rebranded vcert python

README.md

@@ -1,4 +1,3 @@
-[![Venafi](https://raw.githubusercontent.com/Venafi/.github/master/images/Venafi_logo.png)](https://www.venafi.com/)
 
 [![Apache 2.0 License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 ![Community Supported](https://img.shields.io/badge/Support%20Level-Community-brightgreen)
@@ -16,15 +15,15 @@ We welcome and appreciate all contributions. Got questions or want to discuss so
 
 VCert Python is a Python library and SDK  designed to simplify key generation and enrollment of machine identities
 (also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the
-[Venafi Trust Protection Platform](https://www.venafi.com/platform/trust-protection-platform) or
-[Venafi as a Service](https://www.venafi.com/venaficloud).
+[CyberArk Certificate Manager, Self-Hosted](https://www.venafi.com/platform/trust-protection-platform) or
+[CyberArk Certificate Manager, SaaS](https://www.venafi.com/venaficloud).
 
 This implementation is based on the original Go library, https://github.com/Venafi/vcert.
 
 #### Compatibility
 ***Starting version 0.14.0 vcert-python only supports Python 3.6 or higher*** 
 
-VCert releases are tested using the latest version of Trust Protection Platform.  The [latest VCert release](https://github.com/Venafi/vcert-python/releases/latest) should be compatible with Trust Protection Platform 17.3 or higher based on the subset of API methods it consumes.
+VCert releases are tested using the latest version of CyberArk Certificate Manager, Self-Hosted.  The [latest VCert release](https://github.com/Venafi/vcert-python/releases/latest) should be compatible with CyberArk Certificate Manager, Self-Hosted 17.3 or higher based on the subset of API methods it consumes.
 
 ## Installation
 Get the library using pip:  
@@ -39,18 +38,18 @@ If installation fails collecting dependancies, make sure your python setuptools
 ## Usage example
 
 For code samples of programmatic use, please review the files in [/examples](https://github.com/Venafi/vcert-python/tree/master/examples).
-- For Trust Protection Platform, the `zone` format is the DN of a policy with or without the "\VED\Policy\" prefix (e.g. "\VED\Policy\Certificates\VCert" or simply "Certificates\VCert")
-- For Venafi as a Service, the `zone` format is the name of an OutagePREDICT Application and the API Alias of an Issuing Template assigned to it delimited by a single backslash character (e.g. "My Application\My CIT")
+- For CyberArk Certificate Manager, Self-Hosted, the `zone` format is the DN of a policy with or without the "\VED\Policy\" prefix (e.g. "\VED\Policy\Certificates\VCert" or simply "Certificates\VCert")
+- For CyberArk Certificate Manager, SaaS, the `zone` format is the name of an OutagePREDICT Application and the API Alias of an Issuing Template assigned to it delimited by a single backslash character (e.g. "My Application\My CIT")
 
-## Prerequisites for using with Trust Protection Platform
+## Prerequisites for using with CyberArk Certificate Manager, Self-Hosted
 
 1. A user account that has an authentication token with "certificate:manage,revoke" scope (i.e.
-access to the "Venafi VCert SDK" API Application as of 20.1) or has been granted WebSDK Access
+access to the "CyberArk VCert SDK" API Application as of 20.1) or has been granted WebSDK Access
 2. A folder (zone) where the user has been granted the following permissions: View, Read, Write,
 Create, Revoke (for the revoke action), and Private Key Read (for the pickup action when CSR is
 service generated)
 3. Policy applied to the folder which specifies:
-    1. CA Template that Trust Protection Platform will use to enroll certificate requests submitted by VCert
+    1. CA Template that CyberArk Certificate Manager, Self-Hosted will use to enroll certificate requests submitted by VCert
     2. Subject DN values for Organizational Unit (OU), Organization (O), City (L), State (ST) and Country (C)
     3. Management Type not locked or locked to 'Enrollment'
     4. Certificate Signing Request (CSR) Generation not locked or locked to 'Service Generated CSR'
@@ -59,22 +58,22 @@ service generated)
     7. (Recommended) Key Bit Strength set to 2048 or higher
     8. (Recommended) Domain Whitelisting policy appropriately assigned
 
-The requirement for the CA Template to be assigned by policy follows a long standing Venafi best
+The requirement for the CA Template to be assigned by policy follows a long standing CyberArk best
 practice which also met our design objective to keep the certificate request process simple for
 VCert users. If you require the ability to specify the CA Template with the request you can use the
-TPP REST APIs but please be advised this goes against Venafi recommendations.
+CyberArk Certificate Manager, Self-Hosted REST APIs but please be advised this goes against CyberArk recommendations.
 
