diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index e2140eb..1330fe9 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -28,6 +28,15 @@ jobs: run: | echo "TARGET_REPO_BRANCH=${{ github.event.client_payload.targetRef }}" | tee -a $GITHUB_ENV echo "KFUTIL_ARG=${{ github.event.client_payload.targetRepo }}" | tee -a $GITHUB_ENV + - name: Set Branch Name based on targetRef + id: set-branch-name + run: | + if [ "${{ env.TARGET_REPO_BRANCH }}" == "main" ]; then + echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}_${{ env.TARGET_REPO_BRANCH }}" | tee -a $GITHUB_ENV + else + echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}" | tee -a $GITHUB_ENV + fi + - name: Check Open PRs for Existing Branch id: check-branch uses: actions/github-script@v7 @@ -41,8 +50,8 @@ jobs: repo, state: "open" }); - // Filter out ones matching the KFUTIL_ARG from payload (repository_dispatch) or input (workflow_dispatch) - const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.KFUTIL_ARG }}'); // Look for an existing branch with the orchestrator repo name + // Filter out ones matching our branch naming convention + const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.BRANCH_NAME }}'); const isBranch = (filteredData.length > 0) if (isBranch) { const { @@ -54,9 +63,9 @@ jobs: } else { core.setOutput('PR_BRANCH', 'create') // No branch, create one } - console.log(`Branch exists?`) - console.log(filteredData.length > 0) - console.log(`targetRepo: ${{env.KFUTIL_ARG}}`) + console.log(`Branch exists? ${filteredData.length > 0}`) + console.log(`Branch name: ${{env.BRANCH_NAME}}`) + - name: set env.PR_BRANCH value for jobs run: | echo "PR_BRANCH=${{steps.check-branch.outputs.PR_BRANCH}}" | tee -a $GITHUB_ENV @@ -72,7 +81,7 @@ jobs: cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} - ref: '${{env.KFUTIL_ARG}}' + ref: '${{env.BRANCH_NAME}}' # If the branch does not exist, first check out the main branch from kfutil. - name: Check out main @@ -160,13 +169,13 @@ jobs: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: add: | - store_types.json + store_types.json ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io cwd: './merge-folder/' - new_branch: ${{env.KFUTIL_ARG}} + new_branch: ${{env.BRANCH_NAME}} - name: Add and Commit to existing branch if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'commit' }} @@ -187,18 +196,14 @@ jobs: uses: actions/github-script@v7 with: script: | - console.log(`Created ${{env.KFUTIL_ARG}} `) - console.log("Commit to ${{env.KFUTIL_ARG}} for PR") + console.log(`Created ${{env.BRANCH_NAME}} `) + console.log("Commit to ${{env.BRANCH_NAME}} for PR") const owner = context.repo.owner; const repo = context.repo.repo; - - // Get the current branch name that the workflow is running on - const baseBranch = context.payload.ref ? + const baseBranch = context.payload.ref ? context.payload.ref.replace('refs/heads/', '') : 'main'; - console.log(`Base branch for PR: ${baseBranch}`); - - const newBranch = '${{env.KFUTIL_ARG}}'; + const newBranch = '${{env.BRANCH_NAME}}'; const response = await github.rest.pulls.create({ owner, repo, @@ -208,5 +213,3 @@ jobs: body: 'The cert store update from ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} needs to be verified and merged if correct.', }); console.log(`Pull request created: ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} : ${response.data.html_url}`); - env: - GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 133364f..e5ade56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +# v1.8.5 + +## Chores + +- `store-types`: Rename `BIPCamera` to `BoschIPCamera` store-type. +- `store-types`: Add `AxisIPCamera` store-type. +- `store-types`: Update internal definitions to latest from Keyfactor GitHub repos. + +# v1.8.4 + +## Chores + +- `store-types`: Update internal definitions to latest from Keyfactor GitHub repos. + # v1.8.3 ## Chores diff --git a/cmd/store_types.json b/cmd/store_types.json index 6fac9af..a8314b3 100644 --- a/cmd/store_types.json +++ b/cmd/store_types.json @@ -17,6 +17,19 @@ "OnRemove": false, "OnReenrollment": false } + }, + { + "Name": "PreserveExistingTags", + "DisplayName": "Preserve Existing Tags", + "Description": "If true, this will perform a union of any tags provided with enrollment with the tags on the existing cert with the same alias and apply the result to the new certificate.", + "Type": "Bool", + "DefaultValue": "False", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } } ], "JobProperties": [], @@ -957,7 +970,7 @@ "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden", - "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the the \"host\" value from the API credentials file.", + "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the \"host\" value from the API credentials file.", "StorePathDescription": "The Akamai network the certificate will be managed from. Value can be either \"Production\" or \"Staging\"." }, { @@ -1064,6 +1077,77 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, + { + "Name": "Axis IP Camera", + "ShortName": "AxisIPCamera", + "Capability": "AxisIPCamera", + "ServerRequired": true, + "BlueprintAllowed": false, + "PowerShell": false, + "CustomAliasAllowed": "Required", + "PrivateKeyAllowed": "Forbidden", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the username of the configured \"service\" user on the camera" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the password of the configured \"service\" user on the camera" + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be \"True\"" + } + ], + "EntryParameters": [ + { + "Name": "CertUsage", + "DisplayName": "Certificate Usage", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": false, + "OnReenrollment": true + }, + "Options": "HTTPS,IEEE802.X,MQTT,Trust,Other", + "Description": "The Certificate Usage to assign to the cert after enrollment. Can be