open-vault

Commit Graph

Author	SHA1	Message	Date
Christopher Swenson	a49f1b9e6b	Update AWS auth method certificates (#15719 ) Update AWS auth method certificates Add tests that the `rsa2048` document can also be verified using the `pkcs7` field for AWS auth. Due to the use of SHA-1-based signatures for the `identity` and `pkcs7` methods, we want to encourage moving toward using the RSA 2048 workflow, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html This doesn't require code changes for Vault necessarily, but adding in the (many) certificates will help end users. Also adds `rsa2048` option to API to fetch the RSA 2048 signature. I will make a PR to update to the AWS auth docs to document the RSA 2048 flow soon after this.	2022-06-01 10:26:17 -07:00

Author

SHA1

Message

Date

Christopher Swenson

a49f1b9e6b

Update AWS auth method certificates (#15719 )

Update AWS auth method certificates

Add tests that the `rsa2048` document can also be verified using the
`pkcs7` field for AWS auth.

Due to the use of SHA-1-based signatures for the `identity` and `pkcs7`
methods, we want to encourage moving toward using the RSA 2048 workflow,
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html

This doesn't require code changes for Vault necessarily, but adding in
the (many) certificates will help end users.

Also adds `rsa2048` option to API to fetch the RSA 2048 signature.

I will make a PR to update to the AWS auth docs to document the RSA 2048
flow soon after this.

2022-06-01 10:26:17 -07:00

1 Commits