open-vault/website/content/partials/aws-sha1-deprecation.mdx

~> **Note**: Starting in Vault 1.12, only the `pkcs7` login flow with the AWS
   [`/rsa2048` signature endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html)
   credentials will work by default due to the deprecation of SHA-1-based signatures.
   Please see [the deprecation FAQ](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
   for more details and a workaround.
Update AWS auth docs for SHA-1 deprecation (#15741) Update AWS auth docs for SHA-1 deprecation We now recommend `/rsa2048` as the preferred AWS signature moving foward, as `/pkcs7` and `/signature` will stop working by default in Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment due to the move to Go 1.18. I also took this oppoturnity to try to make the docs less confusing and more consistent with all of the usages of signature, PKCS#7, DSA, and RSA terminology. Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> 2022-06-07 19:45:46 +00:00			~> Note: Starting in Vault 1.12, only the `pkcs7` login flow with the AWS
			[`/rsa2048` signature endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html)
			`credentials will work by default due to the deprecation of SHA-1-based signatures.`
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com> 2023-01-26 00:12:15 +00:00			`Please see [the deprecation FAQ](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)`
Update AWS auth docs for SHA-1 deprecation (#15741) Update AWS auth docs for SHA-1 deprecation We now recommend `/rsa2048` as the preferred AWS signature moving foward, as `/pkcs7` and `/signature` will stop working by default in Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment due to the move to Go 1.18. I also took this oppoturnity to try to make the docs less confusing and more consistent with all of the usages of signature, PKCS#7, DSA, and RSA terminology. Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> 2022-06-07 19:45:46 +00:00			`for more details and a workaround.`