left 'Other' to be assigned later." + } + ], + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `0b7c3d2f9e8a`", + "StorePathType": "", + "StorePathValue": "", + "JobProperties": [] + }, { "Name": "Azure App Registration (Application)", "ShortName": "AzureApp", @@ -1390,8 +1474,8 @@ }, { "Name": "Bosch IP Camera", - "ShortName": "BIPCamera", - "Capability": "BIPCamera", + "ShortName": "BoschIPCamera", + "Capability": "BoschIPCamera", "PrivateKeyAllowed": "Optional", "ServerRequired": true, "PowerShell": false, @@ -3133,7 +3217,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -4055,6 +4139,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4169,6 +4262,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4283,6 +4385,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4406,6 +4517,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4556,6 +4676,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4670,6 +4799,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -5015,7 +5153,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -5150,7 +5288,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Optional string value specifying the name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing private keys. Example: 'Microsoft Strong Cryptographic Provider'." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", diff --git a/pkg/version/version.go b/pkg/version/version.go index 85a1ebe..bdafaf6 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -15,7 +15,7 @@ package version var ( - VERSION = "1.8.4" - BUILD_DATE = "2025-09-10" + VERSION = "1.8.5" + BUILD_DATE = "2025-10-22" COMMIT = "HEAD" ) diff --git a/store_types.json b/store_types.json index 6fac9af..02eed62 100644 --- a/store_types.json +++ b/store_types.json @@ -17,6 +17,19 @@ "OnRemove": false, "OnReenrollment": false } + }, + { + "Name": "PreserveExistingTags", + "DisplayName": "Preserve Existing Tags", + "Description": "If true, this will perform a union of any tags provided with enrollment with the tags on the existing cert with the same alias and apply the result to the new certificate.", + "Type": "Bool", + "DefaultValue": "False", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } } ], "JobProperties": [], @@ -421,34 +434,6 @@ "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." }, - { - "Name": "Airlock Application Firewall Certificate", - "ShortName": "AirlockWAF", - "Capability": "AirlockWAF", - "LocalStore": false, - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": true, - "Enrollment": false, - "Remove": false - }, - "Properties": [], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": true, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Required", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Allowed" - }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", @@ -957,7 +942,7 @@ "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden", - "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the the \"host\" value from the API credentials file.", + "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the \"host\" value from the API credentials file.", "StorePathDescription": "The Akamai network the certificate will be managed from. Value can be either \"Production\" or \"Staging\"." }, { @@ -1064,6 +1049,77 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, + { + "Name": "Axis IP Camera", + "ShortName": "AxisIPCamera", + "Capability": "AxisIPCamera", + "ServerRequired": true, + "BlueprintAllowed": false, + "PowerShell": false, + "CustomAliasAllowed": "Required", + "PrivateKeyAllowed": "Forbidden", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the username of the configured \"service\" user on the camera" + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": true, + "Description": "Enter the password of the configured \"service\" user on the camera" + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be \"True\"" + } + ], + "EntryParameters": [ + { + "Name": "CertUsage", + "DisplayName": "Certificate Usage", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": false, + "OnReenrollment": true + }, + "Options": "HTTPS,IEEE802.X,MQTT,Trust,Other", + "Description": "The Certificate Usage to assign to the cert after enrollment. Can be left 'Other' to be assigned later." + } + ], + "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.", + "StorePathDescription": "Enter the Serial Number of the camera e.g. `0b7c3d2f9e8a`", + "StorePathType": "", + "StorePathValue": "", + "JobProperties": [] + }, { "Name": "Azure App Registration (Application)", "ShortName": "AzureApp", @@ -1390,8 +1446,8 @@ }, { "Name": "Bosch IP Camera", - "ShortName": "BIPCamera", - "Capability": "BIPCamera", + "ShortName": "BoschIPCamera", + "Capability": "BoschIPCamera", "PrivateKeyAllowed": "Optional", "ServerRequired": true, "PowerShell": false, @@ -3133,7 +3189,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -4055,6 +4111,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4169,6 +4234,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4283,6 +4357,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4406,6 +4489,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4556,6 +4648,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -4670,6 +4771,15 @@ "Type": "String", "DefaultValue": "", "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting." + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True", + "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" } ], "EntryParameters": [], @@ -5015,7 +5125,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN", @@ -5150,7 +5260,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "Optional string value specifying the name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing private keys. Example: 'Microsoft Strong Cryptographic Provider'." + "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'" }, { "Name": "SAN",