414,10 +577,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-lastName", "DisplayName": "Admin - Last Name", "Type": "String", @@ -427,10 +590,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-organizationName", "DisplayName": "Admin - Organization Name", "Type": "String", @@ -440,10 +603,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-phone", "DisplayName": "Admin - Phone", "Type": "String", @@ -453,10 +616,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-postalCode", "DisplayName": "Admin - Postal Code", "Type": "String", @@ -466,10 +629,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-region", "DisplayName": "Admin - Region", "Type": "String", @@ -479,10 +642,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-title", "DisplayName": "Admin - Title", "Type": "String", @@ -492,10 +655,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-addressLineOne", "DisplayName": "Org - Address Line 1", "Type": "String", @@ -505,10 +668,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-addressLineTwo", "DisplayName": "Org - Address Line 2", "Type": "String", @@ -517,10 +680,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Optional field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-city", "DisplayName": "Org - City", "Type": "String", @@ -530,10 +693,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-country", "DisplayName": "Org - Country", "Type": "String", @@ -543,10 +706,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-organizationName", "DisplayName": "Org - Organization Name", "Type": "String", @@ -556,10 +719,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-phone", "DisplayName": "Org - Phone", "Type": "String", @@ -569,10 +732,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-postalCode", "DisplayName": "Org - Postal Code", "Type": "String", @@ -582,10 +745,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-region", "DisplayName": "Org - Region", "Type": "String", @@ -595,10 +758,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-addressLineOne", "DisplayName": "Tech - Address Line 1", "Type": "String", @@ -608,10 +771,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-addressLineTwo", "DisplayName": "Tech - Address Line 2", "Type": "String", @@ -620,10 +783,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Optional field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-city", "DisplayName": "Tech - City", "Type": "String", @@ -633,10 +796,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-country", "DisplayName": "Tech - Country", "Type": "String", @@ -646,10 +809,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-email", "DisplayName": "Tech - Email", "Type": "String", @@ -659,10 +822,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact. Must be an akamai.com email address." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-firstName", "DisplayName": "Tech - First Name", "Type": "String", @@ -672,10 +835,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-lastName", "DisplayName": "Tech - Last Name", "Type": "String", @@ -685,10 +848,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-organizationName", "DisplayName": "Tech - Organization Name", "Type": "String", @@ -698,10 +861,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "Akamai", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-phone", "DisplayName": "Tech - Phone", "Type": "String", @@ -711,10 +874,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-postalCode", "DisplayName": "Tech - Postal Code", "Type": "String", @@ -724,10 +887,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-region", "DisplayName": "Tech - Region", "Type": "String", @@ -737,10 +900,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-title", "DisplayName": "Tech - Title", "Type": "String", @@ -750,7 +913,8 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." } ], "PasswordOptions": { @@ -764,7 +928,49 @@ "ServerRequired": false, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the the \"host\" value from the API credentials file.", + "StorePathDescription": "The Akamai network the certificate will be managed from. Value can be either \"Production\" or \"Staging\"." + }, + { + "Name": "Alteon Load Balancer", + "ShortName": "AlteonLB", + "Capability": "AlteonLB", + "ClientMachineDescription": "The Alteon Load Balancer Server and port", + "StorePathDescription": "This value isn't used for this integration (other than to uniquely identify the cert store in certificate searches).", + "SupportedOperations": { + "Add": true, + "Remove": true, + "Enrollment": false, + "Discovery": false, + "Inventory": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "Alteon user ID with sufficient permissions to manage certs in the Alteon Load Balancer.", + "Required": true + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "Description": "Password associated with Alteon user ID entered above.", + "Required": true + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Optional" }, { "Name": "Azure Application Gateway Certificate Binding", @@ -1158,38 +1364,50 @@ "Name": "Bosch IP Camera", "ShortName": "BIPCamera", "Capability": "BIPCamera", - "LocalStore": false, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", "SupportedOperations": { - "Add": true, + "Add": false, "Create": false, "Discovery": false, "Enrollment": true, - "Remove": true + "Remove": false + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" }, "Properties": [ { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the username of the configured \"service\" user on the camera" }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the password of the configured \"service\" user on the camera" }, { "Name": "ServerUseSsl", "DisplayName": "Use SSL", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera." } ], "EntryParameters": [ @@ -1203,7 +1421,8 @@ "OnRemove": false, "OnReenrollment": false }, - "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client" + "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client", + "Description": "The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later." }, { "Name": "Name", @@ -1214,7 +1433,8 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": true - } + }, + "Description": "The certificate Alias, entered again." }, { "Name": "Overwrite", @@ -1226,19 +1446,12 @@ "OnRemove": false, "OnReenrollment": false }, - "DefaultValue": "false" + "DefaultValue": "false", + "Description": "Select `True` if using an existing Alias name to remove and replace an existing certificate." } ], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" }, { "Name": "CiscoAsa", @@ -1633,7 +1846,7 @@ "Capability": "F5-CA-REST", "ServerRequired": true, "ClientMachineDescription": "The server name or IP Address for the F5 device.", - "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", + "StorePathDescription": "Enter the name of the partition followed by the name of the bundle separated by a / (i.e. Common/BundleName). This value is case sensitive, so if the partition name is \"Common/BundleName\", it must be entered as \"Common/BundleName\" and not \"common/bundlename\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1802,6 +2015,15 @@ "Required": true, "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." }, + { + "Name": "RemoveChain", + "DisplayName": "Remove Chain on Add", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": false, + "Description": "Optional setting. Set this to true if you would like to remove the certificate chain before adding or replacing a certificate on your F5 device." + }, { "Name": "IgnoreSSLWarning", "DisplayName": "Ignore SSL Warning", @@ -1818,7 +2040,7 @@ "DependsOn": "", "DefaultValue": "false", "Required": true, - "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." + "Description": "Select this if you wish to use F5's token authentication instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", @@ -1850,7 +2072,23 @@ "Description": "True if using https to access the F5 device. False if using http." } ], - "EntryParameters": [] + "EntryParameters": [ + { + "Name": "SSLProfiles", + "DisplayName": "SSL Profiles", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "One to many comma delimited F5 SSL Profile names the certificate is bound to" + } + ] }, { "Name": "F5 WS Profiles REST", @@ -2060,6 +2298,43 @@ "ClientMachineDescription": "The IP address or DNS of the Fortigate server", "StorePathDescription": "This is not used in this integration, but is a required field in the UI. Just enter any value here" }, + { + "Name": "GCP Load Balancer", + "ShortName": "GCPLoadBal", + "Capability": "GCPLoadBal", + "ServerRequired": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Optional", + "PowerShell": false, + "PrivateKeyAllowed": "Required", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, + "Properties": [ + { + "Name": "jsonKey", + "DisplayName": "Service Account