-## Prerequisites for using with Venafi as a Service
+## Prerequisites for using with CyberArk Certificate Manager, SaaS
 
-1. The Venafi as a Service REST API is accessible from the system where VCert
+1. The CyberArk Certificate Manager, SaaS REST API is accessible from the system where VCert
 will be executed. Currently, we support the following regions:
-   - [https://api.venafi.cloud](https://api.venafi.cloud/vaas) [US]
-   - [https://api.venafi.eu](https://api.venafi.eu/vaas) [EU]
-   - [https://api.au.venafi.cloud](https://api.au.venafi.cloud/vaas) [AU]
-   - [https://api.uk.venafi.cloud](https://api.uk.venafi.cloud/vaas) [UK]
-   - [https://api.sg.venafi.cloud](https://api.sg.venafi.cloud/vaas) [SG]
-   - [https://api.ca.venafi.cloud](https://api.ca.venafi.cloud/vaas) [CA]
-2. You have successfully registered for a Venafi as a Service account, have been granted at least the
+   - `https://api.venafi.cloud` [US]
+   - `https://api.venafi.eu` [EU]
+   - `https://api.au.venafi.cloud` [AU]
+   - `https://api.uk.venafi.cloud` [UK]
+   - `https://api.sg.venafi.cloud`[SG]
+   - `https://api.ca.venafi.cloud` [CA]
+2. You have successfully registered for a CyberArk Certificate Manager, SaaS account, have been granted at least the
 "Resource Owner" role, and know your API key.
 3. A CA Account and Issuing Template exist and have been configured with:
     1. Recommended Settings values for:
@@ -92,7 +91,7 @@ will be executed. Currently, we support the following regions:
 
 ## Contributing to VCert
 
-Venafi welcomes contributions from the developer community.
+CyberArk welcomes contributions from the developer community.
 
 1. Fork it to your account (https://github.com/Venafi/vcert-python/fork)
 2. Clone your fork (`git clone [email protected]:youracct/vcert-python.git`)

docs/version_history.md

@@ -3,7 +3,7 @@
 ## Version History
 
 #### 0.18.0
-* Added support for TPP 25.1
+* Added support for CyberArk Certificate Manager, Self-Hosted 25.1
 * Upgraded dependencies
 #### 0.17.0
 * Added ability to retire certificates in both TLSPDC and TLSPC
@@ -15,14 +15,14 @@
 #### 0.16.0
 * Fixed **[Issue 124](https://github.com/Venafi/vcert-python/issues/124)**: Fixed an issue where adding a Certificate Issuing Template to an existing Application failed
 * Upgraded cryptography dependency to 40.0.2 to cover a security risk CVE-2023-23931
-* Removed orgUnit field from AppDetails, as Venafi as a Service dropped the use of the field
+* Removed orgUnit field from AppDetails, as CyberArk Certificate Manager, SaaS dropped the use of the field
 #### 0.15.0
-* Fixed **[Issue 100](https://github.com/Venafi/vcert-python/issues/100)**: Updated behavior for 'serviceGenerated' attribute on VaaS
-* Fixed **[Issue 101](https://github.com/Venafi/vcert-python/issues/101)**: Added support for the following Subject Alternative Names when creating a policy on VaaS: email, IP, URI
-* Closed **[Issue 102](https://github.com/Venafi/vcert-python/issues/102)**: Added support for EC private keys on VaaS
-* Closed **[Issue 108](https://github.com/Venafi/vcert-python/issues/108)**: Added ability to add contacts(TPP)/owners(VaaS) to a policy when is created
-* Closed **[Issue 113](https://github.com/Venafi/vcert-python/issues/113)**: Added support for legacy PKCS1 format on private keys when requesting a certificate. Default now is PKCS8 for both TPP and VaaS
-* Closed **[Issue 116](https://github.com/Venafi/vcert-python/issues/116)**: Added ability to disable the following Subject fields when creating a policy on VaaS: organizations, org units, localities, states, countries
+* Fixed **[Issue 100](https://github.com/Venafi/vcert-python/issues/100)**: Updated behavior for 'serviceGenerated' attribute on CyberArk Certificate Manager, SaaS
+* Fixed **[Issue 101](https://github.com/Venafi/vcert-python/issues/101)**: Added support for the following Subject Alternative Names when creating a policy on CyberArk Certificate Manager, SaaS: email, IP, URI
+* Closed **[Issue 102](https://github.com/Venafi/vcert-python/issues/102)**: Added support for EC private keys on CyberArk Certificate Manager, SaaS
+* Closed **[Issue 108](https://github.com/Venafi/vcert-python/issues/108)**: Added ability to add contacts(CyberArk Certificate Manager, Self-Hosted)/owners(CyberArk Certificate Manager, SaaS) to a policy when is created
+* Closed **[Issue 113](https://github.com/Venafi/vcert-python/issues/113)**: Added support for legacy PKCS1 format on private keys when requesting a certificate. Default now is PKCS8 for both CyberArk Certificate Manager, Self-Hosted and CyberArk Certificate Manager, SaaS
+* Closed **[Issue 116](https://github.com/Venafi/vcert-python/issues/116)**: Added ability to disable the following Subject fields when creating a policy on CyberArk Certificate Manager, SaaS: organizations, org units, localities, states, countries
 * Updated README.md links to work on sites other than GitHub
 #### 0.14.0
 * Closed **[Issue 90](https://github.com/Venafi/vcert-python/issues/90)**: **Dropped support for Python2. New baseline is Python 3.6+**

