luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/builtin/credential/aws
History
Christopher Swenson a49f1b9e6b
Update AWS auth method certificates (#15719) 
Update AWS auth method certificates

Add tests that the `rsa2048` document can also be verified using the
`pkcs7` field for AWS auth.

Due to the use of SHA-1-based signatures for the `identity` and `pkcs7`
methods, we want to encourage moving toward using the RSA 2048 workflow,
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html

This doesn't require code changes for Vault necessarily, but adding in
the (many) certificates will help end users.

Also adds `rsa2048` option to API to fetch the RSA 2048 signature.

I will make a PR to update to the AWS auth docs to document the RSA 2048
flow soon after this.
2022-06-01 10:26:17 -07:00
..
cmd/aws
pkcs7 Remove spurious fmt.Printf calls including one of a key (#15344) 2022-05-19 12:27:02 -07:00
backend.go Move awsutil over to the go-secure-stdlib version (#12128) 2021-07-20 20:42:00 -04:00
backend_e2e_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
backend_test.go Update AWS auth method certificates (#15719) 2022-06-01 10:26:17 -07:00
certificates.go Update AWS auth method certificates (#15719) 2022-06-01 10:26:17 -07:00
cli.go Allow auto-detection of AWS region when using the vault CLI (#14051) 2022-02-14 12:01:27 -08:00
client.go Move awsutil over to the go-secure-stdlib version (#12128) 2021-07-20 20:42:00 -04:00
path_config_certificate.go Update AWS auth method certificates (#15719) 2022-06-01 10:26:17 -07:00
path_config_client.go Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 2021-07-15 20:17:31 -04:00
path_config_client_test.go
path_config_identity.go Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 2021-07-15 20:17:31 -04:00
path_config_identity_test.go
path_config_rotate_root.go Fix auth/aws so that config/rotate-root saves new key pair to vault (#12715) 2021-10-19 10:26:47 -04:00
path_config_rotate_root_test.go reformat using 'make fmt' (#13794) 2022-01-27 10:06:34 -08:00
path_config_sts.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
path_config_tidy_identity_accesslist.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
path_config_tidy_roletag_denylist.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
path_identity_accesslist.go
path_login.go aws auth displayName (#14954) 2022-04-08 14:37:49 -07:00
path_login_test.go
path_role.go [VAULT-1986] Cap AWS Token TTL based on Default Lease TTL (#12026) 2021-07-15 10:05:38 -07:00
path_role_tag.go Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 2021-07-15 20:17:31 -04:00
path_role_test.go Move awsutil over to the go-secure-stdlib version (#12128) 2021-07-20 20:42:00 -04:00
path_roletag_denylist.go
path_tidy_identity_accesslist.go builtin: deprecate errwrap.Wrapf() throughout (#11430) 2021-04-22 11:20:59 -04:00
path_tidy_roletag_denylist.go builtin: deprecate errwrap.Wrapf() throughout (#11430) 2021-04-22 11:20:59 -04:00