Key", + "Required": true, + "IsPAMEligible": false, + "DependsOn": "", + "Type": "Secret", + "DefaultValue": "", + "Description": "If authenticating by passing credentials from Keyfactor Command, this is the JSON-based service account key created from within Google Cloud. If authenticating via Application Default Credentials (ADC), select No Value" + } + ], + "ClientMachineDescription": "Not used, but required when creating a store. Just enter any value.", + "StorePathDescription": "Your Google Cloud Project ID only if you choose to use global resources. Append a forward slash '/' and valid GCP region to process against a specific [GCP region](https://gist.github.com/rpkim/084046e02fd8c452ba6ddef3a61d5d59).", + "EntryParameters": [] + }, { "Name": "Google Cloud Provider Apigee", "ShortName": "GcpApigee", @@ -2107,43 +2382,6 @@ "ClientMachineDescription": "The Base URL for the GCP Apigee REST Api. Should be *apigee.googleapis.com*", "StorePathDescription": "The Apigee keystore being managed. Must be provided in the following format: organizations/{org}/environments/{env}/keystores/{keystore}, where {org}, {env}, and {keystore} will be replaced with your environment-specific values." }, - { - "Name": "GCP Load Balancer", - "ShortName": "GCPLoadBal", - "Capability": "GCPLoadBal", - "ServerRequired": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional", - "PowerShell": false, - "PrivateKeyAllowed": "Required", - "SupportedOperations": { - "Add": true, - "Create": false, - "Discovery": false, - "Enrollment": false, - "Remove": true - }, - "PasswordOptions": { - "Style": "Default", - "EntrySupported": false, - "StoreRequired": false - }, - "Properties": [ - { - "Name": "jsonKey", - "DisplayName": "Service Account Key", - "Required": true, - "IsPAMEligible": false, - "DependsOn": "", - "Type": "Secret", - "DefaultValue": "", - "Description": "If authenticating by passing credentials from Keyfactor Command, this is the JSON-based service account key created from within Google Cloud. If authenticating via Application Default Credentials (ADC), select No Value" - } - ], - "ClientMachineDescription": "Not used, but required when creating a store. Just enter any value.", - "StorePathDescription": "Your Google Cloud Project ID only if you choose to use global resources. Append a forward slash '/' and valid GCP region to process against a specific [GCP region](https://gist.github.com/rpkim/084046e02fd8c452ba6ddef3a61d5d59).", - "EntryParameters": [] - }, { "Name": "GCP Certificate Manager", "ShortName": "GcpCertMgr", @@ -2266,7 +2504,17 @@ "Name": "Hashicorp Vault Key-Value JKS", "ShortName": "HCVKVJKS", "Capability": "HCVKVJKS", + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path to the secret containing the store.", "LocalStore": false, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2276,16 +2524,29 @@ }, "Properties": [ { - "Name": "SubfolderInventory", - "DisplayName": "Sub-folder Inventory", - "Type": "Bool", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", "DependsOn": "", - "DefaultValue": "false", - "Required": false + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" }, { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2294,42 +2555,31 @@ { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } + }, + { + "Name": "Hashicorp Vault Key-Value PKCS12", + "ShortName": "HCVKVP12", + "Capability": "HCVKVP12", + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path to the secret containing the store.", + "LocalStore": false, "StorePathType": "", "StorePathValue": "", "PrivateKeyAllowed": "Optional", @@ -2337,13 +2587,7 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" - }, - { - "Name": "Hashicorp Vault Key-Value PKCS12", - "ShortName": "HCVKVP12", - "Capability": "HCVKVP12", - "LocalStore": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2353,74 +2597,68 @@ }, "Properties": [ { - "Name": "SubfolderInventory", - "DisplayName": "Sub-folder Inventory", - "Type": "Bool", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", "DependsOn": "", - "DefaultValue": "false", - "Required": false + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" }, { - "Name": "MountPoint", - "DisplayName": "Mount Point", - "Type": "String", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", "DependsOn": "", "DefaultValue": "", - "Required": false + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" }, { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", - "DefaultValue": "false", - "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", + "DefaultValue": "false", "Required": false }, { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", + "Name": "MountPoint", + "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", + "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "Hashicorp Vault Key-Value PEM", "ShortName": "HCVKVPEM", "Capability": "HCVKVPEM", "LocalStore": false, + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path after mount point where the certificates will be stored.", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2429,9 +2667,30 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" + }, { "Name": "SubfolderInventory", "DisplayName": "Subfolder Inventory", + "Description": "Should certificates found in sub-paths be included when performing an inventory?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2440,6 +2699,7 @@ { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2448,54 +2708,39 @@ { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "Hashicorp Vault Key-Value PFX", "ShortName": "HCVKVPFX", "Capability": "HCVKVPFX", + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path to the secret containing the store.", "LocalStore": false, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2505,16 +2750,29 @@ }, "Properties": [ { - "Name": "SubfolderInventory", - "DisplayName": "Sub-folder Inventory", - "Type": "Bool", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", "DependsOn": "", - "DefaultValue": "false", - "Required": false + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" }, { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2523,56 +2781,39 @@ { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "Hashicorp Vault PKI", "ShortName": "HCVPKI", "Capability": "HCVPKI", "LocalStore": false, + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "For HCVPKI, this will be '/'", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "PrivateKeyAllowed": "Forbidden", + "CustomAliasAllowed": "Forbidden", + "StorePathType": "Fixed", + "StorePathValue": "/", "SupportedOperations": { "Add": false, "Create": false, @@ -2581,9 +2822,30 @@ "Remove": false }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" + }, { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "This is the mount point of the instance of the PKI or Keyfactor secrets engine plugin. If using enterprise namespaces: /", "Type": "String", "DependsOn": "", "DefaultValue": "", @@ -2594,14 +2856,12 @@ "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "HP iLO Cert Store", @@ -2681,9 +2941,9 @@ "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "https,http", + "DefaultValue": "https,http,ssh", "Required": true, - "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." + "Description": "Multiple choice value specifying which protocol to use. Protocols https or http use WinRM to connect from Windows to Windows Servers. Using ssh is only supported when running the orchestrator in a Linux environment." }, { "Name": "WinRM Port", @@ -2692,7 +2952,7 @@ "DependsOn": "", "DefaultValue": "5986", "Required": true, - "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." + "Description": "String value specifying the port number that the Windows target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP. By default, when using ssh in a Linux environment, the default port number is 22." }, { "Name": "ServerUsername", @@ -2710,7 +2970,7 @@ "DependsOn": "", "DefaultValue": "", "Required": false, - "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." + "Description": "Password corresponding to the Server Username used to log into the target server. When establishing a SSH session from a Linux environment, the password must include the full SSH Private key." }, { "Name": "ServerUseSsl", @@ -3339,51 +3599,6 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" }, - { - "Name": "MyOrchestratorStoreType", - "ShortName": "MOST", - "Capability": "MOST", - "LocalStore": false, - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": true, - "Enrollment": false, - "Remove": false - }, - "Properties": [ - { - "Name": "CustomField1", - "DisplayName": "CustomField1", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "Name": "CustomField2", - "DisplayName": "CustomField2", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - }, { "Name": "Nmap Orchestrator", "ShortName": "Nmap", @@ -3464,7 +3679,7 @@ "DefaultValue": "", "Required": false, "IsPAMEligible": false, - "Description": "Device Group on Panorama that changes will be pushed to." + "Description": "A semicolon delimited list of Device Groups that Panorama will push changes to (i.e. 'Group 1', 'Group 1;Group 2', or 'Group 1; Group 2', etc.)." }, { "Name": "InventoryTrustedCerts", @@ -4240,33 +4455,6 @@ "ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.", "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." }, - { - "Name": "SampleStoreType", - "ShortName": "SAMPLETYPE", - "Capability": "SAMPLETYPE", - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": false, - "Enrollment": false, - "Remove": false - }, - "Properties": [], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - }, { "Name": "Signum", "ShortName": "Signum", @@ -4438,9 +4626,9 @@ "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "https,http", + "DefaultValue": "https,http,ssh", "Required": true, - "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." + "Description": "Multiple choice value specifying which protocol to use. Protocols https or http use WinRM to connect from Windows to Windows Servers. Using ssh is only supported when running the orchestrator in a Linux environment." }, { "Name": "WinRM Port", @@ -4449,7 +4637,7 @@ "DependsOn": "", "DefaultValue": "5986", "Required": true, - "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." + "Description": "String value specifying the port number that the Windows target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP. By default, when using ssh in a Linux environment, the default port number is 22." }, { "Name": "ServerUsername", @@ -4467,7 +4655,7 @@ "DependsOn": "", "DefaultValue": "", "Required": false, - "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." + "Description": "Password corresponding to the Server Username used to log into the target server. When establishing a SSH session from a Linux environment, the password must include the full SSH Private key." }, { "Name": "ServerUseSsl", @@ -4552,9 +4740,9 @@ "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "https,http", + "DefaultValue": "https,http,ssh", "Required": true, - "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." + "Description": "Multiple choice value specifying which protocol to use. Protocols https or http use WinRM to connect from Windows to Windows Servers. Using ssh is only supported when running the orchestrator in a Linux environment." }, { "Name": "WinRM Port", @@ -4563,7 +4751,7 @@ "DependsOn": "", "DefaultValue": "5986", "Required": true, - "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." + "Description": "String value specifying the port number that the Windows target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP. By default, when using ssh in a Linux environment, the default port number is 22." }, { "Name": "ServerUsername", @@ -4581,7 +4769,7 @@ "DependsOn": "", "DefaultValue": "", "Required": false, - "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." + "Description": "Password corresponding to the Server Username used to log into the target server. When establishing a SSH session from a Linux environment, the password must include the full SSH Private key." }, { "Name": "ServerUseSsl", diff --git a/docs/kfutil.md b/docs/kfutil.md index d861138..c85b77f 100644 --- a/docs/kfutil.md +++ b/docs/kfutil.md @@ -39,6 +39,7 @@ A CLI wrapper around the Keyfactor Platform API. * [kfutil import](kfutil_import.md) - Keyfactor instance import utilities. * [kfutil login](kfutil_login.md) - User interactive login to Keyfactor. Stores the credentials in the config file '$HOME/.keyfactor/command_config.json'. * [kfutil logout](kfutil_logout.md) - Unsets environment variables and removes the stored credentials file. +* [kfutil migrate](kfutil_migrate.md) - Keyfactor Migration Tools. * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. * [kfutil status](kfutil_status.md) - List the status of Keyfactor services. @@ -46,4 +47,4 @@ A CLI wrapper around the Keyfactor Platform API. * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. * [kfutil version](kfutil_version.md) - Shows version of kfutil -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_completion.md b/docs/kfutil_completion.md index e22e82b..af775cf 100644 --- a/docs/kfutil_completion.md +++ b/docs/kfutil_completion.md @@ -45,4 +45,4 @@ See each sub-command's help for details on how to use the generated script. * [kfutil completion powershell](kfutil_completion_powershell.md) - Generate the autocompletion script for powershell * [kfutil completion zsh](kfutil_completion_zsh.md) - Generate the autocompletion script for zsh -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_completion_bash.md b/docs/kfutil_completion_bash.md index e002d6d..29aacba 100644 --- a/docs/kfutil_completion_bash.md +++ b/docs/kfutil_completion_bash.md @@ -64,4 +64,4 @@ kfutil completion bash * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_completion_fish.md b/docs/kfutil_completion_fish.md index fd50972..64c8ffe 100644 --- a/docs/kfutil_completion_fish.md +++ b/docs/kfutil_completion_fish.md @@ -55,4 +55,4 @@ kfutil completion fish [flags] * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_completion_powershell.md b/docs/kfutil_completion_powershell.md index 6ae54ea..1929002 100644 --- a/docs/kfutil_completion_powershell.md +++ b/docs/kfutil_completion_powershell.md @@ -52,4 +52,4 @@ kfutil completion powershell [flags] * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_completion_zsh.md b/docs/kfutil_completion_zsh.md index b3a0672..3724a41 100644 --- a/docs/kfutil_completion_zsh.md +++ b/docs/kfutil_completion_zsh.md @@ -66,4 +66,4 @@ kfutil completion zsh [flags] * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_containers.md b/docs/kfutil_containers.md index 667a635..267194a 100644 --- a/docs/kfutil_containers.md +++ b/docs/kfutil_containers.md @@ -41,4 +41,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil containers get](kfutil_containers_get.md) - Get certificate store container by ID or name. * [kfutil containers list](kfutil_containers_list.md) - List certificate store containers. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_containers_get.md b/docs/kfutil_containers_get.md index 54bcb25..917e25f 100644 --- a/docs/kfutil_containers_get.md +++ b/docs/kfutil_containers_get.md @@ -44,4 +44,4 @@ kfutil containers get [flags] * [kfutil containers](kfutil_containers.md) - Keyfactor certificate store container API and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_containers_list.md b/docs/kfutil_containers_list.md index 496661b..d376d98 100644 --- a/docs/kfutil_containers_list.md +++ b/docs/kfutil_containers_list.md @@ -43,4 +43,4 @@ kfutil containers list [flags] * [kfutil containers](kfutil_containers.md) - Keyfactor certificate store container API and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_export.md b/docs/kfutil_export.md index 7b255a5..7ba64e6 100644 --- a/docs/kfutil_export.md +++ b/docs/kfutil_export.md @@ -55,4 +55,4 @@ kfutil export [flags] * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_helm.md b/docs/kfutil_helm.md index c0facc8..f3a795e 100644 --- a/docs/kfutil_helm.md +++ b/docs/kfutil_helm.md @@ -46,4 +46,4 @@ kubectl helm uo | helm install -f - keyfactor-universal-orchestrator keyfactor/k * [kfutil](kfutil.md) - Keyfactor CLI utilities * [kfutil helm uo](kfutil_helm_uo.md) - Configure the Keyfactor Universal Orchestrator Helm Chart -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_helm_uo.md b/docs/kfutil_helm_uo.md index a5e2833..7c12c98 100644 --- a/docs/kfutil_helm_uo.md +++ b/docs/kfutil_helm_uo.md @@ -50,4 +50,4 @@ kfutil helm uo [-t ] [-o ] [-f ] [-e -e @,@ -o ./app/extension * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_orchs_get.md b/docs/kfutil_orchs_get.md index 245e10a..e0f29aa 100644 --- a/docs/kfutil_orchs_get.md +++ b/docs/kfutil_orchs_get.md @@ -44,4 +44,4 @@ kfutil orchs get [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_orchs_list.md b/docs/kfutil_orchs_list.md index bf55a9a..6741c38 100644 --- a/docs/kfutil_orchs_list.md +++ b/docs/kfutil_orchs_list.md @@ -43,4 +43,4 @@ kfutil orchs list [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_orchs_logs.md b/docs/kfutil_orchs_logs.md index 14d971e..a249edb 100644 --- a/docs/kfutil_orchs_logs.md +++ b/docs/kfutil_orchs_logs.md @@ -44,4 +44,4 @@ kfutil orchs logs [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_orchs_reset.md b/docs/kfutil_orchs_reset.md index 032349a..dac473b 100644 --- a/docs/kfutil_orchs_reset.md +++ b/docs/kfutil_orchs_reset.md @@ -44,4 +44,4 @@ kfutil orchs reset [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam.md b/docs/kfutil_pam.md index 6d22a6d..0d3b4b5 100644 --- a/docs/kfutil_pam.md +++ b/docs/kfutil_pam.md @@ -48,4 +48,4 @@ programmatically create, delete, edit, and list PAM Providers. * [kfutil pam types-list](kfutil_pam_types-list.md) - Returns a list of all available PAM provider types. * [kfutil pam update](kfutil_pam_update.md) - Updates an existing PAM Provider, currently only supported from file. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam_create.md b/docs/kfutil_pam_create.md index 1fd5f60..00d732e 100644 --- a/docs/kfutil_pam_create.md +++ b/docs/kfutil_pam_create.md @@ -44,4 +44,4 @@ kfutil pam create [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam_delete.md b/docs/kfutil_pam_delete.md index 28c16e1..adf3eb6 100644 --- a/docs/kfutil_pam_delete.md +++ b/docs/kfutil_pam_delete.md @@ -44,4 +44,4 @@ kfutil pam delete [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam_get.md b/docs/kfutil_pam_get.md index afc07d7..72caee7 100644 --- a/docs/kfutil_pam_get.md +++ b/docs/kfutil_pam_get.md @@ -44,4 +44,4 @@ kfutil pam get [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam_list.md b/docs/kfutil_pam_list.md index 217b568..cebb548 100644 --- a/docs/kfutil_pam_list.md +++ b/docs/kfutil_pam_list.md @@ -43,4 +43,4 @@ kfutil pam list [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam_types-create.md b/docs/kfutil_pam_types-create.md index 9c0e244..694c808 100644 --- a/docs/kfutil_pam_types-create.md +++ b/docs/kfutil_pam_types-create.md @@ -51,4 +51,4 @@ kfutil pam types-create [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam_types-list.md b/docs/kfutil_pam_types-list.md index 8fe920d..1aa8b45 100644 --- a/docs/kfutil_pam_types-list.md +++ b/docs/kfutil_pam_types-list.md @@ -43,4 +43,4 @@ kfutil pam types-list [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_pam_update.md b/docs/kfutil_pam_update.md index 35ab4bb..1507892 100644 --- a/docs/kfutil_pam_update.md +++ b/docs/kfutil_pam_update.md @@ -44,4 +44,4 @@ kfutil pam update [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_status.md b/docs/kfutil_status.md index 193d051..cc9ce3e 100644 --- a/docs/kfutil_status.md +++ b/docs/kfutil_status.md @@ -43,4 +43,4 @@ kfutil status [flags] * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_store-types.md b/docs/kfutil_store-types.md index 05c3cac..afcc830 100644 --- a/docs/kfutil_store-types.md +++ b/docs/kfutil_store-types.md @@ -44,4 +44,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil store-types list](kfutil_store-types_list.md) - List certificate store types. * [kfutil store-types templates-fetch](kfutil_store-types_templates-fetch.md) - Fetches store type templates from Keyfactor's Github. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_store-types_create.md b/docs/kfutil_store-types_create.md index ef02796..f819391 100644 --- a/docs/kfutil_store-types_create.md +++ b/docs/kfutil_store-types_create.md @@ -18,7 +18,7 @@ kfutil store-types create [flags] -b, --git-ref string The git branch or tag to reference when pulling store-types from the internet. (default "main") -h, --help help for create -l, --list List valid store types. - -n, --name string Short name of the certificate store type to get. Valid choices are: AKV, AWS-ACM, Akamai, AppGwBin, AzureApp, AzureApp2, AzureAppGw, AzureSP, AzureSP2, BIPCamera, CiscoAsa, CitrixAdc, DataPower, F5-BigIQ, F5-CA-REST, F5-SL-REST, F5-WS-REST, FortiWeb, Fortigate, GCPLoadBal, GcpCertMgr, HCVKV, HCVKVJKS, HCVKVP12, HCVKVPEM, HCVKVPFX, HCVPKI, IISU, Imperva, K8SCert, K8SCluster, K8SJKS, K8SNS, K8SPKCS12, K8SSecret, K8STLSSecr, MOST, Nmap, PaloAlto, RFDER, RFJKS, RFKDB, RFORA, RFPEM, RFPkcs12, SAMPLETYPE, Signum, VMware-NSX, WinCerMgmt, WinCert, WinSql, f5WafCa, f5WafTls, iDRAC + -n, --name string Short name of the certificate store type to get. Valid choices are: AKV, AWS-ACM, AWS-ACM-v3, Akamai, AlteonLB, AppGwBin, AzureApp, AzureApp2, AzureAppGw, AzureSP, AzureSP2, BIPCamera, CiscoAsa, CitrixAdc, DataPower, F5-BigIQ, F5-CA-REST, F5-SL-REST, F5-WS-REST, FortiWeb, Fortigate, GCPLoadBal, GcpApigee, GcpCertMgr, HCVKV, HCVKVJKS, HCVKVP12, HCVKVPEM, HCVKVPFX, HCVPKI, HPiLO, IISU, Imperva, K8SCert, K8SCluster, K8SJKS, K8SNS, K8SPKCS12, K8SSecret, K8STLSSecr, Nmap, PaloAlto, RFDER, RFJKS, RFKDB, RFORA, RFPEM, RFPkcs12, SAMPLETYPE, Signum, VMware-NSX, WinCerMgmt, WinCert, WinSql, f5WafCa, f5WafTls, iDRAC -r, --repo string The repository to pull store-types definitions from. (default "kfutil") ``` @@ -49,4 +49,4 @@ kfutil store-types create [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_store-types_delete.md b/docs/kfutil_store-types_delete.md index a8b9500..f645535 100644 --- a/docs/kfutil_store-types_delete.md +++ b/docs/kfutil_store-types_delete.md @@ -47,4 +47,4 @@ kfutil store-types delete [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_store-types_get.md b/docs/kfutil_store-types_get.md index 9a249cc..02ffe4c 100644 --- a/docs/kfutil_store-types_get.md +++ b/docs/kfutil_store-types_get.md @@ -48,4 +48,4 @@ kfutil store-types get [-i | -n ] [-b * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_store-types_list.md b/docs/kfutil_store-types_list.md index 4fb07e6..325580e 100644 --- a/docs/kfutil_store-types_list.md +++ b/docs/kfutil_store-types_list.md @@ -43,4 +43,4 @@ kfutil store-types list [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_store-types_templates-fetch.md b/docs/kfutil_store-types_templates-fetch.md index 9df5d69..1dcbe1d 100644 --- a/docs/kfutil_store-types_templates-fetch.md +++ b/docs/kfutil_store-types_templates-fetch.md @@ -45,4 +45,4 @@ kfutil store-types templates-fetch [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores.md b/docs/kfutil_stores.md index c15f5c2..832522b 100644 --- a/docs/kfutil_stores.md +++ b/docs/kfutil_stores.md @@ -47,4 +47,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil stores list](kfutil_stores_list.md) - List certificate stores. * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_delete.md b/docs/kfutil_stores_delete.md index c8f68b9..321e388 100644 --- a/docs/kfutil_stores_delete.md +++ b/docs/kfutil_stores_delete.md @@ -46,4 +46,4 @@ kfutil stores delete [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_export.md b/docs/kfutil_stores_export.md index 85fac2a..72d577e 100644 --- a/docs/kfutil_stores_export.md +++ b/docs/kfutil_stores_export.md @@ -47,4 +47,4 @@ kfutil stores export [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_get.md b/docs/kfutil_stores_get.md index f2966da..4f04e9c 100644 --- a/docs/kfutil_stores_get.md +++ b/docs/kfutil_stores_get.md @@ -44,4 +44,4 @@ kfutil stores get [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_import.md b/docs/kfutil_stores_import.md index 6144088..9f776df 100644 --- a/docs/kfutil_stores_import.md +++ b/docs/kfutil_stores_import.md @@ -41,4 +41,4 @@ Tools for generating import templates and importing certificate stores * [kfutil stores import csv](kfutil_stores_import_csv.md) - Create certificate stores from CSV file. * [kfutil stores import generate-template](kfutil_stores_import_generate-template.md) - For generating a CSV template with headers for bulk store creation. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_import_csv.md b/docs/kfutil_stores_import_csv.md index c34731e..e6e8162 100644 --- a/docs/kfutil_stores_import_csv.md +++ b/docs/kfutil_stores_import_csv.md @@ -94,4 +94,4 @@ kfutil stores import csv --file --store-type-id --store-t * [kfutil stores import](kfutil_stores_import.md) - Import a file with certificate store definitions and create them in Keyfactor Command. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_inventory.md b/docs/kfutil_stores_inventory.md index bdfee73..39ab51d 100644 --- a/docs/kfutil_stores_inventory.md +++ b/docs/kfutil_stores_inventory.md @@ -42,4 +42,4 @@ Commands related to certificate store inventory management * [kfutil stores inventory remove](kfutil_stores_inventory_remove.md) - Removes a certificate from the certificate store inventory. * [kfutil stores inventory show](kfutil_stores_inventory_show.md) - Show the inventory of a certificate store. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_inventory_add.md b/docs/kfutil_stores_inventory_add.md index 3f2c38c..b72b6df 100644 --- a/docs/kfutil_stores_inventory_add.md +++ b/docs/kfutil_stores_inventory_add.md @@ -57,4 +57,4 @@ kfutil stores inventory add [flags] * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_inventory_remove.md b/docs/kfutil_stores_inventory_remove.md index 06719df..6815300 100644 --- a/docs/kfutil_stores_inventory_remove.md +++ b/docs/kfutil_stores_inventory_remove.md @@ -53,4 +53,4 @@ kfutil stores inventory remove [flags] * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_inventory_show.md b/docs/kfutil_stores_inventory_show.md index e6d6bc2..4157d92 100644 --- a/docs/kfutil_stores_inventory_show.md +++ b/docs/kfutil_stores_inventory_show.md @@ -47,4 +47,4 @@ kfutil stores inventory show [flags] * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_list.md b/docs/kfutil_stores_list.md index 9557d62..113729a 100644 --- a/docs/kfutil_stores_list.md +++ b/docs/kfutil_stores_list.md @@ -43,4 +43,4 @@ kfutil stores list [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_rot.md b/docs/kfutil_stores_rot.md index d47038c..2a10d82 100644 --- a/docs/kfutil_stores_rot.md +++ b/docs/kfutil_stores_rot.md @@ -54,4 +54,4 @@ kfutil stores rot reconcile --import-csv * [kfutil stores rot generate-template](kfutil_stores_rot_generate-template.md) - For generating Root Of Trust template(s) * [kfutil stores rot reconcile](kfutil_stores_rot_reconcile.md) - Reconcile either takes in or will generate an audit report and then add/remove certs as needed. -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_rot_audit.md b/docs/kfutil_stores_rot_audit.md index 02af86c..61216df 100644 --- a/docs/kfutil_stores_rot_audit.md +++ b/docs/kfutil_stores_rot_audit.md @@ -51,4 +51,4 @@ kfutil stores rot audit [flags] * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_rot_generate-template.md b/docs/kfutil_stores_rot_generate-template.md index 92f6180..716355b 100644 --- a/docs/kfutil_stores_rot_generate-template.md +++ b/docs/kfutil_stores_rot_generate-template.md @@ -49,4 +49,4 @@ kfutil stores rot generate-template [flags] * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_stores_rot_reconcile.md b/docs/kfutil_stores_rot_reconcile.md index b50170d..c8ba7ac 100644 --- a/docs/kfutil_stores_rot_reconcile.md +++ b/docs/kfutil_stores_rot_reconcile.md @@ -56,4 +56,4 @@ kfutil stores rot reconcile [flags] * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/docs/kfutil_version.md b/docs/kfutil_version.md index 43447ad..7357c58 100644 --- a/docs/kfutil_version.md +++ b/docs/kfutil_version.md @@ -43,4 +43,4 @@ kfutil version [flags] * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated on 17-Jun-2025 +###### Auto generated on 31-Jul-2025 diff --git a/go.mod b/go.mod index a0a1e70..9e13682 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ toolchain go1.24.3 require ( github.com/AlecAivazis/survey/v2 v2.3.7 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 github.com/Jeffail/gabs v1.4.0 github.com/Keyfactor/keyfactor-auth-client-go v1.3.0 @@ -20,23 +20,23 @@ require ( github.com/joho/godotenv v1.5.1 github.com/rs/zerolog v1.34.0 github.com/spf13/cobra v1.9.1 - github.com/spf13/pflag v1.0.6 + github.com/spf13/pflag v1.0.7 github.com/stretchr/testify v1.10.0 - golang.org/x/crypto v0.39.0 - golang.org/x/term v0.32.0 + golang.org/x/crypto v0.40.0 + golang.org/x/term v0.33.0 gopkg.in/yaml.v3 v3.0.1 //github.com/google/go-cmp/cmp v0.5.9 ) require ( - github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.4.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/fatih/color v1.18.0 // indirect - github.com/golang-jwt/jwt/v5 v5.2.2 // indirect + github.com/golang-jwt/jwt/v5 v5.2.3 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -50,9 +50,9 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/spbsoluble/go-pkcs12 v0.3.3 // indirect go.mozilla.org/pkcs7 v0.9.0 // indirect - golang.org/x/net v0.41.0 // indirect + golang.org/x/net v0.42.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sys v0.33.0 // indirect - golang.org/x/text v0.26.0 // indirect + golang.org/x/sys v0.34.0 // indirect + golang.org/x/text v0.27.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index cc2bb6d..0a9bcc8 100644 --- a/go.sum +++ b/go.sum @@ -1,17 +1,17 @@ github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ= github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 h1:Gt0j3wceWMwPmiazCa8MzMA0MfhmPIz0Qp0FJ6qcM0U= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 h1:Wc1ml6QlJs2BHQ/9Bqu1jiyggbsSjramq2oUmp5WeIo= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1 h1:mrkDCdkMsD4l9wjFGhofFHFrV43Y3c53RSLKOCJ5+Ow= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1/go.mod h1:hPv41DbqMmnxcGralanA/kVlfdH5jv3T4LxGku2E1BY= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 h1:bFWuoEKg+gImo7pvkiQEFAc8ocibADgXeiLAxWhWmkI= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1/go.mod h1:Vih/3yc6yac2JzU4hzpaDupBJP0Flaia9rXXrU8xyww= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.4.0 h1:/g8S6wk65vfC6m3FIxJ+i5QDyN9JWwXI8Hb0Img10hU= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.4.0/go.mod h1:gpl+q95AzZlKVI3xSoseF9QPrypk0hQqBiJYeB/cR/I= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 h1:nCYfgcSyHZXJI8J0IWE5MsCGlb2xp9fJiXyxWgmOFg4= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0/go.mod h1:ucUjca2JtSZboY8IoUqyQyuuXvwbMBVwFOm0vdQPNhA= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs= @@ -29,8 +29,9 @@ github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDe github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= +github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= @@ -43,8 +44,8 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8= -github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.2.3 h1:kkGXqQOBSDDWRhWNXTFpqGSCMyh/PLnqUvMGJPDJDs0= +github.com/golang-jwt/jwt/v5 v5.2.3/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -106,8 +107,9 @@ github.com/spbsoluble/go-pkcs12 v0.3.3 h1:3nh7IKn16RDpmrSMtOu1JvbB0XHYq1j+IsICdU github.com/spbsoluble/go-pkcs12 v0.3.3/go.mod h1:MAxKIUEIl/QVcua/I1L4Otyxl9UvLCCIktce2Tjz6Nw= github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= -github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M= +github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= @@ -118,14 +120,14 @@ go.mozilla.org/pkcs7 v0.9.0 h1:yM4/HS9dYv7ri2biPtxt8ikvB37a980dg69/pKmS+eI= go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= -golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -145,18 +147,18 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= -golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= +golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= +golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= -golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= +golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= +golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/main.go b/main.go index 68cf1d6..15e0228 100644 --- a/main.go +++ b/main.go @@ -16,21 +16,19 @@ package main import ( _ "embed" - "flag" - "os" "github.com/spf13/cobra/doc" "kfutil/cmd" ) func main() { - var docsFlag bool - flag.BoolVar(&docsFlag, "makedocs", false, "Create markdown docs.") - flag.Parse() - if docsFlag { - docs() - os.Exit(0) - } + //var docsFlag bool + //flag.BoolVar(&docsFlag, "makedocs", false, "Create markdown docs.") + //flag.Parse() + //if docsFlag { + // docs() + // os.Exit(0) + //} cmd.Execute() } diff --git a/pkg/version/version.go b/pkg/version/version.go index 433d935..df4df05 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -15,7 +15,7 @@ package version var ( - VERSION = "1.7.0" - BUILD_DATE = "2025-05-20" + VERSION = "1.8.2" + BUILD_DATE = "2025-07-31" COMMIT = "HEAD" ) diff --git a/store_types.json b/store_types.json index 927642e..d79022a 100644 --- a/store_types.json +++ b/store_types.json @@ -260,6 +260,167 @@ "ClientMachineDescription": "This is the AWS Account ID that will be used for access. This will dictate what certificates are usable by the orchestrator. Note: this does not have any effect on EC2 inferred credentials, which are limited to a specific role/account.", "StorePathDescription": "The AWS Region, or a comma-separated list of multiple regions, the store will operate in." }, + { + "Name": "AWS Certificate Manager v3", + "ShortName": "AWS-ACM-v3", + "Capability": "AWS-ACM-v3", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "UseDefaultSdkAuth", + "DisplayName": "Use Default SDK Auth", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "IsPAMEligible": false, + "Description": "A switch to enable the store to use Default SDK credentials" + }, + { + "Name": "DefaultSdkAssumeRole", + "DisplayName": "Assume new Role using Default SDK Auth", + "Type": "Bool", + "DependsOn": "UseDefaultSdkAuth", + "DefaultValue": "false", + "Required": false, + "IsPAMEligible": false, + "Description": "A switch to enable the store to assume a new Role when using Default SDK credentials" + }, + { + "Name": "UseOAuth", + "DisplayName": "Use OAuth 2.0 Provider", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "IsPAMEligible": false, + "Description": "A switch to enable the store to use an OAuth provider workflow to authenticate with AWS" + }, + { + "Name": "OAuthScope", + "DisplayName": "OAuth Scope", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "This is the OAuth Scope needed for Okta OAuth, defined in Okta" + }, + { + "Name": "OAuthGrantType", + "DisplayName": "OAuth Grant Type", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "client_credentials", + "Required": false, + "IsPAMEligible": false, + "Description": "In OAuth 2.0, the term 'grant type' refers to the way an application gets an access token. In Okta this is `client_credentials`" + }, + { + "Name": "OAuthUrl", + "DisplayName": "OAuth