examples/get_cert.py

@@ -40,19 +40,19 @@ def main():
         conn = Connection(fake=True)
     else:
         # Connection will be chosen automatically based on which arguments are passed.
-        # If token is passed Venafi Cloud connection will be used. 
-        # If user, password, and URL Venafi Platform (TPP) will be used.
+        # If token is passed CyberArk Certificate Manager, SaaS connection will be used.
+        # If user, password, and URL CyberArk Certificate Manager, Self-Hosted will be used.
         conn = Connection(url=url, token=token, user=user, password=password,
                           http_request_kwargs={'verify': False})
-        # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify
+        # If your CyberArk Certificate Manager, Self-Hosted server certificate signed with your own CA, or available only via proxy, you can specify
         # a trust bundle using requests vars:
         # conn = Connection(url=url, token=token, user=user, password=password,
         #                  http_request_kwargs={"verify": "/path-to/bundle.pem"})
 
     request = CertificateRequest(common_name=f"{randomword(10)}.venafi.example.com")
     request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"]
     if not isinstance(conn, CloudConnection):
-        # Venafi Cloud doesn't support email or IP SANs in CSR
+        # CyberArk Certificate Manager, SaaS doesn't support email or IP SANs in CSR
         request.email_addresses = ["[email protected]", "[email protected]"]
         request.ip_addresses = ["127.0.0.1", "192.168.1.1"]
         request.uniform_resource_identifiers = ["http://wgtest.com", "https://ragnartest.com"]

examples/ssh_certificates/get_cert_ssh.py

@@ -32,15 +32,15 @@ def main():
     password = environ.get('TPP_PASSWORD')
 
     connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False})
-    # If your TPP server certificate is signed with your own CA, or available only via proxy,
+    # If your CyberArk Certificate Manager, Self-Hosted server certificate is signed with your own CA, or available only via proxy,
     # you can specify a trust bundle using requests vars:
     # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token,
     #                          http_request_kwargs={"verify": "/path-to/bundle.pem"})
 
     # Create an Authentication object to request a token with the proper scope to manage SSH certificates
     auth = Authentication(user=user, password=password, scope=SCOPE_SSH)
     # Additionally, you may change the default client id for a custom one
-    # Make sure this id has been registered on the TPP instance beforehand
+    # Make sure this id has been registered on the CyberArk Certificate Manager, Self-Hosted instance beforehand
     # Also, the user (TTP_USER) should be allowed to use this application
     # And the application should have the ssh permissions enabled
     auth.client_id = 'vcert-ssh-demo'
@@ -54,8 +54,8 @@ def main():
     #            without the corresponding private key
     ssh_kp = SSHKeyPair()
     ssh_kp.generate(key_size=4096, passphrase="foobar")
-    # The path to the SSH CA in the TPP instance
-    # This is a placeholder. Make sure an SSH CA already exists on your TPP instance
+    # The path to the SSH CA in the CyberArk Certificate Manager, Self-Hosted instance
+    # This is a placeholder. Make sure an SSH CA already exists on your CyberArk Certificate Manager, Self-Hosted instance
     cadn = "\\VED\\Certificate Authority\\SSH\\Templates\\my-ca"
     # The id of the SSH certificate
     key_id = f"vcert-python-{random_word(12)}"
@@ -71,10 +71,10 @@ def main():
     # Include the locally-generated public key. If not set, the server will generate one for the certificate
     request.set_public_key_data(ssh_kp.public_key())
 
