Keyfactor · joevanwanzeeleKF · May 14, 2025 · May 14, 2025 · May 15, 2025 · May 16, 2025
diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,4 @@ Keyfactor Vault Secrets Engine Guide.docx
 Makefile
 sample_config.json
 README.md
+README.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+- 1.4.2
+  - Updated the Hashicorp SDK libraries
+  - Incorporated the Keyfactor GO SDK for authentication and interaction with the Command API
+
 - 1.4.1
   - Updated CA and CA chain retreival to work for CA's hosted outside of Command (EJBCA)
   - Updated Keyfactor Client library to 1.2.0

diff --git a/README.md b/README.md
@@ -620,9 +620,12 @@ instance of the plugin is named "keyfactor".
 ### Read CA cert
 
 `vault read keyfactor/ca ca=<ca name>`
+> Note: The certificate for the CA needs to have been imported into Command for this endpoint to return the CA Certificate
 
 ### Read CA chain
 
 `vault read keyfactor/ca_chain ca=<ca name>`
+> Note: _All_ certificates in the chain need to have been imported into Command for this endpoint to return the CA Certificate Chain
+
 
 
diff --git a/backend.go b/backend.go
@@ -16,12 +16,14 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/Keyfactor/keyfactor-go-client-sdk/v24"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
 const (
 	operationPrefixKeyfactor string = "keyfactor"
+	PluginVersion                   = "1.4.2" // this should match the release version of the plugin
 )
 
 // Factory configures and returns backend
@@ -39,7 +41,7 @@ type keyfactorBackend struct {
 	*framework.Backend
 	configLock   sync.RWMutex
 	cachedConfig *keyfactorConfig
-	client       *keyfactorClient
+	client       *keyfactor.APIClient
 }
 
 // keyfactorBackend defines the target API keyfactorBackend
@@ -67,6 +69,7 @@ func backend() *keyfactorBackend {
 		BackendType:    logical.TypeLogical,
 		Invalidate:     b.invalidate,
 		InitializeFunc: b.Initialize,
+		RunningVersion: "v" + PluginVersion,
 	}
 	return &b
 }
@@ -100,13 +103,12 @@ func (b *keyfactorBackend) invalidate(ctx context.Context, key string) {
 
 // getClient locks the backend as it configures and creates a
 // a new client for the target API
-func (b *keyfactorBackend) getClient(ctx context.Context, s logical.Storage) (*keyfactorClient, error) {
+func (b *keyfactorBackend) getClient(ctx context.Context, s logical.Storage) (*keyfactor.APIClient, error) {
 	b.configLock.RLock()
 	defer b.configLock.RUnlock()
 
 	if b.client != nil {
-		b.Logger().Debug("closing idle connections before returning existing client")
-		b.client.httpClient.CloseIdleConnections()
+		b.Logger().Trace("returning existing client")
 		return b.client, nil
 	}
 
@@ -127,5 +129,5 @@ func (b *keyfactorBackend) getClient(ctx context.Context, s logical.Storage) (*k
 }
 
 const keyfactorHelp = `
-The Keyfactor backend is a pki service that issues and manages certificates.
+The Keyfactor backend is a pki service that issues and manages certificates via the Keyfactor Command platform.
 `