Url", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "https://***/oauth2/default/v1/token", + "Required": false, + "IsPAMEligible": false, + "Description": "An optional parameter sts:ExternalId to pass with Assume Role calls" + }, + { + "Name": "OAuthClientId", + "DisplayName": "OAuth Client ID", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The Client ID for OAuth." + }, + { + "Name": "OAuthClientSecret", + "DisplayName": "OAuth Client Secret", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The Client Secret for OAuth." + }, + { + "Name": "UseIAM", + "DisplayName": "Use IAM User Auth", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "IsPAMEligible": false, + "Description": "A switch to enable the store to use IAM User auth to assume a role when authenticating with AWS" + }, + { + "Name": "IAMUserAccessKey", + "DisplayName": "IAM User Access Key", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The AWS Access Key for an IAM User" + }, + { + "Name": "IAMUserAccessSecret", + "DisplayName": "IAM User Access Secret", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The AWS Access Secret for an IAM User." + }, + { + "Name": "ExternalId", + "DisplayName": "sts:ExternalId", + "Type": "String", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "An optional parameter sts:ExternalId to pass with Assume Role calls" + } + ], + "EntryParameters": [ + { + "Name": "ACM Tags", + "DisplayName": "ACM Tags", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Description": "The optional ACM tags that should be assigned to the certificate. Multiple name/value pairs may be entered in the format of `Name1=Value1,Name2=Value2,...,NameN=ValueN`" + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": false, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Optional", + "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", + "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." + }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", @@ -274,36 +435,38 @@ }, "Properties": [ { - "StoreTypeId;omitempty": 0, "Name": "access_token", "DisplayName": "Access Token", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": false, + "Description": "The Akamai access_token for authentication." }, { - "StoreTypeId;omitempty": 0, "Name": "client_token", "DisplayName": "Client Token", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": false, + "Description": "The Akamai client_token for authentication." }, { - "StoreTypeId;omitempty": 0, "Name": "client_secret", "DisplayName": "Client Secret", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": false, + "Description": "The Akamai client_secret for authentication." } ], "EntryParameters": [ { - "StoreTypeId;omitempty": 0, "Name": "EnrollmentId", "DisplayName": "Enrollment ID", "Type": "String", @@ -312,10 +475,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Enrollment ID of a certificate enrollment in Akamai. This should only be supplied for ODKG when replacing an existing certificate." }, { - "StoreTypeId;omitempty": 0, "Name": "ContractId", "DisplayName": "Contract ID", "Type": "String", @@ -325,10 +488,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "The Contract ID of your account in Akamai." }, { - "StoreTypeId;omitempty": 0, "Name": "Sans", "DisplayName": "SANs", "Type": "String", @@ -337,10 +500,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": true - } + }, + "Description": "SANs for the new certificate. If multiple are supplied, they should be split with an ampersand character '&'" }, { - "StoreTypeId;omitempty": 0, "Name": "admin-addressLineOne", "DisplayName": "Admin - Address Line 1", "Type": "String", @@ -350,10 +513,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-addressLineTwo", "DisplayName": "Admin - Address Line 2", "Type": "String", @@ -362,10 +525,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Optional field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-city", "DisplayName": "Admin - City", "Type": "String", @@ -375,10 +538,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-country", "DisplayName": "Admin - Country", "Type": "String", @@ -388,10 +551,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-email", "DisplayName": "Admin - Email", "Type": "String", @@ -401,10 +564,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-firstName", "DisplayName": "Admin - First Name", "Type": "String", @@ -414,10 +577,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-lastName", "DisplayName": "Admin - Last Name", "Type": "String", @@ -427,10 +590,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-organizationName", "DisplayName": "Admin - Organization Name", "Type": "String", @@ -440,10 +603,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-phone", "DisplayName": "Admin - Phone", "Type": "String", @@ -453,10 +616,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-postalCode", "DisplayName": "Admin - Postal Code", "Type": "String", @@ -466,10 +629,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-region", "DisplayName": "Admin - Region", "Type": "String", @@ -479,10 +642,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "admin-title", "DisplayName": "Admin - Title", "Type": "String", @@ -492,10 +655,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Administrator contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-addressLineOne", "DisplayName": "Org - Address Line 1", "Type": "String", @@ -505,10 +668,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-addressLineTwo", "DisplayName": "Org - Address Line 2", "Type": "String", @@ -517,10 +680,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Optional field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-city", "DisplayName": "Org - City", "Type": "String", @@ -530,10 +693,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-country", "DisplayName": "Org - Country", "Type": "String", @@ -543,10 +706,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-organizationName", "DisplayName": "Org - Organization Name", "Type": "String", @@ -556,10 +719,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-phone", "DisplayName": "Org - Phone", "Type": "String", @@ -569,10 +732,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-postalCode", "DisplayName": "Org - Postal Code", "Type": "String", @@ -582,10 +745,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "org-region", "DisplayName": "Org - Region", "Type": "String", @@ -595,10 +758,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Organization contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-addressLineOne", "DisplayName": "Tech - Address Line 1", "Type": "String", @@ -608,10 +771,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-addressLineTwo", "DisplayName": "Tech - Address Line 2", "Type": "String", @@ -620,10 +783,10 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "Optional field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-city", "DisplayName": "Tech - City", "Type": "String", @@ -633,10 +796,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-country", "DisplayName": "Tech - Country", "Type": "String", @@ -646,10 +809,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-email", "DisplayName": "Tech - Email", "Type": "String", @@ -659,10 +822,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact. Must be an akamai.com email address." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-firstName", "DisplayName": "Tech - First Name", "Type": "String", @@ -672,10 +835,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-lastName", "DisplayName": "Tech - Last Name", "Type": "String", @@ -685,10 +848,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-organizationName", "DisplayName": "Tech - Organization Name", "Type": "String", @@ -698,10 +861,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "Akamai", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-phone", "DisplayName": "Tech - Phone", "Type": "String", @@ -711,10 +874,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-postalCode", "DisplayName": "Tech - Postal Code", "Type": "String", @@ -724,10 +887,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-region", "DisplayName": "Tech - Region", "Type": "String", @@ -737,10 +900,10 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." }, { - "StoreTypeId;omitempty": 0, "Name": "tech-title", "DisplayName": "Tech - Title", "Type": "String", @@ -750,7 +913,8 @@ "OnRemove": false, "OnReenrollment": true }, - "DefaultValue": null + "DefaultValue": "SET-DEFAULT", + "Description": "Required field for Akamai Tech contact." } ], "PasswordOptions": { @@ -764,7 +928,49 @@ "ServerRequired": false, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the the \"host\" value from the API credentials file.", + "StorePathDescription": "The Akamai network the certificate will be managed from. Value can be either \"Production\" or \"Staging\"." + }, + { + "Name": "Alteon Load