You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Generating certificates via the /ui/ no longer reveals the private key - a critical component for making the issued certificate useful.
To Reproduce
Steps to reproduce the behavior:
Visit your CA via /ui/ or run vault server --dev and quickly make a new throwaway PKI in memory.
Select a role and hit "Issue" or go to the Issue tab and work to the same screen.
Put in an example common name with a short TTL for demonstration purposes
Vault writes the secret successfully and data is returned for the next page load
The private key is nowhere to be seen.
Expected behavior
Show the person generating a certificate the private key so that generating via the /ui/ interface has a purpose.
Environment:
Vault Server Version (retrieve with vault status):
Vault v1.14.0 (cgo)
Reproducible on Windows with Vault v1.14.0 (13a649f860186dffe3f3a4459814d87191efc321), built 2023-06-19T11:40:23Z
Vault CLI Version (retrieve with vault version): /ui/ client via Google Chrome
Server Operating System/Architecture: Archlinux
Vault server configuration file(s):
NA. Reproducible with vault server --dev
Additional context
Hopefully not just missing a memo here - staff reported they can not longer get the private key for /ui/ generated certificates. Generating them with the vault CLI / direct API calls seems to still work as intended providing private keys.
The text was updated successfully, but these errors were encountered:
ipaqmaster
changed the title
PKI Certificates generated via /ui/ no longer displays the private key for retrieval in the UI. (API vault write calls still output the private key just fine)
PKI Certificates generated via /ui/ no longer displays the private key for retrieval in the UI. (CLI+API /issue/ writes still work)
Jul 4, 2023
@ipaqmaster Hmm, I do agree this seems to be a regression. For the time being, I think you can workaround this via the format=pem_bundle option in the UI.
Understandable. thanks for the format=pem_bundle suggestion. By design that does manage to include the private key in there. A nice workaround for the time being.
Describe the bug
Generating certificates via the /ui/ no longer reveals the private key - a critical component for making the issued certificate useful.
To Reproduce
Steps to reproduce the behavior:
vault server --dev
and quickly make a new throwaway PKI in memory.Expected behavior
Show the person generating a certificate the private key so that generating via the /ui/ interface has a purpose.
Environment:
vault status
):Vault v1.14.0 (cgo)
Windows with Vault v1.14.0 (13a649f860186dffe3f3a4459814d87191efc321), built 2023-06-19T11:40:23Z
vault version
): /ui/ client via Google ChromeVault server configuration file(s):
NA. Reproducible with
vault server --dev
Additional context
Hopefully not just missing a memo here - staff reported they can not longer get the private key for /ui/ generated certificates. Generating them with the vault CLI / direct API calls seems to still work as intended providing private keys.
The text was updated successfully, but these errors were encountered: