v0.13.0 - Enables adding a custom timeout for requests

• Enables adding a custom timeout for requests by fixing bug below
• Fixes bug for current server_timeout role attribute

Important

Starting this version default timeout that enrollment request will have, will be 180 seconds

e6d1d96c6410776ec3bcb7b6e39e7fe44d0ba28f02ea90bc447ef68b52206996  venafi-pki-backend_v0.13.0_darwin.zip
1ef2175296e8bdc53355d05ca9ffec4ad7fbc7cf2104ee80c8244dee1287cb50  venafi-pki-backend_v0.13.0_linux.zip
f9cec53901b1e9a3ae023422dcac64c8bafce32d44abee658647a262376a2de7  venafi-pki-backend_v0.13.0_linux86.zip
f54fc7aa9fef8339b801b7863da580f9c3609d8cbd43c952df15ec84a51e5347  venafi-pki-backend_v0.13.0_windows.zip
29e8e55e17e18c3c6326ddf11e11ce305dc13ede433a5f6b583f402c82a31f6b  venafi-pki-backend_v0.13.0_windows86.zip

Bumped versions of plugin libraries

Compiled with Go version 1.21.1

• Updated Go from 1.17 version to 1.21.1 version [GH#128]

• Updated following libraries:

  • Vault SDK from 0.1.13 to 0.10.0 version [GH#128]
  • Vault API from 1.0.4 to 1.10.0 version [GH#128]
  • VCert from to 4.22.1 to 5.1.1 [GH#130]

• Adds ability to add a custom client ID for the venafi secret [GH#108], [GH#128]

ab6963f3a5109080f4c2df18c5c939c4f5c293fa2aa9918fb24e01a57a0e5745  venafi-pki-backend_v0.12.2_darwin.zip
820c1f36dba7a95b9a46f993cd087b6ba44299429398268cbf1a3c13fa795f6d  venafi-pki-backend_v0.12.2_linux.zip
7304816b40be3a010dfa4c0dad9eaff9c815e11cb0efd09873f62c579372f164  venafi-pki-backend_v0.12.2_linux86.zip
3afe5a5a8b5df69f6cf311f7b1b285b514f3106bcd8a5a523889b96aa7724d3c  venafi-pki-backend_v0.12.2_windows.zip
36fa2779d7de5122a48a66ccd014e05a09f1024f941b11d8afe893b56a2b13f4  venafi-pki-backend_v0.12.2_windows86.zip

Added attributes to ignore local storage and change cert time left considered to be valid at issue path, bug fix, more logs and code-signed binaries

Compiled with Go version: 1.17

• Added ignore_local_storage and min_cert_time_left new attributes at issue path, which
  bypasses prevent-reissue-local feature, if enabled, and requests the certificate, and handles
  certificate time left considered to be valid, respectively
• Fixes bug that wouldn't let to create venafi secret in a Vault cluster environment where refresh tokens were provided
• Added more logs for refresh token process
• Starting from release, binaries are signed

17c2ba31c531543b8042c7a6adbfde77e414cc816834b86d6de44decc9d791dc  venafi-pki-backend_v0.12.1_darwin.zip
de3e00470001421e80a5f181a1586bbe654917700e35ee370d74e38e728aa9b4  venafi-pki-backend_v0.12.1_linux.zip
72bf9c2660dbf64dacd4446c16cbb5ca64cadcbb18e49ef01ad5b760c2248354  venafi-pki-backend_v0.12.1_linux86.zip
dbc08b2ca497de9f49ef209a6592e11991a5570f18f33f032f41977db614a191  venafi-pki-backend_v0.12.1_windows.zip
26402fb887397495447027d8dd32780ecf177c0e63b0d89d8ff28477bbb53f1d  venafi-pki-backend_v0.12.1_windows86.zip

Introduced proactive refresh, parallel handling and ignore local storage

• Introduced proactive refresh feature, which relies on now handling refreshing the access_token by passing to refresh tokens in the venafi secret (refresh_token and refresh_token_2)
• Solved scenario when many requests are send in parallel
• Added flag ignore_local in role parameters to always ignore local storage when issuing a certificate

