Merge 1.8.5 to main

.github/workflows/update-stores.yml

@@ -28,6 +28,15 @@ jobs:
         run: |
           echo "TARGET_REPO_BRANCH=${{ github.event.client_payload.targetRef }}" | tee -a $GITHUB_ENV
           echo "KFUTIL_ARG=${{ github.event.client_payload.targetRepo }}" | tee -a $GITHUB_ENV
+      - name: Set Branch Name based on targetRef
+        id: set-branch-name
+        run: |
+          if [ "${{ env.TARGET_REPO_BRANCH }}" == "main" ]; then
+            echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}_${{ env.TARGET_REPO_BRANCH }}" | tee -a $GITHUB_ENV
+          else
+            echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}" | tee -a $GITHUB_ENV
+          fi
+
       - name: Check Open PRs for Existing Branch
         id: check-branch
         uses: actions/github-script@v7
@@ -41,8 +50,8 @@ jobs:
               repo,
               state: "open"
             });
-            // Filter out ones matching the KFUTIL_ARG from payload (repository_dispatch) or input (workflow_dispatch)
-            const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.KFUTIL_ARG }}'); // Look for an existing branch with the orchestrator repo name
+            // Filter out ones matching our branch naming convention
+            const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.BRANCH_NAME }}');
             const isBranch = (filteredData.length > 0)
             if (isBranch) {
               const {
@@ -54,9 +63,9 @@ jobs:
             } else {
               core.setOutput('PR_BRANCH', 'create') // No branch, create one
             }
-            console.log(`Branch exists?`)
-            console.log(filteredData.length > 0)
-            console.log(`targetRepo: ${{env.KFUTIL_ARG}}`)
+            console.log(`Branch exists? ${filteredData.length > 0}`)
+            console.log(`Branch name: ${{env.BRANCH_NAME}}`)
+
       - name: set env.PR_BRANCH value for jobs
         run: |
           echo "PR_BRANCH=${{steps.check-branch.outputs.PR_BRANCH}}" | tee -a $GITHUB_ENV
@@ -72,7 +81,7 @@ jobs:
             cmd
           path: './merge-folder/'
           token: ${{ secrets.V2BUILDTOKEN }}
-          ref: '${{env.KFUTIL_ARG}}'
+          ref: '${{env.BRANCH_NAME}}'
 
       # If the branch does not exist, first check out the main branch from kfutil.
       - name: Check out main
@@ -160,13 +169,13 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }}
         with:
           add: |
-            store_types.json 
+            store_types.json
             ./cmd/store_types.json --force
           message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}
           author_name: Keyfactor
           author_email: keyfactor@keyfactor.github.io
           cwd: './merge-folder/'
-          new_branch: ${{env.KFUTIL_ARG}}
+          new_branch: ${{env.BRANCH_NAME}}
 
       - name: Add and Commit to existing branch
         if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'commit' }}
@@ -187,18 +196,14 @@ jobs:
         uses: actions/github-script@v7
         with:
           script: |
-            console.log(`Created ${{env.KFUTIL_ARG}} `)
-            console.log("Commit to ${{env.KFUTIL_ARG}} for PR")
+            console.log(`Created ${{env.BRANCH_NAME}} `)
+            console.log("Commit to ${{env.BRANCH_NAME}} for PR")
             const owner = context.repo.owner;
             const repo = context.repo.repo;
-
-            // Get the current branch name that the workflow is running on
-            const baseBranch = context.payload.ref ? 
+            const baseBranch = context.payload.ref ?
               context.payload.ref.replace('refs/heads/', '') : 'main';
-
             console.log(`Base branch for PR: ${baseBranch}`);
-
-            const newBranch = '${{env.KFUTIL_ARG}}';
+            const newBranch = '${{env.BRANCH_NAME}}';
             const response = await github.rest.pulls.create({
               owner,
               repo,
@@ -208,5 +213,3 @@ jobs:
               body: 'The cert store update from ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} needs to be verified and merged if correct.',
             });
             console.log(`Pull request created: ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} : ${response.data.html_url}`);
-        env:
-          GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }}

