diff --git a/README.md b/README.md index 1f3c9db..bf12d7b 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ -[![Venafi](https://raw.githubusercontent.com/Venafi/.github/master/images/Venafi_logo.png)](https://www.venafi.com/) [![Apache 2.0 License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) ![Community Supported](https://img.shields.io/badge/Support%20Level-Community-brightgreen) -![Compatible with TPP 17.3+ & VaaS](https://img.shields.io/badge/Compatibility-TPP%2017.3+%20%26%20VaaS-f9a90c) +![Compatible with CyberArk Certificate Manager, Self-Hosted+ & CyberArk Certificate Manager, SaaS](https://img.shields.io/badge/Compatibility-Certificate%20Manager%2C%20Self--Hosted_17.3%2B_%26Certificate%20Manager%2C%20SaaS-f9a90c) [![pypi Downloads](https://img.shields.io/pypi/dw/vcert)](https://pypi.org/project/vcert/) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=Venafi_vcert-python&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=Venafi_vcert-python) @@ -16,15 +15,15 @@ We welcome and appreciate all contributions. Got questions or want to discuss so VCert Python is a Python library and SDK designed to simplify key generation and enrollment of machine identities (also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the -[Venafi Trust Protection Platform](https://www.venafi.com/platform/trust-protection-platform) or -[Venafi as a Service](https://www.venafi.com/venaficloud). +[CyberArk Certificate Manager, Self-Hosted](https://www.cyberark.com/products/certificate-manager/) or +[CyberArk Certificate Manager, SaaS](https://www.cyberark.com/products/certificate-manager/). This implementation is based on the original Go library, https://github.com/Venafi/vcert. #### Compatibility ***Starting version 0.14.0 vcert-python only supports Python 3.6 or higher*** -VCert releases are tested using the latest version of Trust Protection Platform. The [latest VCert release](https://github.com/Venafi/vcert-python/releases/latest) should be compatible with Trust Protection Platform 17.3 or higher based on the subset of API methods it consumes. +VCert releases are tested using the latest version of CyberArk Certificate Manager, Self-Hosted. The [latest VCert release](https://github.com/Venafi/vcert-python/releases/latest) should be compatible with CyberArk Certificate Manager, Self-Hosted 17.3 or higher based on the subset of API methods it consumes. ## Installation Get the library using pip: @@ -39,18 +38,18 @@ If installation fails collecting dependancies, make sure your python setuptools ## Usage example For code samples of programmatic use, please review the files in [/examples](https://github.com/Venafi/vcert-python/tree/master/examples). -- For Trust Protection Platform, the `zone` format is the DN of a policy with or without the "\VED\Policy\" prefix (e.g. "\VED\Policy\Certificates\VCert" or simply "Certificates\VCert") -- For Venafi as a Service, the `zone` format is the name of an OutagePREDICT Application and the API Alias of an Issuing Template assigned to it delimited by a single backslash character (e.g. "My Application\My CIT") +- For CyberArk Certificate Manager, Self-Hosted, the `zone` format is the DN of a policy with or without the "\VED\Policy\" prefix (e.g. "\VED\Policy\Certificates\VCert" or simply "Certificates\VCert") +- For CyberArk Certificate Manager, SaaS, the `zone` format is the name of an OutagePREDICT Application and the API Alias of an Issuing Template assigned to it delimited by a single backslash character (e.g. "My Application\My CIT") -## Prerequisites for using with Trust Protection Platform +## Prerequisites for using with CyberArk Certificate Manager, Self-Hosted 1. A user account that has an authentication token with "certificate:manage,revoke" scope (i.e. -access to the "Venafi VCert SDK" API Application as of 20.1) or has been granted WebSDK Access +access to the "CyberArk VCert SDK" API Application as of 20.1) or has been granted WebSDK Access 2. A folder (zone) where the user has been granted the following permissions: View, Read, Write, Create, Revoke (for the revoke action), and Private Key Read (for the pickup action when CSR is service generated) 3. Policy applied to the folder which specifies: - 1. CA Template that Trust Protection Platform will use to enroll certificate requests submitted by VCert + 1. CA Template that CyberArk Certificate Manager, Self-Hosted will use to enroll certificate requests submitted by VCert 2. Subject DN values for Organizational Unit (OU), Organization (O), City (L), State (ST) and Country (C) 3. Management Type not locked or locked to 'Enrollment' 4. Certificate Signing Request (CSR) Generation not locked or locked to 'Service Generated CSR' @@ -59,22 +58,22 @@ service generated) 7. (Recommended) Key Bit Strength set to 2048 or higher 8. (Recommended) Domain Whitelisting policy appropriately assigned -The requirement for the CA Template to be assigned by policy follows a long standing Venafi best +The requirement for the CA Template to be assigned by policy follows a long standing CyberArk best practice which also met our design objective to keep the certificate request process simple for VCert users. If you require the ability to specify the CA Template with the request you can use the -TPP REST APIs but please be advised this goes against Venafi recommendations. +CyberArk Certificate Manager, Self-Hosted REST APIs but please be advised this goes against CyberArk recommendations. -## Prerequisites for using with Venafi as a Service +## Prerequisites for using with CyberArk Certificate Manager, SaaS -1. The Venafi as a Service REST API is accessible from the system where VCert +1. The CyberArk Certificate Manager, SaaS REST API is accessible from the system where VCert will be executed. Currently, we support the following regions: - - [https://api.venafi.cloud](https://api.venafi.cloud/vaas) [US] - - [https://api.venafi.eu](https://api.venafi.eu/vaas) [EU] - - [https://api.au.venafi.cloud](https://api.au.venafi.cloud/vaas) [AU] - - [https://api.uk.venafi.cloud](https://api.uk.venafi.cloud/vaas) [UK] - - [https://api.sg.venafi.cloud](https://api.sg.venafi.cloud/vaas) [SG] - - [https://api.ca.venafi.cloud](https://api.ca.venafi.cloud/vaas) [CA] -2. You have successfully registered for a Venafi as a Service account, have been granted at least the + - `https://api.venafi.cloud` [US] + - `https://api.venafi.eu` [EU] + - `https://api.au.venafi.cloud` [AU] + - `https://api.uk.venafi.cloud` [UK] + - `https://api.sg.venafi.cloud`[SG] + - `https://api.ca.venafi.cloud` [CA] +2. You have successfully registered for a CyberArk Certificate Manager, SaaS account, have been granted at least the "Resource Owner" role, and know your API key. 3. A CA Account and Issuing Template exist and have been configured with: 1. Recommended Settings values for: @@ -92,7 +91,7 @@ will be executed. Currently, we support the following regions: ## Contributing to VCert -Venafi welcomes contributions from the developer community. +CyberArk welcomes contributions from the developer community. 1. Fork it to your account (https://github.com/Venafi/vcert-python/fork) 2. Clone your fork (`git clone git@github.com:youracct/vcert-python.git`) @@ -112,8 +111,8 @@ See https://packaging.python.org/guides/installing-using-pip-and-virtual-environ ## License -Copyright © Venafi, Inc. All rights reserved. +Copyright © Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") VCert is licensed under the Apache License, Version 2.0. See [`LICENSE`](https://github.com/Venafi/vcert-python/blob/master/LICENSE) for the full license text. -Please direct questions/comments to opensource@venafi.com. +Please direct questions/comments to mis-opensource@cyberark.com. diff --git a/docs/version_history.md b/docs/version_history.md index b6e905a..cd161f2 100644 --- a/docs/version_history.md +++ b/docs/version_history.md @@ -3,7 +3,7 @@ ## Version History #### 0.18.0 -* Added support for TPP 25.1 +* Added support for CyberArk Certificate Manager, Self-Hosted 25.1 * Upgraded dependencies #### 0.17.0 * Added ability to retire certificates in both TLSPDC and TLSPC @@ -15,14 +15,14 @@ #### 0.16.0 * Fixed **[Issue 124](https://github.com/Venafi/vcert-python/issues/124)**: Fixed an issue where adding a Certificate Issuing Template to an existing Application failed * Upgraded cryptography dependency to 40.0.2 to cover a security risk CVE-2023-23931 -* Removed orgUnit field from AppDetails, as Venafi as a Service dropped the use of the field +* Removed orgUnit field from AppDetails, as CyberArk Certificate Manager, SaaS dropped the use of the field #### 0.15.0 -* Fixed **[Issue 100](https://github.com/Venafi/vcert-python/issues/100)**: Updated behavior for 'serviceGenerated' attribute on VaaS -* Fixed **[Issue 101](https://github.com/Venafi/vcert-python/issues/101)**: Added support for the following Subject Alternative Names when creating a policy on VaaS: email, IP, URI -* Closed **[Issue 102](https://github.com/Venafi/vcert-python/issues/102)**: Added support for EC private keys on VaaS -* Closed **[Issue 108](https://github.com/Venafi/vcert-python/issues/108)**: Added ability to add contacts(TPP)/owners(VaaS) to a policy when is created -* Closed **[Issue 113](https://github.com/Venafi/vcert-python/issues/113)**: Added support for legacy PKCS1 format on private keys when requesting a certificate. Default now is PKCS8 for both TPP and VaaS -* Closed **[Issue 116](https://github.com/Venafi/vcert-python/issues/116)**: Added ability to disable the following Subject fields when creating a policy on VaaS: organizations, org units, localities, states, countries +* Fixed **[Issue 100](https://github.com/Venafi/vcert-python/issues/100)**: Updated behavior for 'serviceGenerated' attribute on CyberArk Certificate Manager, SaaS +* Fixed **[Issue 101](https://github.com/Venafi/vcert-python/issues/101)**: Added support for the following Subject Alternative Names when creating a policy on CyberArk Certificate Manager, SaaS: email, IP, URI +* Closed **[Issue 102](https://github.com/Venafi/vcert-python/issues/102)**: Added support for EC private keys on CyberArk Certificate Manager, SaaS +* Closed **[Issue 108](https://github.com/Venafi/vcert-python/issues/108)**: Added ability to add contacts(CyberArk Certificate Manager, Self-Hosted)/owners(CyberArk Certificate Manager, SaaS) to a policy when is created +* Closed **[Issue 113](https://github.com/Venafi/vcert-python/issues/113)**: Added support for legacy PKCS1 format on private keys when requesting a certificate. Default now is PKCS8 for both CyberArk Certificate Manager, Self-Hosted and CyberArk Certificate Manager, SaaS +* Closed **[Issue 116](https://github.com/Venafi/vcert-python/issues/116)**: Added ability to disable the following Subject fields when creating a policy on CyberArk Certificate Manager, SaaS: organizations, org units, localities, states, countries * Updated README.md links to work on sites other than GitHub #### 0.14.0 * Closed **[Issue 90](https://github.com/Venafi/vcert-python/issues/90)**: **Dropped support for Python2. New baseline is Python 3.6+** diff --git a/examples/get_cert.py b/examples/get_cert.py index 2683b81..883ab28 100644 --- a/examples/get_cert.py +++ b/examples/get_cert.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,11 +40,11 @@ def main(): conn = Connection(fake=True) else: # Connection will be chosen automatically based on which arguments are passed. - # If token is passed Venafi Cloud connection will be used. - # If user, password, and URL Venafi Platform (TPP) will be used. + # If token is passed CyberArk Certificate Manager, SaaS connection will be used. + # If user, password, and URL CyberArk Certificate Manager, Self-Hosted will be used. conn = Connection(url=url, token=token, user=user, password=password, http_request_kwargs={'verify': False}) - # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify + # If your CyberArk Certificate Manager, Self-Hosted server certificate signed with your own CA, or available only via proxy, you can specify # a trust bundle using requests vars: # conn = Connection(url=url, token=token, user=user, password=password, # http_request_kwargs={"verify": "/path-to/bundle.pem"}) @@ -52,7 +52,7 @@ def main(): request = CertificateRequest(common_name=f"{randomword(10)}.venafi.example.com") request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"] if not isinstance(conn, CloudConnection): - # Venafi Cloud doesn't support email or IP SANs in CSR + # CyberArk Certificate Manager, SaaS doesn't support email or IP SANs in CSR request.email_addresses = ["e1@venafi.example.com", "e2@venafi.example.com"] request.ip_addresses = ["127.0.0.1", "192.168.1.1"] request.uniform_resource_identifiers = ["http://wgtest.com", "https://ragnartest.com"] diff --git a/examples/ssh_certificates/get_cert_ssh.py b/examples/ssh_certificates/get_cert_ssh.py index da33daa..f9840c5 100644 --- a/examples/ssh_certificates/get_cert_ssh.py +++ b/examples/ssh_certificates/get_cert_ssh.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,7 +32,7 @@ def main(): password = environ.get('TPP_PASSWORD') connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False}) - # If your TPP server certificate is signed with your own CA, or available only via proxy, + # If your CyberArk Certificate Manager, Self-Hosted server certificate is signed with your own CA, or available only via proxy, # you can specify a trust bundle using requests vars: # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token, # http_request_kwargs={"verify": "/path-to/bundle.pem"}) @@ -40,7 +40,7 @@ def main(): # Create an Authentication object to request a token with the proper scope to manage SSH certificates auth = Authentication(user=user, password=password, scope=SCOPE_SSH) # Additionally, you may change the default client id for a custom one - # Make sure this id has been registered on the TPP instance beforehand + # Make sure this id has been registered on the CyberArk Certificate Manager, Self-Hosted instance beforehand # Also, the user (TTP_USER) should be allowed to use this application # And the application should have the ssh permissions enabled auth.client_id = 'vcert-ssh-demo' @@ -54,8 +54,8 @@ def main(): # without the corresponding private key ssh_kp = SSHKeyPair() ssh_kp.generate(key_size=4096, passphrase="foobar") - # The path to the SSH CA in the TPP instance - # This is a placeholder. Make sure an SSH CA already exists on your TPP instance + # The path to the SSH CA in the CyberArk Certificate Manager, Self-Hosted instance + # This is a placeholder. Make sure an SSH CA already exists on your CyberArk Certificate Manager, Self-Hosted instance cadn = "\\VED\\Certificate Authority\\SSH\\Templates\\my-ca" # The id of the SSH certificate key_id = f"vcert-python-{random_word(12)}" @@ -71,10 +71,10 @@ def main(): # Include the locally-generated public key. If not set, the server will generate one for the certificate request.set_public_key_data(ssh_kp.public_key()) - # Request the certificate from TPP instance + # Request the certificate from CyberArk Certificate Manager, Self-Hosted instance success = connector.request_ssh_cert(request) if success: - # Retrieve the certificate from TPP instance + # Retrieve the certificate from CyberArk Certificate Manager, Self-Hosted instance response = connector.retrieve_ssh_cert(request) # Save the certificate to a file # The private and public key are optional values. diff --git a/examples/ssh_certificates/get_cert_ssh_service.py b/examples/ssh_certificates/get_cert_ssh_service.py index aa8e08d..178afd0 100644 --- a/examples/ssh_certificates/get_cert_ssh_service.py +++ b/examples/ssh_certificates/get_cert_ssh_service.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,7 +32,7 @@ def main(): password = environ.get('TPP_PASSWORD') connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False}) - # If your TPP server certificate signed with your own CA, or available only via proxy, + # If your CyberArk Certificate Manager, Self-Hosted server certificate signed with your own CA, or available only via proxy, # you can specify a trust bundle using requests vars: # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token, # http_request_kwargs={"verify": "/path-to/bundle.pem"}) @@ -40,7 +40,7 @@ def main(): # Create an Authentication object to request a token with the proper scope to manage SSH certificates auth = Authentication(user=user, password=password, scope=SCOPE_SSH) # Additionally, you may change the default client id for a custom one - # Make sure this id has been registered on the TPP instance beforehand + # Make sure this id has been registered on the CyberArk Certificate Manager, Self-Hosted instance beforehand # Also, the user (TTP_USER) should be allowed to use this application # And the application should have the ssh permissions enabled auth.client_id = 'vcert-ssh-demo' @@ -48,7 +48,7 @@ def main(): # After the request is successful, subsequent api calls will use the same token connector.get_access_token(auth) - # The path to the SSH CA in the TPP instance + # The path to the SSH CA in the CyberArk Certificate Manager, Self-Hosted instance cadn = "\\VED\\Certificate Authority\\SSH\\Templates\\my-ca" # The id of the SSH certificate key_id = f"vcert-python-{random_word(12)}" @@ -62,14 +62,14 @@ def main(): 'permit-pty': "" } - # Request the certificate from TPP instance + # Request the certificate from CyberArk Certificate Manager, Self-Hosted instance success = connector.request_ssh_cert(request) if success: # Optional. Define a passphrase for encryption # The service generated private key will be encrypted using this passphrase # This step should happen after the request has been invoked request.private_key_passphrase = "foobar" - # Retrieve the certificate from TPP instance + # Retrieve the certificate from CyberArk Certificate Manager, Self-Hosted instance response = connector.retrieve_ssh_cert(request) # Save the certificate, private and public key to files write_ssh_files("/path/to/ssh/cert/folder", response.certificate_details.key_id, response.certificate_data, diff --git a/examples/ssh_certificates/retrieve_ca_public_key.py b/examples/ssh_certificates/retrieve_ca_public_key.py index aed4c96..9c1fc5e 100644 --- a/examples/ssh_certificates/retrieve_ca_public_key.py +++ b/examples/ssh_certificates/retrieve_ca_public_key.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,13 +33,13 @@ def main(): password = environ.get('TPP_PASSWORD') # A Connector can be instantiated with no values by using the platform argument. - # url argument is always required for TPP. + # url argument is always required for CyberArk Certificate Manager, Self-Hosted. connector = venafi_connection(platform=VenafiPlatform.TPP, url=url, http_request_kwargs={'verify': "/tmp/chain.pem"}) # Optionally, the connector can be instantiated passing the specific arguments: # connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={"verify": False}) - # If your TPP server certificate is signed with your own CA, or available only via proxy, + # If your CyberArk Certificate Manager, Self-Hosted server certificate is signed with your own CA, or available only via proxy, # you can specify a trust bundle using requests vars: # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token, # http_request_kwargs={"verify": "/path-to/bundle.pem"}) @@ -59,7 +59,7 @@ def main(): # To retrieve the CA principals create an Authentication object with the proper scope to manage SSH certificates. auth = Authentication(user=user, password=password, scope=SCOPE_SSH) # Additionally, you may change the default client id for a custom one. - # Make sure this id has been registered on the TPP instance beforehand. + # Make sure this id has been registered on the CyberArk Certificate Manager, Self-Hosted instance beforehand. # Also, the user (TTP_USER) should be allowed to use this application # and the application should have the ssh permissions enabled. auth.client_id = 'vcert-ssh-ca-pubkey-demo' diff --git a/examples/tpp/get_cert_tpp_token.py b/examples/tpp/get_cert_tpp_token.py index f3311e2..775eb37 100644 --- a/examples/tpp/get_cert_tpp_token.py +++ b/examples/tpp/get_cert_tpp_token.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,7 +42,7 @@ def main(): # If access_token and refresh_token are passed, there is no need for the username and password. # If only access_token is passed, the Connection will fail when token expires, as there is no way to refresh it. conn = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False}) - # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify + # If your CyberArk Certificate Manager, Self-Hosted server certificate signed with your own CA, or available only via proxy, you can specify # a trust bundle using requests vars: # conn = token_connection(url=url, user=user, password=password, # http_request_kwargs={"verify": "/path-to/bundle.pem"}) diff --git a/examples/tpp/get_service_gen_cert_tpp.py b/examples/tpp/get_service_gen_cert_tpp.py index 524d3f9..bd9e8ce 100644 --- a/examples/tpp/get_service_gen_cert_tpp.py +++ b/examples/tpp/get_service_gen_cert_tpp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,9 +33,9 @@ def main(): server_trust_bundle = environ.get('TPP_TRUST_BUNDLE') # Connection will be chosen automatically based on which arguments are passed. - # If token is passed Venafi Cloud connection will be used. - # If user, password, and URL Venafi Platform (TPP) will be used. - # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify + # If token is passed CyberArk Certificate Manager, SaaS connection will be used. + # If user, password, and URL CyberArk Certificate Manager, Self-Hosted will be used. + # If your CyberArk Certificate Manager, Self-Hosted server certificate signed with your own CA, or available only via proxy, you can specify # a trust bundle using http_request_kwargs. conn = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': server_trust_bundle}) @@ -55,7 +55,7 @@ def main(): request.key_password = 'Foo.Bar.Pass.123!' # Specify ordering certificates in chain. Root can be CHAIN_OPTION_FIRST ("first") # or CHAIN_OPTION_LAST ("last"). By default it is CHAIN_OPTION_LAST. - # You can also specify CHAIN_OPTION_IGNORE ("ignore") to ignore chain (supported only for TPP). + # You can also specify CHAIN_OPTION_IGNORE ("ignore") to ignore chain (supported only for CyberArk Certificate Manager, Self-Hosted). # request.chain_option = CHAIN_OPTION_FIRST # To set Custom Fields for the certificate, specify an array of CustomField objects as name-value pairs # request.custom_fields = [ diff --git a/examples/tpp/set_policy_tpp_token.py b/examples/tpp/set_policy_tpp_token.py index 7a6618c..30bc91c 100644 --- a/examples/tpp/set_policy_tpp_token.py +++ b/examples/tpp/set_policy_tpp_token.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,7 +45,7 @@ def main(): # Create Authentication object with required scope for policy management. auth = Authentication(user=user, password=password, scope=SCOPE_PM) # Additionally, change the client id for a custom one. - # Make sure this id has been registered on the TPP instance beforehand. + # Make sure this id has been registered on the CyberArk Certificate Manager, Self-Hosted instance beforehand. auth.client_id = 'vcert-tpp-demo' # Request access token with values specified in auth object. @@ -58,7 +58,7 @@ def main(): # ps = json_parser.parse_file('path/to/file.json') # ps = yaml_parser.parse_file('path/to/file.yaml') - # All of the following values can be omitted to create a Policy with inherited (TPP) or recommended (Cloud) settings + # All of the following values can be omitted to create a Policy with inherited (CyberArk Certificate Manager, Self-Hosted) or recommended (CyberArk Certificate Manager, SaaS) settings ps.policy = Policy( subject=Subject( orgs=['OSS Venafi, Inc.'], @@ -105,7 +105,7 @@ def main(): # If the policy already exists, it will be updated instead with the new settings connector.set_policy(zone, ps) - # Retrieve the Policy from the Venafi Platform + # Retrieve the Policy from the CyberArk Platform response = connector.get_policy(zone) # Transform the PolicySpecification object to a serializable form diff --git a/examples/vaas/get_service_gen_cert_vaas.py b/examples/vaas/get_service_gen_cert_vaas.py index 5dbc653..da9c4c3 100644 --- a/examples/vaas/get_service_gen_cert_vaas.py +++ b/examples/vaas/get_service_gen_cert_vaas.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,13 +26,13 @@ def main(): # Get credentials from environment variables - url = environ.get('VAAS_URL') # Optional, only use when connecting to a specific VaaS server + url = environ.get('VAAS_URL') # Optional, only use when connecting to a specific CyberArk Certificate Manager, SaaS server api_key = environ.get('VAAS_APIKEY') zone = environ.get('VAAS_ZONE') # Connection will be chosen automatically based on which arguments are passed. - # If api_key is passed, Venafi Cloud connection will be used. - # url attribute is no required when connecting to production VaaS platform + # If api_key is passed, CyberArk Certificate Manager, SaaS connection will be used. + # url attribute is no required when connecting to production CyberArk Certificate Manager, SaaS platform conn = venafi_connection(url=url, api_key=api_key) # Build a Certificate request diff --git a/examples/vaas/set_policy_vaas.py b/examples/vaas/set_policy_vaas.py index 18717d6..fb400ba 100644 --- a/examples/vaas/set_policy_vaas.py +++ b/examples/vaas/set_policy_vaas.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,7 +42,7 @@ def main(): # ps = json_parser.parse_file('path/to/file.json') # ps = yaml_parser.parse_file('path/to/file.yaml') - # All of the following values can be omitted to create a Policy with inherited (TPP) or recommended (Cloud) settings + # All of the following values can be omitted to create a Policy with inherited (CyberArk Certificate Manager, Self-Hosted) or recommended (CyberArk Certificate Manager, SaaS) settings ps.policy = Policy( subject=Subject( orgs=['OSS Venafi, Inc.'], @@ -89,7 +89,7 @@ def main(): # If the policy already exists, it will be updated instead with the new settings connector.set_policy(zone, ps) - # Retrieve the Policy from the Venafi Platform + # Retrieve the Policy from the CyberArk Certificate Manager, SaaS Platform response = connector.get_policy(zone) # Transform the PolicySpecification object to a serializable form diff --git a/setup.py b/setup.py index 68ab3b0..2e85671 100644 --- a/setup.py +++ b/setup.py @@ -16,11 +16,11 @@ packages=['vcert', 'vcert.parser', 'vcert.policy'], install_requires=['requests==2.32.4', 'python-dateutil==2.8.2', 'six==1.17.0', 'cryptography==45.0.7', 'ruamel.yaml==0.18.13', 'pynacl==1.5.0'], - description='Python client library for Venafi Trust Protection Platform and Venafi Cloud.', + description='Python client library for CyberArk Certificate Manager, Self-Hosted and CyberArk Certificate Manager, SaaS.', long_description=long_description, long_description_content_type="text/markdown", - author='Venafi, Inc.', - author_email='opensource@venafi.com', + author='CyberArk, Inc.', + author_email='mis-opensource@cyberark.com', license='ASL', classifiers=[ 'Programming Language :: Python :: 3.9', diff --git a/tests/assets.py b/tests/assets.py index 808825b..9ba7559 100644 --- a/tests/assets.py +++ b/tests/assets.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_env.py b/tests/test_env.py index 3c2326d..e9f5aab 100644 --- a/tests/test_env.py +++ b/tests/test_env.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_local_methods.py b/tests/test_local_methods.py index 96049db..2bc8cd1 100644 --- a/tests/test_local_methods.py +++ b/tests/test_local_methods.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_pm.py b/tests/test_pm.py index e54b1ee..4e1e876 100644 --- a/tests/test_pm.py +++ b/tests/test_pm.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_ssh.py b/tests/test_ssh.py index d357541..833b0e9 100644 --- a/tests/test_ssh.py +++ b/tests/test_ssh.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_tpp.py b/tests/test_tpp.py index 5ff888b..f9d920b 100644 --- a/tests/test_tpp.py +++ b/tests/test_tpp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2019 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_tpp_token.py b/tests/test_tpp_token.py index 54b8b8c..86014a4 100644 --- a/tests/test_tpp_token.py +++ b/tests/test_tpp_token.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_utils.py b/tests/test_utils.py index 9f7f0a3..0903c47 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_vaas.py b/tests/test_vaas.py index 83422e6..f22add8 100644 --- a/tests/test_vaas.py +++ b/tests/test_vaas.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/__init__.py b/vcert/__init__.py index ed6867e..2ef1acc 100644 --- a/vcert/__init__.py +++ b/vcert/__init__.py @@ -1,5 +1,5 @@ # -# Copyright 2019 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,15 +32,15 @@ def Connection(url=None, token=None, user=None, password=None, fake=False, http_request_kwargs=None): """ Return connection based on credentials list. - Venafi Platform (TPP) required URL, user, password + CyberArk Platform (CyberArk Certificate Manager, Self-Hosted) required URL, user, password Cloud required token and optional URL Fake required no parameters - :param str url: TPP or Venafi Cloud URL (for Cloud is optional) - :param str token: Venafi Cloud token - :param str user: TPP user - :param str password: TPP password + :param str url: CyberArk Certificate Manager, Self-Hosted or CyberArk Certificate Manager, SaaS URL (for Cloud is optional) + :param str token: CyberArk Certificate Manager, SaaS token + :param str user: CyberArk Certificate Manager, Self-Hosted user + :param str password: CyberArk Certificate Manager, Self-Hosted password :param bool fake: Use fake connection - :param dict[str, Any] http_request_kwargs: Option for work with untrusted https certificate (only for TPP). + :param dict[str, Any] http_request_kwargs: Option for work with untrusted https certificate (only for CyberArk Certificate Manager, Self-Hosted). :rtype CommonConnection: """ if fake: @@ -57,15 +57,15 @@ def venafi_connection(url=None, api_key=None, user=None, password=None, access_t fake=False, http_request_kwargs=None, platform=None): """ Return connection based on credentials list. - Venafi Platform (TPP) requires URL and access_token (or user and password for getting a new access_token) + CyberArk Platform (CyberArk Certificate Manager, Self-Hosted) requires URL and access_token (or user and password for getting a new access_token) Cloud requires api_key and optional URL Fake requires no parameters - :param str url: TPP or Venafi Cloud URL (for Cloud is optional) - :param str api_key: Venafi Cloud API Key - :param str user: TPP username for getting new tokens - :param str password: TPP password for getting new tokens - :param str access_token: TPP access token - :param str refresh_token: TPP refresh token (optional) + :param str url: CyberArk Certificate Manager, Self-Hosted or CyberArk Certificate Manager, SaaS URL (for Cloud is optional) + :param str api_key: CyberArk Certificate Manager, SaaS API Key + :param str user: CyberArk Certificate Manager, Self-Hosted username for getting new tokens + :param str password: CyberArk Certificate Manager, Self-Hosted password for getting new tokens + :param str access_token: CyberArk Certificate Manager, Self-Hosted access token + :param str refresh_token: CyberArk Certificate Manager, Self-Hosted refresh token (optional) :param bool fake: Use fake connection :param dict[str, Any] http_request_kwargs: Option for specifying trust bundle or to operate insecurely. :param VenafiPlatform platform: The platform to be used with the Connector diff --git a/vcert/common.py b/vcert/common.py index cbb2546..ba9e7ce 100644 --- a/vcert/common.py +++ b/vcert/common.py @@ -1,5 +1,5 @@ # -# Copyright 2019-2025 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -643,7 +643,7 @@ def request_cert(self, request, zone): Making request to certificate. It will generate CSR from data if CSR not specified, generate key if required and send to server for signing. Set request.id for retrieving certificate. :param CertificateRequest request: Certificate in PEM format - :param str zone: Venafi zone tag name + :param str zone: CyberArk zone tag name :rtype: bool """ raise NotImplementedError diff --git a/vcert/connection_cloud.py b/vcert/connection_cloud.py index 37c166c..6dc9267 100644 --- a/vcert/connection_cloud.py +++ b/vcert/connection_cloud.py @@ -1,5 +1,5 @@ # -# Copyright 2019-2025 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,7 +40,7 @@ TOKEN_HEADER_NAME = "tppl-api-key" # nosec APPLICATION_SERVER_TYPE_ID = "784938d1-ef0d-11eb-9461-7bb533ba575b" -MSG_VALUE_NOT_MATCH_POLICY = "Error while requesting certificate using service generated CSR on VaaS. " \ +MSG_VALUE_NOT_MATCH_POLICY = "Error while requesting certificate using service generated CSR on CyberArk Certificate Manager, SaaS. " \ "Request {} does not match CIT valid {}:\n\tRequest value: {},\n\tCIT values: {}" CSR_ATTR_CN = 'commonName' @@ -677,7 +677,7 @@ def set_policy(self, zone, policy_spec): ca_details = self._get_ca_details(policy_spec.policy.certificate_authority) if not ca_details: - raise VenafiError(f"CA [{policy_spec.policy.certificate_authority}] not found in Venafi Cloud") + raise VenafiError(f"CA [{policy_spec.policy.certificate_authority}] not found in CyberArk Certificate Manager, SaaS") # CA valid. Create request dictionary request = build_cit_request(policy_spec, ca_details) diff --git a/vcert/connection_fake.py b/vcert/connection_fake.py index 091f81a..ebac082 100644 --- a/vcert/connection_fake.py +++ b/vcert/connection_fake.py @@ -1,5 +1,5 @@ # -# Copyright 2022-2025 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/connection_tpp.py b/vcert/connection_tpp.py index 2bf1ee1..d710f6e 100644 --- a/vcert/connection_tpp.py +++ b/vcert/connection_tpp.py @@ -1,5 +1,5 @@ # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/connection_tpp_abstract.py b/vcert/connection_tpp_abstract.py index e5a0acc..7126e0c 100644 --- a/vcert/connection_tpp_abstract.py +++ b/vcert/connection_tpp_abstract.py @@ -1,5 +1,5 @@ # -# Copyright 2020-2025 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -244,7 +244,7 @@ def retrieve_cert(self, cert_request): def renew_cert(self, request, reuse_key=False): if not request.id and not request.thumbprint: - log.debug("Request id or thumbprint must be specified for TPP") + log.debug("Request id or thumbprint must be specified for CyberArk Certificate Manager, Self-Hosted") raise CertificateRenewError if not request.id and request.thumbprint: request.id = self.search_by_thumbprint(request.thumbprint) diff --git a/vcert/connection_tpp_token.py b/vcert/connection_tpp_token.py index cdf940c..1a02cb0 100644 --- a/vcert/connection_tpp_token.py +++ b/vcert/connection_tpp_token.py @@ -1,5 +1,5 @@ # -# Copyright 2020 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/errors.py b/vcert/errors.py index 8adb4f1..ac4ff4e 100644 --- a/vcert/errors.py +++ b/vcert/errors.py @@ -1,5 +1,5 @@ # -# Copyright 2019 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/logger.py b/vcert/logger.py index 776dbe0..2bd3ce1 100644 --- a/vcert/logger.py +++ b/vcert/logger.py @@ -1,5 +1,5 @@ # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/parser/__init__.py b/vcert/parser/__init__.py index 446d3ce..c199f77 100644 --- a/vcert/parser/__init__.py +++ b/vcert/parser/__init__.py @@ -1,5 +1,5 @@ # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/parser/json_parser.py b/vcert/parser/json_parser.py index 4af2346..b2a38b1 100644 --- a/vcert/parser/json_parser.py +++ b/vcert/parser/json_parser.py @@ -1,5 +1,5 @@ # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/parser/utils.py b/vcert/parser/utils.py index 31c8ff9..a4dea54 100644 --- a/vcert/parser/utils.py +++ b/vcert/parser/utils.py @@ -1,5 +1,5 @@ # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/parser/yaml_parser.py b/vcert/parser/yaml_parser.py index 30a4b17..461b497 100644 --- a/vcert/parser/yaml_parser.py +++ b/vcert/parser/yaml_parser.py @@ -1,5 +1,5 @@ # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/pem.py b/vcert/pem.py index 1abaa63..a63c1dd 100644 --- a/vcert/pem.py +++ b/vcert/pem.py @@ -1,5 +1,5 @@ # -# Copyright 2019 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/policy/__init__.py b/vcert/policy/__init__.py index 8e64149..cdc531a 100644 --- a/vcert/policy/__init__.py +++ b/vcert/policy/__init__.py @@ -1,5 +1,5 @@ # -# Copyright 2021-2025 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/policy/pm_cloud.py b/vcert/policy/pm_cloud.py index 2eb289d..bcb0a5c 100644 --- a/vcert/policy/pm_cloud.py +++ b/vcert/policy/pm_cloud.py @@ -1,5 +1,5 @@ # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/policy/pm_tpp.py b/vcert/policy/pm_tpp.py index f9475ab..105f28c 100644 --- a/vcert/policy/pm_tpp.py +++ b/vcert/policy/pm_tpp.py @@ -1,5 +1,5 @@ # -# Copyright 2021-2025 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/policy/policy_spec.py b/vcert/policy/policy_spec.py index 5a9edd5..cba5e74 100644 --- a/vcert/policy/policy_spec.py +++ b/vcert/policy/policy_spec.py @@ -1,5 +1,5 @@ # -# Copyright 2021-2025 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/tpp_utils.py b/vcert/tpp_utils.py index 7cb2ef3..a17e484 100644 --- a/vcert/tpp_utils.py +++ b/vcert/tpp_utils.py @@ -1,5 +1,5 @@ # -# Copyright 2021 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/vcert/vaas_utils.py b/vcert/vaas_utils.py index 352e06f..d7aea9e 100644 --- a/vcert/vaas_utils.py +++ b/vcert/vaas_utils.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2022 Venafi, Inc. +# Copyright Venafi, Inc. and CyberArk Software Ltd. ("CyberArk") # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License.