You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In multiple places in vcert help documentation we refer to to VAAS or VCP.
As far as I can tell these are both Acronyms for the same backend system.
We should strive to use one of the other if they are interchangeable.
STEPS TO REPRODUCE
vcert getcred -h
EXPECTED RESULTS
ACTUAL RESULTS
For example with vcert getcred command uses both terms within the hep
NAME:
vcert getcred - To obtain a new access token for authentication
USAGE:
vcert getcred --email <email address for Venafi Control Plane headless registration> [--password <password>] [--format (text|json)]
vcert getcred -p vcp --token-url <VCP token url> --external-jwt <JWT from Identity Provider>
vcert getcred -u https://tpp.example.com --username <TPP user> --password <TPP user password>
vcert getcred -u https://tpp.example.com --p12-file <PKCS#12 client cert> --p12-password <PKCS#12 password> --trust-bundle /path-to/bundle.pem
vcert getcred -u https://tpp.example.com -t <TPP refresh token>
vcert getcred -u https://tpp.example.com -t <TPP refresh token> --scope <scopes and restrictions>
vcert getcred -p tpp -u https://tpp.example.com -t <TPP refresh token>
vcert getcred -p oidc -u https://authorization-server.com/oauth/token --username <okta user> --password <okta user password> --scope okta.behaviors.manage
vcert getcred -p oidc -u https://authorization-server.com/oauth/token --client-id <okta client id> --client-secret <okta client secret> --scope okta.behaviors.manage
OPTIONS:
--audience value Use to specify the audience param to get an access token for OAuth 2.0 identity providers
supporting it like Auth0.
--client-id value Use to specify the application that will be using the token. (default: "vcert-cli")
--client-secret value Use to specify the client secret to get authorization from an OAuth 2.0 identity provider.
--config value Use to specify INI configuration file containing connection details instead
For TPP: url, access_token, tpp_zone
For VaaS: cloud_apikey, cloud_zone
TPP & VaaS: trust_bundle, test_mode
--device-url value REQUIRED/Firefly working in device flow. The url endpoint of the OAuth 2.0 identity provider to request a device code. Example for Okta: --device-url https://${yourOktaDomain}/device
--email value REQUIRED/VaaS. Use to specify the email for headless registration on VaaS.
--external-jwt value REQUIRED/VCP. Use to specify the JWT of the Identity Provider associated with the service account that is requesting a new access token for Venafi Control Plane. Use in combination with --token-url option.
--format value Use to output credentials in an alternate format. Example: --format json
--no-prompt Use to exclude credential and password prompts. If you enable the prompt and you enter incorrect information, an error is displayed. This is useful with scripting. (default: false)
--p12-file value Use to specify a client PKCS#12 archive for mutual TLS (for 2FA, use the getcred action to authenticate with Venafi Platform using a client certificate).
--p12-password value Use to specify the password for a client PKCS#12 archive. Use in combination with --p12-file option.
--password value Use to specify the Trust Protection Platform user's password or the optional password for the headless registration in VaaS or the password for OAuth 2.0 password flow grant.
--platform value, -p value Use to specify the platform VCert will use to execute the given command. Only accepted values are:
For getcred command: --platform [TPP | VAAS | OIDC]
For enroll command: --platform [TPP | VAAS | FIREFLY]
--pm Use to request policy management scope - configuration:manage (default: false)
--profile value Use to specify effective section in INI configuration file specified by --config option.
--scope value Use to request specific scopes and restrictions. (default: "certificate:manage,revoke")
--ssh Use to request a ssh certificate scope - ssh:manage (default: false)
--token value, -t value REQUIRED/TPP/VaaS/Firefly. Your access token (or refresh token for getcred) for Trust Protection Platform, Venafi as a Service or Firefly. Example: -t Ab01Cd23Ef45Uv67Wx89Yz==
--token-url value REQUIRED/VCP. Use to specify the URL to retrieve an access token for Venafi Control Plane. Use in combination with --external-jwt flag.
Example: --token-url https://api.venafi.cloud/v1/oauth2/v2.0/aaaaaaaa-bbbb-cccc/token
--trust-bundle value Use to specify a PEM file name to be used as trust anchors when communicating with the remote server.
--url value, -u value REQUIRED/TPP/Firefly/OIDC. The URL of the service.
TPP example: -u https://tpp.example.com
Firefly example: -u https://firefly.example.com
OIDC example: -u https://my.okta.domain//oauth2/v1/token
--username value Use to specify the username of a Trust Protection Platform or the username of OAuth 2.0 password flow grant.Required if -p12-file or -t is not present and may not be combined with either.
--verbose Use to increase the level of logging detail, which is helpful when troubleshooting issues (default: false)
--help, -h show help
Under vcert -h we are more consistent with the terminology:
Venafi Certificate Utility
Version: v5.7.1
Build Timestamp: 20240607.180655
USAGE:
vcert [global options] command [command options] [arguments...]
AUTHOR:
Ryan Treat <[email protected]>
Russel Vela <[email protected]>
Luis Presuel <[email protected]>
Marcos Albornoz <[email protected]>
ACTIONS:
Command Platform Description
gencsr To generate a certificate signing request (CSR)
enroll tpp | vcp | firefly To enroll a certificate
pickup tpp | vcp To retrieve a certificate
renew tpp | vcp To renew a certificate
retire tpp | vcp To retire a certificate
revoke tpp To revoke a certificate
run tpp | vcp | firefly To retrieve and install certificates using a vcert playbook file
provision vcp To provision a certificate to cloud keystore
getpolicy tpp | vcp To retrieve the certificate policy of a zone
setpolicy tpp | vcp To apply a certificate policy specification to a zone
getcred tpp | vcp | oidc To obtain a new authentication token from any Venafi platform or to register for a new Venafi Control Plane user API key
checkcred tpp To check the validity of a Trust Protection Platform token and grant
voidcred tpp To invalidate a Trust Protection Platform authentication token
sshenroll tpp To enroll an SSH certificate
sshpickup tpp To retrieve an SSH certificate
sshgetconfig tpp To get the SSH CA public key and default principals
Using: vcp|tpp|firefly|oidc -> no VAAS mention.
ENVIRONMENT DETAILS
vcert version v5.7.1
COMMENTS/WORKAROUNDS
Note this probably affects most commands.
The text was updated successfully, but these errors were encountered:
PROBLEM SUMMARY
In multiple places in
vcerthelp documentation we refer to toVAASorVCP.As far as I can tell these are both Acronyms for the same backend system.
We should strive to use one of the other if they are interchangeable.
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
For example with
vcert getcredcommand uses both terms within the hepUnder
vcert -hwe are more consistent with the terminology:Using:
vcp|tpp|firefly|oidc-> noVAASmention.ENVIRONMENT DETAILS
COMMENTS/WORKAROUNDS
Note this probably affects most commands.
The text was updated successfully, but these errors were encountered: