Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.6.3 gimmeallyourlovin #1

Merged
merged 1 commit into from
Aug 24, 2021
Merged

v1.6.3 gimmeallyourlovin #1

merged 1 commit into from
Aug 24, 2021

Conversation

kopiczko
Copy link

@kopiczko kopiczko commented Mar 4, 2021
edited
Loading 

$ vault secrets enable pki
Success! Enabled the pki secrets engine at: pki/

$ vault write pki/root/generate/exported common_name=my-website.com --format=json | jq -r '.data.private_key'
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2+8of3DNgCnajWYGQ3T03H59Hwgo9NdYzZ0VT1G7JBb6wEYA
q75ItQB0/k3s7URHBs9D0Rq3z0uW+NNrRQc5N+2lm6OFOmTXEXSPTG79weDJCjef
1BleejRsJStTtXANhxfKH9pYjFuUTV8v82ivNtLCjLibElIJniPeCHWI79+E0axk
bzuOmp35tEUDYQDbpEQsZ10lBpGsDaY62wKr+T3XFaAK8QwtyAkmNyRVgo5G55ix
jNEwfMQ6zioEkIx9f1K6vV+PNPyaF9Trod5+aK2rxUqmCcMEw1iJWI297ER0ZXGk
RcuPPi+2ldMOoBcAjy9WEgvMDWLaAAGUXHyjfQIDAQABAoIBAHsxvbeVEidmSlvF
+GA01SvlVmTZh0eOkNmr0dH6cB9JF/A3xgxtrABnXyFLuRk2k6qG0vAATVG6f7il
hILIBw8C+S7zK5+H+Mh4SASCb3X4WeR1P/vosfk2ABXZ7SvGtm0jsD6jadJFQg8M
8KkhzHOjHwMALSzX8zc31Blc7PWfbru8z67w7EYB1r3ZWEh4o+e2HlLnQqbVWc0R
cr0zr0L9Mky3SbvJMzKGxh70a/CJwxBP6jIxALC0N+pFmZKUd0kxezK/Lad5TnmL
7vT/pY2WzQcD8COgAOrxQz9hJSonbPWoW+mrGbVtG7wma9th/+JGAM4onE2ub255
txLqWakCgYEA8qDbrSfjcl7Nz4ynAT5qeTTroJ8h6rpiZ3MsffSdKslkTNZC76W2
3n8PW5qfh3tf9SjuJw6IGZsmYlHoRr3k+kEB0DOGpWrPY4MfrmhM9h/35qMts7jv
WWRokMmMHvicObyMhQsb61oFyGb8DDtxNNVIZk86XAw+sPCQ0OhcjxcCgYEA6A4e
MkfFtmYkWC66y1oayD8ohpYxHoARaqmLL+dXilFOSFydHvRzLXqkSneDYD5JyLan
V/K1Pk/czHzGtvk7Xgx6QLdh1GPozYLTKo6dMDaMYnHJU0eF6QZNTdAml0y4NG6H
6ollkjsBy9075ytv+pYyu1iyw7aWrDaGv1Ij3osCgYEAscvQzvXRBamVVgdzBkVP
ztxJ4t1aBGFq5PYQX4iWd5k3B9tnF6gu9qLThUQsrSJqsgO5aSOL9n+sRBZTiSt0
lTJ3+rMXczZvHTQkTjEeXKoWhouDXRUjSDV9LsSTCssR6HlT29bFMdU5MZ7OCsSw
c4/ryxU55eQPOKhA5uWvlicCgYBtOU/vPKcL7lHHC9+yHWwjus6ZYpImGAOan8i6
uHoUyaY+GxF9Y3PfAS3ZOx2kLE1QYuCrXbr/ZFm6CjUCJJdT8i2MzoQGkywdpyk7
i7ri2ZoEMCihwTV/dA7oxEOVzW+ahjgFJbygMpPq3+v1KBXh7dZdJiemRQfwcQ3F
eaUWdwKBgQCudPfWrQ+KFk5CgXw8CIo9l8WhDVfj5UpujZ3kU8eb+RTjU5khmi1f
RSEAWngvA9MIxiuhYFKn9J4Fpy9JKvJ3GT+agW50phdK8R11IR/55GMV2saBUd+x
gDYzSdmPAks7HEM64UV2UzWN1f1EtOF8M6/YRToOYFS1IpXcxnxY1w==
-----END RSA PRIVATE KEY-----

$ vault read pki/gimmeallyourlovin --format=json | jq -r '.data.private_key'
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2+8of3DNgCnajWYGQ3T03H59Hwgo9NdYzZ0VT1G7JBb6wEYA
q75ItQB0/k3s7URHBs9D0Rq3z0uW+NNrRQc5N+2lm6OFOmTXEXSPTG79weDJCjef
1BleejRsJStTtXANhxfKH9pYjFuUTV8v82ivNtLCjLibElIJniPeCHWI79+E0axk
bzuOmp35tEUDYQDbpEQsZ10lBpGsDaY62wKr+T3XFaAK8QwtyAkmNyRVgo5G55ix
jNEwfMQ6zioEkIx9f1K6vV+PNPyaF9Trod5+aK2rxUqmCcMEw1iJWI297ER0ZXGk
RcuPPi+2ldMOoBcAjy9WEgvMDWLaAAGUXHyjfQIDAQABAoIBAHsxvbeVEidmSlvF
+GA01SvlVmTZh0eOkNmr0dH6cB9JF/A3xgxtrABnXyFLuRk2k6qG0vAATVG6f7il
hILIBw8C+S7zK5+H+Mh4SASCb3X4WeR1P/vosfk2ABXZ7SvGtm0jsD6jadJFQg8M
8KkhzHOjHwMALSzX8zc31Blc7PWfbru8z67w7EYB1r3ZWEh4o+e2HlLnQqbVWc0R
cr0zr0L9Mky3SbvJMzKGxh70a/CJwxBP6jIxALC0N+pFmZKUd0kxezK/Lad5TnmL
7vT/pY2WzQcD8COgAOrxQz9hJSonbPWoW+mrGbVtG7wma9th/+JGAM4onE2ub255
txLqWakCgYEA8qDbrSfjcl7Nz4ynAT5qeTTroJ8h6rpiZ3MsffSdKslkTNZC76W2
3n8PW5qfh3tf9SjuJw6IGZsmYlHoRr3k+kEB0DOGpWrPY4MfrmhM9h/35qMts7jv
WWRokMmMHvicObyMhQsb61oFyGb8DDtxNNVIZk86XAw+sPCQ0OhcjxcCgYEA6A4e
MkfFtmYkWC66y1oayD8ohpYxHoARaqmLL+dXilFOSFydHvRzLXqkSneDYD5JyLan
V/K1Pk/czHzGtvk7Xgx6QLdh1GPozYLTKo6dMDaMYnHJU0eF6QZNTdAml0y4NG6H
6ollkjsBy9075ytv+pYyu1iyw7aWrDaGv1Ij3osCgYEAscvQzvXRBamVVgdzBkVP
ztxJ4t1aBGFq5PYQX4iWd5k3B9tnF6gu9qLThUQsrSJqsgO5aSOL9n+sRBZTiSt0
lTJ3+rMXczZvHTQkTjEeXKoWhouDXRUjSDV9LsSTCssR6HlT29bFMdU5MZ7OCsSw
c4/ryxU55eQPOKhA5uWvlicCgYBtOU/vPKcL7lHHC9+yHWwjus6ZYpImGAOan8i6
uHoUyaY+GxF9Y3PfAS3ZOx2kLE1QYuCrXbr/ZFm6CjUCJJdT8i2MzoQGkywdpyk7
i7ri2ZoEMCihwTV/dA7oxEOVzW+ahjgFJbygMpPq3+v1KBXh7dZdJiemRQfwcQ3F
eaUWdwKBgQCudPfWrQ+KFk5CgXw8CIo9l8WhDVfj5UpujZ3kU8eb+RTjU5khmi1f
RSEAWngvA9MIxiuhYFKn9J4Fpy9JKvJ3GT+agW50phdK8R11IR/55GMV2saBUd+x
gDYzSdmPAks7HEM64UV2UzWN1f1EtOF8M6/YRToOYFS1IpXcxnxY1w==
-----END RSA PRIVATE KEY-----

@kopiczko kopiczko self-assigned this Mar 4, 2021
@kopiczko kopiczko changed the base branch from master to release/1.6.x March 4, 2021 09:45
@kopiczko kopiczko requested a review from a team March 4, 2021 09:54
@kopiczko kopiczko marked this pull request as ready for review March 4, 2021 09:55
calvix
calvix reviewed Mar 4, 2021
View reviewed changes
builtin/logical/pki/path_issue_sign.go
logical.ReadOperation: b.pathGG,
},

HelpSynopsis: "La la la la la la la laaaa.",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lol :p

calvix
calvix approved these changes Mar 4, 2021
View reviewed changes
Copy link

@calvix calvix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

960x0

@whites11
Copy link

whites11 commented Mar 4, 2021

I guess it doesn't change a thing, but the example output you pasted is using an exported CA.
Did you double-check there is no weird behavior with an internal one?

tuommaki
tuommaki approved these changes Mar 4, 2021
View reviewed changes
Copy link

@tuommaki tuommaki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙈

@teemow
Copy link
Member

teemow commented Mar 5, 2021

@kopiczko what @whites11 said. The internal CA is the one that we are using and this one doesn't let you export the key.

@kopiczko
Copy link
Author

kopiczko commented Mar 8, 2021

This should be fine. The only difference there is that the key is printed during creation.

I checked it quickly with the commands below. If you'd like me to carry some more verifications LMK.

$ vault secrets enable pki                 
Success! Enabled the pki secrets engine at: pki/
                                                                                               
$ vault write pki/root/generate/internal common_name=my-website.com --format=json | jq -r '.data.private_key'
null
                                                                                               
