10ecf10248
* PKI: Add support for signature_bits param to the intermediate/generate api - Mainly to work properly with GCP backed managed keys, we need to issue signatures that would match the GCP key algorithm. - At this time due to https://github.com/golang/go/issues/45990 we can't issue PSS signed CSRs, as the libraries in Go always request a PKCS1v15. - Add an extra check in intermediate/generate that validates the CSR's signature before providing it back to the client in case we generated a bad signature such as if an end-user used a GCP backed managed key with a RSA PSS algorithm. - GCP ignores the requested signature type and always signs with the key's algorithm which can lead to a CSR that says it is signed with a PKCS1v15 algorithm but is actually a RSA PSS signature * Add cl * PR feedback |
||
|---|---|---|
| .. | ||
| database | ||
| framework | ||
| helper | ||
| logical | ||
| physical | ||
| plugin | ||
| queue | ||
| version | ||
| README.md | ||
| go.mod | ||
| go.sum | ||
README.md
Vault SDK libs
This package provides the sdk package which contains code useful for
developing Vault plugins.
Although we try not to break functionality, we reserve the right to reorganize
the code at will and may occasionally cause breaks if they are warranted. As
such we expect the tag of this module will stay less than v1.0.0.
For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.