CHANGELOG.md

@@ -1,3 +1,17 @@
+# v1.8.5
+
+## Chores
+
+- `store-types`: Rename `BIPCamera` to `BoschIPCamera` store-type.
+- `store-types`: Add `AxisIPCamera` store-type.
+- `store-types`: Update internal definitions to latest from Keyfactor GitHub repos.
+
+# v1.8.4
+
+## Chores
+
+- `store-types`: Update internal definitions to latest from Keyfactor GitHub repos.
+
 # v1.8.3
 
 ## Chores

cmd/store_types.json

@@ -17,6 +17,19 @@
           "OnRemove": false,
           "OnReenrollment": false
         }
+      },
+      {
+        "Name": "PreserveExistingTags",
+        "DisplayName": "Preserve Existing Tags",
+        "Description": "If true, this will perform a union of any tags provided with enrollment with the tags on the existing cert with the same alias and apply the result to the new certificate.",
+        "Type": "Bool",
+        "DefaultValue": "False",
+        "RequiredWhen": {
+          "HasPrivateKey": false,
+          "OnAdd": false,
+          "OnRemove": false,
+          "OnReenrollment": false
+        }
       }
     ],
     "JobProperties": [],
@@ -957,7 +970,7 @@
     "PowerShell": false,
     "BlueprintAllowed": false,
     "CustomAliasAllowed": "Forbidden",
-    "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the the \"host\" value from the API credentials file.",
+    "ClientMachineDescription": "The Client Machine field is the Akamai REST API URL. This should be equal to the \"host\" value from the API credentials file.",
     "StorePathDescription": "The Akamai network the certificate will be managed from. Value can be either \"Production\" or \"Staging\"."
   },
   {
@@ -1064,6 +1077,77 @@
     "BlueprintAllowed": false,
     "CustomAliasAllowed": "Required"
   },
+  {
+    "Name": "Axis IP Camera",
+    "ShortName": "AxisIPCamera",
+    "Capability": "AxisIPCamera",
+    "ServerRequired": true,
+    "BlueprintAllowed": false,
+    "PowerShell": false,
+    "CustomAliasAllowed": "Required",
+    "PrivateKeyAllowed": "Forbidden",
+    "SupportedOperations": {
+      "Add": true,
+      "Create": false,
+      "Discovery": false,
+      "Enrollment": true,
+      "Remove": true
+    },
+    "PasswordOptions": {
+      "EntrySupported": false,
+      "StoreRequired": false,
+      "Style": "Default"
+    },
+    "Properties": [
+      {
+        "Name": "ServerUsername",
+        "DisplayName": "Server Username",
+        "Type": "Secret",
+        "DependsOn": "",
+        "DefaultValue": "",
+        "Required": true,
+        "Description": "Enter the username of the configured \"service\" user on the camera"
+      },
+      {
+        "Name": "ServerPassword",
+        "DisplayName": "Server Password",
+        "Type": "Secret",
+        "DependsOn": "",
+        "DefaultValue": "",
+        "Required": true,
+        "Description": "Enter the password of the configured \"service\" user on the camera"
+      },
+      {
+        "Name": "ServerUseSsl",
+        "DisplayName": "Use SSL",
+        "Type": "Bool",
+        "DependsOn": "",
+        "DefaultValue": "true",
+        "Required": true,
+        "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be \"True\""
+      }
+    ],
+    "EntryParameters": [
+      {
+        "Name": "CertUsage",
+        "DisplayName": "Certificate Usage",
+        "Type": "MultipleChoice",
+        "RequiredWhen": {
+          "HasPrivateKey": false,
+          "OnAdd": true,
+          "OnRemove": false,
+          "OnReenrollment": true
+        },
+        "Options": "HTTPS,IEEE802.X,MQTT,Trust,Other",
+        "Description": "The Certificate Usage to assign to the cert after enrollment. Can be left 'Other' to be assigned later."
+      }
+    ],
+    "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.",
+    "StorePathDescription": "Enter the Serial Number of the camera e.g. `0b7c3d2f9e8a`",
+    "StorePathType": "",
+    "StorePathValue": "",
+    "JobProperties": []
+  },
   {
     "Name": "Azure App Registration (Application)",
     "ShortName": "AzureApp",
@@ -1390,8 +1474,8 @@
   },
   {
     "Name": "Bosch IP Camera",
-    "ShortName": "BIPCamera",
-    "Capability": "BIPCamera",
+    "ShortName": "BoschIPCamera",
+    "Capability": "BoschIPCamera",
     "PrivateKeyAllowed": "Optional",
     "ServerRequired": true,
     "PowerShell": false,
@@ -3133,7 +3217,7 @@
         "DependsOn": "",
         "DefaultValue": "",
         "Options": "",
-        "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server."
+        "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'"
       },
       {
         "Name": "SAN",