3dd294e6f813e1f3854c49d86a2a8398b415a0b2fa0f695cf84824cf4b91cd7e  venafi-pki-backend_v0.12.0_darwin.zip
503f27e683511ebca5883fe019931ece9e31749fa391e7636fb9768548d601a4  venafi-pki-backend_v0.12.0_linux.zip
a9778161ab6dc6edc0d28eb598616e335dc62820bd690c03a719fa2b53737a77  venafi-pki-backend_v0.12.0_linux86.zip
627f2a907065d6083c30525dfcefb18f691ae44a9c0a3ee95d995e250f3673cc  venafi-pki-backend_v0.12.0_windows.zip
3c0d76aef0f3a2ae83d6fcc4dc83e98f0c02e76c665cc8859bc6b79ff587ebbd  venafi-pki-backend_v0.12.0_windows86.zip

Introduced store by hash. Added ability to prevent issuance with local storage

Introducing store by hash

We enabled capability to store certificates by hash. The hash is generated by:

Common Name + SAN DNS + Zone

It's required to set any of (at least one): Common Name or SAN DNS.

Using Prevent Re-issue Local

We added the ability to prevent issuance of a certificate if it already exists inside Vault storage. The certificate ID inside Vault will be the hash string we generate, that will help us in order to load requested certificate from local storage.

Setting the following attributes in the role (all of them are required):

• min_cert_time_left: Golang's duration format string (e.g. 24h, 23h5m20s, 10000s, etc.)
• store_by="hash"
• store_pkey=true

3d42133178e6e3e7b16b5417b1b1293989198df39979c033100907fd3c390c0a  venafi-pki-backend_v0.11.0_darwin.zip
bd8f0ebf1409a296a0ddd34d505b113899528fa2f3624d8ab9c4ec9e55dbc50f  venafi-pki-backend_v0.11.0_linux.zip
5eb685e3b2b2ded027ea3e8dae39331b2fab6bf4329eaece8ad697fa692c408a  venafi-pki-backend_v0.11.0_linux86.zip
4dc3ac5c0e1d942df2f5d5b4c8aa4f7900cde726b690f2a2fa88eb7a48a8a191  venafi-pki-backend_v0.11.0_windows.zip
72f0aceff20833a2a74b9bdecd7f18ca34ae9ac34ca8d4988e053d695e176c16  venafi-pki-backend_v0.11.0_windows86.zip

Fixed a bug in Prevent-reissue feature

• Fixed a bug that prevented VaaS search to work properly when using the Prevent-reissue feature on cases where the CN wasn't included in SAN DNS during issue operation.

fde8690c4aef34dc6b1858dc564a5aa70415a5fd0287d7490886733e9f942a5d  venafi-pki-backend_v0.10.6_darwin.zip
1b6624a907ed8647a69315e8d3b6ad12a5e561e303a30f0f00c160d01f6b23b7  venafi-pki-backend_v0.10.6_linux.zip
14c92e9861b8b7a2ef59849767153a4d96615bbd84c0ef64c50d3106b8e050ef  venafi-pki-backend_v0.10.6_linux86.zip
1f1f734bce711c14f19e93202aff96b302b6e8949da9409bf3fee241839e4426  venafi-pki-backend_v0.10.6_windows.zip
1b114c9bb9b27b0b4c634234adefa581b4b23d2f56e85b42bc366b4bce3f6fdc  venafi-pki-backend_v0.10.6_windows86.zip

Added ability to prevent a duplicate issuance of certificates

We added the ability to prevent issuance of a certificate if it already exists inside Vault storage, setting the following attributes in the role:

• min_cert_time_left: Golang's duration format string (e.g. 24h, 23h5m20s, 10000s, etc.)
• store_by="serial"
• store_pkey=true