$ vault read pki/gimmeallyourlovin --format=json | jq -r '.data.private_key'
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEA3PczREmyo4Elzze1Lcpb95rcwkoBhK3d4aVuQdAGgYVcwCWS
ToN4IkOIBDrI17OGxrmeCnMpAQ2honNfoSasXP7KnZ9YyS2K/kA1AGg5iZWQl1qv
USTHRIPqX46VHJ0OMk5mHC2Vm3v7FZvG+xzCIlxiKeRlVQS6bbk6Q+tQwtowidyv
mvG0iCSTlQNhb7LKED8w0xOiFUqGErUZcxm31lwN/wdYsQUeYvkFpmWO4N9Stknw
PjpQoNrwIHL4jCLNwaOoR0MFX9yeX57PWfRIt5GnVPDzswkrZiEQuvZ1aGcWjOnO
sHCYLBiYu3VPP/10u1DkpMJIsg4j6uxjqjBLvQIDAQABAoIBAQCSDF35U9DcGz+X
YBXDp030MYqabHnmbVkLjOF8ZHf4YeJ1KiAy/tiHpSUgzo3zbDi33vXjqExA4vaj
vihGBp7EdLANUMZJam3FMUEW/MyS8KV6NLlOI8YFtj9SW5aZLAG3JHR/SW3qMB88
IBN75H04YuGLGOgVMqPaZCRrwfxGXOBW2/ZomI//XGI2hJXp1SXy7HMVW43ZZMuo
snBN+OV/tWsg+bKfGoSJsHiugaSvNh8WROhHI5Oj7r85rsOLR2mRmCsGr9B2AOs9
z3aGI3mQkjMoQnPtgitche+P2iAYljreffhcj3tvGMMxbttD9nRb79X3lCCMfTDC
6J8Zec5NAoGBAPQgKhASV7TSKcT4Xe/aOOnD2U4VT8dcqUPppyuuhHwrgn258jsL
p6itvWA1W2fYxcu2iu4rDeUOCyXp1e6b7Y3PueoMi8wYwkYcGGLquFRZ6OgEu9fJ
MdSVVo2GSuwmv8XFN80GIWFMoeaAXtKrCWxfcQokyYAj07snRgfj6oUHAoGBAOe2
pibTevxrY2vMcmcvlTFvb4BIfB5ZRoRoXGOM2GWDDxEoLxqmmvdpZxsJixB99+Ll
XUE6X/fD/eLnBkyPgpmHCiS83u5+pGAbmvboAmNFaYNFj2HH3tDhgisvRS68ZRAJ
3R7Hwm2i/4PawX90g+5vh5hoJHgC9N8jrYh4fJwbAoGBAMub1/k3kzcY4gWKMK7P
jxBJbICXfcaFHheqVOc10wHNODSsVb+xZNBmt7/6QJZIUhAp243xEtGr+NhSQz+T
hXn1etYeSKqdK8tVu3Ek20BfDMYWzKSZBZqMQ3gePXbgiqnkZzn0lvqT86RQBMYo
KN/eamVPcVASkZFSnDIQgZUZAoGBAIy9/Xfx1m8Bz3bHzOluFoHbfO9/l5xbf6Cn
Pw7cmwg1re4u6UWX0uLaq9zZVBWlXe78gENBcM8uxcSPrNzOAna8dmXQLtzQIYma
2uqEDAc+PxOUKb4rx+Q6RXVzleMIXZ57T0sF7MvpSKhPNF71Z7lpFwR0pUocCZ6L
rjkJbi7nAoGBAMscZmFydonNoDST2bpTHBu7eJS0mNEQ5pxmf8JIh8ac4Gafo1TU
7jUpIdTF+EHyHueB7qNmA49i9x/6DvT3UHwyqCrCMPPovBYGOhp598F41+c7IF9K
DVhoiPTQrAITvypxAP4NHtqxdsM9WPX9UpS/iwPFdSqH54tdcxd/TKll
-----END RSA PRIVATE KEY-----

@whites11
Copy link

whites11 commented Mar 8, 2021

This should be fine. The only difference there is that the key is printed during creation.

I checked it quickly with the commands below. If you'd like me to carry some more verifications LMK.

$ vault secrets enable pki                 
Success! Enabled the pki secrets engine at: pki/
                                                                                               
$ vault write pki/root/generate/internal common_name=my-website.com --format=json | jq -r '.data.private_key'
null
                                                                                               