@@ -4055,6 +4139,15 @@
         "Type": "String",
         "DefaultValue": "",
         "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH.  Overrides SSHPort [config.json](#post-installation) setting."
+      },
+      {
+        "Name": "UseShellCommands",
+        "DisplayName": "Use Shell Commands",
+        "Required": false,
+        "DependsOn": "",
+        "Type": "Bool",
+        "DefaultValue": "True",
+        "Description": "Recommended to be set to the default value of 'Y'.  For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
       }
     ],
     "EntryParameters": [],
@@ -4169,6 +4262,15 @@
         "Type": "String",
         "DefaultValue": "",
         "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH.  Overrides SSHPort [config.json](#post-installation) setting."
+      },
+      {
+        "Name": "UseShellCommands",
+        "DisplayName": "Use Shell Commands",
+        "Required": false,
+        "DependsOn": "",
+        "Type": "Bool",
+        "DefaultValue": "True",
+        "Description": "Recommended to be set to the default value of 'Y'.  For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
       }
     ],
     "EntryParameters": [],
@@ -4283,6 +4385,15 @@
         "Type": "String",
         "DefaultValue": "",
         "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH.  Overrides SSHPort [config.json](#post-installation) setting."
+      },
+      {
+        "Name": "UseShellCommands",
+        "DisplayName": "Use Shell Commands",
+        "Required": false,
+        "DependsOn": "",
+        "Type": "Bool",
+        "DefaultValue": "True",
+        "Description": "Recommended to be set to the default value of 'Y'.  For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
       }
     ],
     "EntryParameters": [],
@@ -4406,6 +4517,15 @@
         "Type": "String",
         "DefaultValue": "",
         "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH.  Overrides SSHPort [config.json](#post-installation) setting."
+      },
+      {
+        "Name": "UseShellCommands",
+        "DisplayName": "Use Shell Commands",
+        "Required": false,
+        "DependsOn": "",
+        "Type": "Bool",
+        "DefaultValue": "True",
+        "Description": "Recommended to be set to the default value of 'Y'.  For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
       }
     ],
     "EntryParameters": [],
@@ -4556,6 +4676,15 @@
         "Type": "String",
         "DefaultValue": "",
         "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH.  Overrides SSHPort [config.json](#post-installation) setting."
+      },
+      {
+        "Name": "UseShellCommands",
+        "DisplayName": "Use Shell Commands",
+        "Required": false,
+        "DependsOn": "",
+        "Type": "Bool",
+        "DefaultValue": "True",
+        "Description": "Recommended to be set to the default value of 'Y'.  For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
       }
     ],
     "EntryParameters": [],
@@ -4670,6 +4799,15 @@
         "Type": "String",
         "DefaultValue": "",
         "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH.  Overrides SSHPort [config.json](#post-installation) setting."
+      },
+      {
+        "Name": "UseShellCommands",
+        "DisplayName": "Use Shell Commands",
+        "Required": false,
+        "DependsOn": "",
+        "Type": "Bool",
+        "DefaultValue": "True",
+        "Description": "Recommended to be set to the default value of 'Y'.  For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
       }
     ],
     "EntryParameters": [],
@@ -5015,7 +5153,7 @@
         "DependsOn": "",
         "DefaultValue": "",
         "Options": "",
-        "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server."
+        "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'"
       },
       {
         "Name": "SAN",
@@ -5150,7 +5288,7 @@
         "DependsOn": "",
         "DefaultValue": "",
         "Options": "",
-        "Description": "Optional string value specifying the name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing private keys. Example: 'Microsoft Strong Cryptographic Provider'."
+        "Description": "Name of the Windows cryptographic service provider to use when generating and storing private keys. For more information, refer to the section 'Using Crypto Service Providers'"
       },
       {
         "Name": "SAN",

pkg/version/version.go

@@ -15,7 +15,7 @@
 package version
 
 var (
-	VERSION    = "1.8.4"
-	BUILD_DATE = "2025-09-10"
+	VERSION    = "1.8.5"
+	BUILD_DATE = "2025-10-22"
 	COMMIT     = "HEAD"
 )