9754629a2b
Update AWS auth docs for SHA-1 deprecation We now recommend `/rsa2048` as the preferred AWS signature moving foward, as `/pkcs7` and `/signature` will stop working by default in Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment due to the move to Go 1.18. I also took this oppoturnity to try to make the docs less confusing and more consistent with all of the usages of signature, PKCS#7, DSA, and RSA terminology. Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
6 lines
464 B
Plaintext
6 lines
464 B
Plaintext
~> **Note**: Starting in Vault 1.12, only the `pkcs7` login flow with the AWS
|
|
[`/rsa2048` signature endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html)
|
|
credentials will work by default due to the deprecation of SHA-1-based signatures.
|
|
Please see [the deprecation FAQ](/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
|
|
for more details and a workaround.
|