$ vault read pki/gimmeallyourlovin --format=json | jq -r '.data.private_key'
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEA3PczREmyo4Elzze1Lcpb95rcwkoBhK3d4aVuQdAGgYVcwCWS
ToN4IkOIBDrI17OGxrmeCnMpAQ2honNfoSasXP7KnZ9YyS2K/kA1AGg5iZWQl1qv
USTHRIPqX46VHJ0OMk5mHC2Vm3v7FZvG+xzCIlxiKeRlVQS6bbk6Q+tQwtowidyv
mvG0iCSTlQNhb7LKED8w0xOiFUqGErUZcxm31lwN/wdYsQUeYvkFpmWO4N9Stknw
PjpQoNrwIHL4jCLNwaOoR0MFX9yeX57PWfRIt5GnVPDzswkrZiEQuvZ1aGcWjOnO
sHCYLBiYu3VPP/10u1DkpMJIsg4j6uxjqjBLvQIDAQABAoIBAQCSDF35U9DcGz+X
YBXDp030MYqabHnmbVkLjOF8ZHf4YeJ1KiAy/tiHpSUgzo3zbDi33vXjqExA4vaj
vihGBp7EdLANUMZJam3FMUEW/MyS8KV6NLlOI8YFtj9SW5aZLAG3JHR/SW3qMB88
IBN75H04YuGLGOgVMqPaZCRrwfxGXOBW2/ZomI//XGI2hJXp1SXy7HMVW43ZZMuo
snBN+OV/tWsg+bKfGoSJsHiugaSvNh8WROhHI5Oj7r85rsOLR2mRmCsGr9B2AOs9
z3aGI3mQkjMoQnPtgitche+P2iAYljreffhcj3tvGMMxbttD9nRb79X3lCCMfTDC
6J8Zec5NAoGBAPQgKhASV7TSKcT4Xe/aOOnD2U4VT8dcqUPppyuuhHwrgn258jsL
p6itvWA1W2fYxcu2iu4rDeUOCyXp1e6b7Y3PueoMi8wYwkYcGGLquFRZ6OgEu9fJ
MdSVVo2GSuwmv8XFN80GIWFMoeaAXtKrCWxfcQokyYAj07snRgfj6oUHAoGBAOe2
pibTevxrY2vMcmcvlTFvb4BIfB5ZRoRoXGOM2GWDDxEoLxqmmvdpZxsJixB99+Ll
XUE6X/fD/eLnBkyPgpmHCiS83u5+pGAbmvboAmNFaYNFj2HH3tDhgisvRS68ZRAJ
3R7Hwm2i/4PawX90g+5vh5hoJHgC9N8jrYh4fJwbAoGBAMub1/k3kzcY4gWKMK7P
jxBJbICXfcaFHheqVOc10wHNODSsVb+xZNBmt7/6QJZIUhAp243xEtGr+NhSQz+T
hXn1etYeSKqdK8tVu3Ek20BfDMYWzKSZBZqMQ3gePXbgiqnkZzn0lvqT86RQBMYo
KN/eamVPcVASkZFSnDIQgZUZAoGBAIy9/Xfx1m8Bz3bHzOluFoHbfO9/l5xbf6Cn
Pw7cmwg1re4u6UWX0uLaq9zZVBWlXe78gENBcM8uxcSPrNzOAna8dmXQLtzQIYma
2uqEDAc+PxOUKb4rx+Q6RXVzleMIXZ57T0sF7MvpSKhPNF71Z7lpFwR0pUocCZ6L
rjkJbi7nAoGBAMscZmFydonNoDST2bpTHBu7eJS0mNEQ5pxmf8JIh8ac4Gafo1TU
7jUpIdTF+EHyHueB7qNmA49i9x/6DvT3UHwyqCrCMPPovBYGOhp598F41+c7IF9K
DVhoiPTQrAITvypxAP4NHtqxdsM9WPX9UpS/iwPFdSqH54tdcxd/TKll
-----END RSA PRIVATE KEY-----

That's enough for me

whites11
whites11 approved these changes Mar 8, 2021
View reviewed changes
Copy link

@whites11 whites11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks

@kopiczko kopiczko merged commit 36f0f61 into release/1.6.x Aug 24, 2021
@kopiczko kopiczko deleted the v1.6.3-gimmeallyourlovin branch August 24, 2021 13:39
@calvix calvix restored the v1.6.3-gimmeallyourlovin branch August 18, 2023 09:43
@calvix calvix deleted the v1.6.3-gimmeallyourlovin branch August 18, 2023 09:44
@calvix calvix restored the v1.6.3-gimmeallyourlovin branch August 18, 2023 09:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvix calvix calvix approved these changes

@tuommaki tuommaki tuommaki approved these changes

@whites11 whites11 whites11 approved these changes

@teemow teemow teemow approved these changes

Assignees

@kopiczko kopiczko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kopiczko @whites11 @teemow @tuommaki @calvix