Balancer", + "ShortName": "AlteonLB", + "Capability": "AlteonLB", + "ClientMachineDescription": "The Alteon Load Balancer Server and port", + "StorePathDescription": "This value isn't used for this integration (other than to uniquely identify the cert store in certificate searches).", + "SupportedOperations": { + "Add": true, + "Remove": true, + "Enrollment": false, + "Discovery": false, + "Inventory": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "Alteon user ID with sufficient permissions to manage certs in the Alteon Load Balancer.", + "Required": true + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "Description": "Password associated with Alteon user ID entered above.", + "Required": true + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Optional" }, { "Name": "Azure Application Gateway Certificate Binding", @@ -1158,38 +1364,50 @@ "Name": "Bosch IP Camera", "ShortName": "BIPCamera", "Capability": "BIPCamera", - "LocalStore": false, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", "SupportedOperations": { - "Add": true, + "Add": false, "Create": false, "Discovery": false, "Enrollment": true, - "Remove": true + "Remove": false + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" }, "Properties": [ { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the username of the configured \"service\" user on the camera" }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Enter the password of the configured \"service\" user on the camera" }, { "Name": "ServerUseSsl", "DisplayName": "Use SSL", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera." } ], "EntryParameters": [ @@ -1203,7 +1421,8 @@ "OnRemove": false, "OnReenrollment": false }, - "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client" + "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client", + "Description": "The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later." }, { "Name": "Name", @@ -1214,7 +1433,8 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": true - } + }, + "Description": "The certificate Alias, entered again." }, { "Name": "Overwrite", @@ -1226,19 +1446,12 @@ "OnRemove": false, "OnReenrollment": false }, - "DefaultValue": "false" + "DefaultValue": "false", + "Description": "Select `True` if using an existing Alias name to remove and replace an existing certificate." } ], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`" }, { "Name": "CiscoAsa", @@ -1633,7 +1846,7 @@ "Capability": "F5-CA-REST", "ServerRequired": true, "ClientMachineDescription": "The server name or IP Address for the F5 device.", - "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", + "StorePathDescription": "Enter the name of the partition followed by the name of the bundle separated by a / (i.e. Common/BundleName). This value is case sensitive, so if the partition name is \"Common/BundleName\", it must be entered as \"Common/BundleName\" and not \"common/bundlename\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1802,6 +2015,15 @@ "Required": true, "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." }, + { + "Name": "RemoveChain", + "DisplayName": "Remove Chain on Add", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": false, + "Description": "Optional setting. Set this to true if you would like to remove the certificate chain before adding or replacing a certificate on your F5 device." + }, { "Name": "IgnoreSSLWarning", "DisplayName": "Ignore SSL Warning", @@ -1818,7 +2040,7 @@ "DependsOn": "", "DefaultValue": "false", "Required": true, - "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." + "Description": "Select this if you wish to use F5's token authentication instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", @@ -1850,7 +2072,23 @@ "Description": "True if using https to access the F5 device. False if using http." } ], - "EntryParameters": [] + "EntryParameters": [ + { + "Name": "SSLProfiles", + "DisplayName": "SSL Profiles", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "One to many comma delimited F5 SSL Profile names the certificate is bound to" + } + ] }, { "Name": "F5 WS Profiles REST", @@ -2060,6 +2298,43 @@ "ClientMachineDescription": "The IP address or DNS of the Fortigate server", "StorePathDescription": "This is not used in this integration, but is a required field in the UI. Just enter any value here" }, + { + "Name": "GCP Load Balancer", + "ShortName": "GCPLoadBal", + "Capability": "GCPLoadBal", + "ServerRequired": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Optional", + "PowerShell": false, + "PrivateKeyAllowed": "Required", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, + "Properties": [ + { + "Name": "jsonKey", + "DisplayName": "Service Account Key", + "Required": true, + "IsPAMEligible": false, + "DependsOn": "", + "Type": "Secret", + "DefaultValue": "", + "Description": "If authenticating by passing credentials from Keyfactor Command, this is the JSON-based service account key created from within Google Cloud. If authenticating via Application Default Credentials (ADC), select No Value" + } + ], + "ClientMachineDescription": "Not used, but required when creating a store. Just enter any value.", + "StorePathDescription": "Your Google Cloud Project ID only if you choose to use global resources. Append a forward slash '/' and valid GCP region to process against a specific [GCP region](https://gist.github.com/rpkim/084046e02fd8c452ba6ddef3a61d5d59).", + "EntryParameters": [] + }, { "Name": "Google Cloud Provider Apigee", "ShortName": "GcpApigee", @@ -2107,43 +2382,6 @@ "ClientMachineDescription": "The Base URL for the GCP Apigee REST Api. Should be *apigee.googleapis.com*", "StorePathDescription": "The Apigee keystore being managed. Must be provided in the following format: organizations/{org}/environments/{env}/keystores/{keystore}, where {org}, {env}, and {keystore} will be replaced with your environment-specific values." }, - { - "Name": "GCP Load Balancer", - "ShortName": "GCPLoadBal", - "Capability": "GCPLoadBal", - "ServerRequired": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional", - "PowerShell": false, - "PrivateKeyAllowed": "Required", - "SupportedOperations": { - "Add": true, - "Create": false, - "Discovery": false, - "Enrollment": false, - "Remove": true - }, - "PasswordOptions": { - "Style": "Default", - "EntrySupported": false, - "StoreRequired": false - }, - "Properties": [ - { - "Name": "jsonKey", - "DisplayName": "Service Account Key", - "Required": true, - "IsPAMEligible": false, - "DependsOn": "", - "Type": "Secret", - "DefaultValue": "", - "Description": "If authenticating by passing credentials from Keyfactor Command, this is the JSON-based service account key created from within Google Cloud. If authenticating via Application Default Credentials (ADC), select No Value" - } - ], - "ClientMachineDescription": "Not used, but required when creating a store. Just enter any value.", - "StorePathDescription": "Your Google Cloud Project ID only if you choose to use global resources. Append a forward slash '/' and valid GCP region to process against a specific [GCP region](https://gist.github.com/rpkim/084046e02fd8c452ba6ddef3a61d5d59).", - "EntryParameters": [] - }, { "Name": "GCP Certificate Manager", "ShortName": "GcpCertMgr", @@ -2266,7 +2504,17 @@ "Name": "Hashicorp Vault Key-Value JKS", "ShortName": "HCVKVJKS", "Capability": "HCVKVJKS", + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path to the secret containing the store.", "LocalStore": false, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2276,16 +2524,29 @@ }, "Properties": [ { - "Name": "SubfolderInventory", - "DisplayName": "Sub-folder Inventory", - "Type": "Bool", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", "DependsOn": "", - "DefaultValue": "false", - "Required": false + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" }, { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2294,42 +2555,31 @@ { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } + }, + { + "Name": "Hashicorp Vault Key-Value PKCS12", + "ShortName": "HCVKVP12", + "Capability": "HCVKVP12", + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path to the secret containing the store.", + "LocalStore": false, "StorePathType": "", "StorePathValue": "", "PrivateKeyAllowed": "Optional", @@ -2337,13 +2587,7 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" - }, - { - "Name": "Hashicorp Vault Key-Value PKCS12", - "ShortName": "HCVKVP12", - "Capability": "HCVKVP12", - "LocalStore": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2353,74 +2597,68 @@ }, "Properties": [ { - "Name": "SubfolderInventory", - "DisplayName": "Sub-folder Inventory", - "Type": "Bool", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", "DependsOn": "", - "DefaultValue": "false", - "Required": false + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" }, { - "Name": "MountPoint", - "DisplayName": "Mount Point", - "Type": "String", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", "DependsOn": "", "DefaultValue": "", - "Required": false + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" }, { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", - "DefaultValue": "false", - "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", + "DefaultValue": "false", "Required": false }, { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", + "Name": "MountPoint", + "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", + "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "Hashicorp Vault Key-Value PEM", "ShortName": "HCVKVPEM", "Capability": "HCVKVPEM", "LocalStore": false, + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path after mount point where the certificates will be stored.", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2429,9 +2667,30 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" + }, { "Name": "SubfolderInventory", "DisplayName": "Subfolder Inventory", + "Description": "Should certificates found in sub-paths be included when performing an inventory?