298d4af17bf4d811423ddab675ce22af3104d2e81b9d89d606c659dd0fac557f  venafi-pki-backend_v0.10.5_darwin.zip
4b1697b2f09220f3af20f81557a175487f4aaab8686e49f4d9dea07a7cc3021b  venafi-pki-backend_v0.10.5_linux.zip
29d4bb89f8cb8ddf0cbc5c4a0464decc6f4c4fa8176a7c102e3a07e614e8e4b6  venafi-pki-backend_v0.10.5_linux86.zip
347c1110bdfc045667addab5499ce7152005b0745bb4312d2fab174c81a5f6c6  venafi-pki-backend_v0.10.5_windows.zip
f74529c5a46077e4217a6b5454afb087d24d478cda0e6a34fc9f70506e60ef42  venafi-pki-backend_v0.10.5_windows86.zip

Fixed a thread locking bug

• Fixed a bug that locked thread resources and reduced performance.
• Fixed validation of certificates when is not CSR signed

2662e808eff346acfc4130321cda752fac2114a8c147d8d337fcfc4e331428be  venafi-pki-backend_v0.10.4_darwin.zip
477ec64b7c745ae0c54f56797fa56bb36d8985b0c5187b435d61075cec0508bb  venafi-pki-backend_v0.10.4_linux.zip
4fb04d22dca85fc9dfe0bb6c2d94004e57f5b9a27aa6e1b5944c0afb7859b2f9  venafi-pki-backend_v0.10.4_linux86.zip
6285e70a44da166fdad4bb8e5b078e545a18ea878d0d6f70ed5e3322f3d58bb4  venafi-pki-backend_v0.10.4_windows.zip
cd7e0e3917972cdc6e0f9cda55cfa316baf4ffc38041a04d936c7edbade3408b  venafi-pki-backend_v0.10.4_windows86.zip

Fixed a bug about storing private keys behavior and validation of certificate mismatch

• Fixed a bug in private key storage which would store keys encrypted within the Vault. By applying this fix they are now stored unencrypted and they are only encrypted during output if key_password attribute is provided during create and read operations.
• Added validation preventing to store and present mismatched key-pairs.

f27074dff9a8dd91ec1183ecdab88e7ae5413c6c4192bed382b664c815d33c07  venafi-pki-backend_v0.10.3_darwin.zip
e93313b72c3fe47d832b23029248e2b024048aa6215bbfd25e1655a10169bd89  venafi-pki-backend_v0.10.3_linux.zip
75a056ddbbe54444ae8116e759a14b47a9140066264fdf4e58ab35233b6277c4  venafi-pki-backend_v0.10.3_linux86.zip
321708afa754d385a6e141440c4fa8e7b6f1d5fc92a438ea4bdf015f8892d230  venafi-pki-backend_v0.10.3_windows.zip
051dbd53cdad061cafd6f83b901fdbd9f294f980e13af53fdd287baa70defdd0  venafi-pki-backend_v0.10.3_windows86.zip

Fixed issue with revocation while disabling secrets engine

• Added a validation of the operation being performed by vault while disabling the secrets engine so it wont try to revoke certificates issued by the secrets engine.

3ba11f4b17f66b892e567076bbc947f99bbf8dcf92a83da89bea83bf3dc2b855  venafi-pki-backend_v0.10.2_darwin.zip
4db3d2fc2bac658c0e064b31b7bad8c590f1396932a44784fc010582bc220ee7  venafi-pki-backend_v0.10.2_linux.zip
7d47e5476843b1a6aa146b74614f1ad685a712d3e88fbd845d376710be1cea0d  venafi-pki-backend_v0.10.2_linux86.zip
92e8cda6c2bf3b7067447a5ff81836b5d95ef05491b1fc139839b315fc65bec7  venafi-pki-backend_v0.10.2_windows.zip
e78ce5184a42a439fe8c5ecf3aa6f6db02d7dc59e5b062ad6d58d9042aae36d1  venafi-pki-backend_v0.10.2_windows86.zip