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2440,6 +2699,7 @@ { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2448,54 +2708,39 @@ { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "Hashicorp Vault Key-Value PFX", "ShortName": "HCVKVPFX", "Capability": "HCVKVPFX", + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "This is the path to the secret containing the store.", "LocalStore": false, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": true, @@ -2505,16 +2750,29 @@ }, "Properties": [ { - "Name": "SubfolderInventory", - "DisplayName": "Sub-folder Inventory", - "Type": "Bool", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", "DependsOn": "", - "DefaultValue": "false", - "Required": false + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" }, { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Should the certificate chain be included when performing an enrollment?", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2523,56 +2781,39 @@ { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "The base mount point of the secrets engine. If using Vault Namespaces, include the namespace; ie. /", "Type": "String", "DependsOn": "", "DefaultValue": "", "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": "", - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "Hashicorp Vault PKI", "ShortName": "HCVPKI", "Capability": "HCVPKI", "LocalStore": false, + "ClientMachineDescription": "This can be any value to help uniquely identify the store. It is not used by this integration.", + "StorePathDescription": "For HCVPKI, this will be '/'", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "PrivateKeyAllowed": "Forbidden", + "CustomAliasAllowed": "Forbidden", + "StorePathType": "Fixed", + "StorePathValue": "/", "SupportedOperations": { "Add": false, "Create": false, @@ -2581,9 +2822,30 @@ "Remove": false }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "The base URI (and port) to the instance of Hashicorp Vault ex: https://localhost:8200" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "IsPAMEligible": true, + "Description": "Vault token that will be used by the Orchestrator integration for authenticating and performing operations in the Vault instance" + }, { "Name": "MountPoint", "DisplayName": "Mount Point", + "Description": "This is the mount point of the instance of the PKI or Keyfactor secrets engine plugin. If using enterprise namespaces: /", "Type": "String", "DependsOn": "", "DefaultValue": "", @@ -2594,14 +2856,12 @@ "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "Style": "Default", + "StorePassword": { + "Description": "Vault token that will be used for authenticating", + "IsPAMEligible": true + } + } }, { "Name": "HP iLO Cert Store", @@ -2681,9 +2941,9 @@ "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "https,http", + "DefaultValue": "https,http,ssh", "Required": true, - "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." + "Description": "Multiple choice value specifying which protocol to use. Protocols https or http use WinRM to connect from Windows to Windows Servers. Using ssh is only supported when running the orchestrator in a Linux environment." }, { "Name": "WinRM Port", @@ -2692,7 +2952,7 @@ "DependsOn": "", "DefaultValue": "5986", "Required": true, - "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." + "Description": "String value specifying the port number that the Windows target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP. By default, when using ssh in a Linux environment, the default port number is 22." }, { "Name": "ServerUsername", @@ -2710,7 +2970,7 @@ "DependsOn": "", "DefaultValue": "", "Required": false, - "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." + "Description": "Password corresponding to the Server Username used to log into the target server. When establishing a SSH session from a Linux environment, the password must include the full SSH Private key." }, { "Name": "ServerUseSsl", @@ -3339,51 +3599,6 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" }, - { - "Name": "MyOrchestratorStoreType", - "ShortName": "MOST", - "Capability": "MOST", - "LocalStore": false, - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": true, - "Enrollment": false, - "Remove": false - }, - "Properties": [ - { - "Name": "CustomField1", - "DisplayName": "CustomField1", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "Name": "CustomField2", - "DisplayName": "CustomField2", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - }, { "Name": "Nmap Orchestrator", "ShortName": "Nmap", @@ -3464,7 +3679,7 @@ "DefaultValue": "", "Required": false, "IsPAMEligible": false, - "Description": "Device Group on Panorama that changes will be pushed to." + "Description": "A semicolon delimited list of Device Groups that Panorama will push changes to (i.e. 'Group 1', 'Group 1;Group 2', or 'Group 1; Group 2', etc.)." }, { "Name": "InventoryTrustedCerts", @@ -4240,33 +4455,6 @@ "ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.", "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." }, - { - "Name": "SampleStoreType", - "ShortName": "SAMPLETYPE", - "Capability": "SAMPLETYPE", - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": false, - "Enrollment": false, - "Remove": false - }, - "Properties": [], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - }, { "Name": "Signum", "ShortName": "Signum", @@ -4438,9 +4626,9 @@ "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "https,http", + "DefaultValue": "https,http,ssh", "Required": true, - "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." + "Description": "Multiple choice value specifying which protocol to use. Protocols https or http use WinRM to connect from Windows to Windows Servers. Using ssh is only supported when running the orchestrator in a Linux environment." }, { "Name": "WinRM Port", @@ -4449,7 +4637,7 @@ "DependsOn": "", "DefaultValue": "5986", "Required": true, - "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." + "Description": "String value specifying the port number that the Windows target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP. By default, when using ssh in a Linux environment, the default port number is 22." }, { "Name": "ServerUsername", @@ -4467,7 +4655,7 @@ "DependsOn": "", "DefaultValue": "", "Required": false, - "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." + "Description": "Password corresponding to the Server Username used to log into the target server. When establishing a SSH session from a Linux environment, the password must include the full SSH Private key." }, { "Name": "ServerUseSsl", @@ -4552,9 +4740,9 @@ "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "https,http", + "DefaultValue": "https,http,ssh", "Required": true, - "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." + "Description": "Multiple choice value specifying which protocol to use. Protocols https or http use WinRM to connect from Windows to Windows Servers. Using ssh is only supported when running the orchestrator in a Linux environment." }, { "Name": "WinRM Port", @@ -4563,7 +4751,7 @@ "DependsOn": "", "DefaultValue": "5986", "Required": true, - "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." + "Description": "String value specifying the port number that the Windows target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP. By default, when using ssh in a Linux environment, the default port number is 22." }, { "Name": "ServerUsername", @@ -4581,7 +4769,7 @@ "DependsOn": "", "DefaultValue": "", "Required": false, - "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." + "Description": "Password corresponding to the Server Username used to log into the target server. When establishing a SSH session from a Linux environment, the password must include the full SSH Private key." }, { "Name": "ServerUseSsl",