-    # Request the certificate from TPP instance
+    # Request the certificate from CyberArk Certificate Manager, Self-Hosted instance
     success = connector.request_ssh_cert(request)
     if success:
-        # Retrieve the certificate from TPP instance
+        # Retrieve the certificate from CyberArk Certificate Manager, Self-Hosted instance
         response = connector.retrieve_ssh_cert(request)
         # Save the certificate to a file
         # The private and public key are optional values.

examples/ssh_certificates/get_cert_ssh_service.py

@@ -32,23 +32,23 @@ def main():
     password = environ.get('TPP_PASSWORD')
 
     connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False})
-    # If your TPP server certificate signed with your own CA, or available only via proxy,
+    # If your CyberArk Certificate Manager, Self-Hosted server certificate signed with your own CA, or available only via proxy,
     # you can specify a trust bundle using requests vars:
     # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token,
     #                          http_request_kwargs={"verify": "/path-to/bundle.pem"})
 
     # Create an Authentication object to request a token with the proper scope to manage SSH certificates
     auth = Authentication(user=user, password=password, scope=SCOPE_SSH)
     # Additionally, you may change the default client id for a custom one
-    # Make sure this id has been registered on the TPP instance beforehand
+    # Make sure this id has been registered on the CyberArk Certificate Manager, Self-Hosted instance beforehand
     # Also, the user (TTP_USER) should be allowed to use this application
     # And the application should have the ssh permissions enabled
     auth.client_id = 'vcert-ssh-demo'
     # Request access token
     # After the request is successful, subsequent api calls will use the same token
     connector.get_access_token(auth)
 
-    # The path to the SSH CA in the TPP instance
+    # The path to the SSH CA in the CyberArk Certificate Manager, Self-Hosted instance
     cadn = "\\VED\\Certificate Authority\\SSH\\Templates\\my-ca"
     # The id of the SSH certificate
     key_id = f"vcert-python-{random_word(12)}"
@@ -62,14 +62,14 @@ def main():
         'permit-pty': ""
     }
 
-    # Request the certificate from TPP instance
+    # Request the certificate from CyberArk Certificate Manager, Self-Hosted instance
     success = connector.request_ssh_cert(request)
     if success:
         # Optional. Define a passphrase for encryption
         # The service generated private key will be encrypted using this passphrase
         # This step should happen after the request has been invoked
         request.private_key_passphrase = "foobar"
-        # Retrieve the certificate from TPP instance
+        # Retrieve the certificate from CyberArk Certificate Manager, Self-Hosted instance
         response = connector.retrieve_ssh_cert(request)
         # Save the certificate, private and public key to files
         write_ssh_files("/path/to/ssh/cert/folder", response.certificate_details.key_id, response.certificate_data,

examples/ssh_certificates/retrieve_ca_public_key.py

@@ -33,13 +33,13 @@ def main():
     password = environ.get('TPP_PASSWORD')
 
     # A Connector can be instantiated with no values by using the platform argument.
-    # url argument is always required for TPP.
+    # url argument is always required for CyberArk Certificate Manager, Self-Hosted.
     connector = venafi_connection(platform=VenafiPlatform.TPP, url=url,
                                   http_request_kwargs={'verify': "/tmp/chain.pem"})
     # Optionally, the connector can be instantiated passing the specific arguments:
     # connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={"verify": False})
 
-    # If your TPP server certificate is signed with your own CA, or available only via proxy,
+    # If your CyberArk Certificate Manager, Self-Hosted server certificate is signed with your own CA, or available only via proxy,
     # you can specify a trust bundle using requests vars:
     # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token,
     #                          http_request_kwargs={"verify": "/path-to/bundle.pem"})
@@ -59,7 +59,7 @@ def main():
     # To retrieve the CA principals create an Authentication object with the proper scope to manage SSH certificates.
     auth = Authentication(user=user, password=password, scope=SCOPE_SSH)
     # Additionally, you may change the default client id for a custom one.
-    # Make sure this id has been registered on the TPP instance beforehand.
+    # Make sure this id has been registered on the CyberArk Certificate Manager, Self-Hosted instance beforehand.
     # Also, the user (TTP_USER) should be allowed to use this application
     # and the application should have the ssh permissions enabled.
     auth.client_id = 'vcert-ssh-ca-pubkey-demo'

examples/tpp/get_cert_tpp_token.py

@@ -42,7 +42,7 @@ def main():
         # If access_token and refresh_token are passed, there is no need for the username and password.
         # If only access_token is passed, the Connection will fail when token expires, as there is no way to refresh it.
         conn = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False})
-        # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify
+        # If your CyberArk Certificate Manager, Self-Hosted server certificate signed with your own CA, or available only via proxy, you can specify
         # a trust bundle using requests vars:
         # conn = token_connection(url=url, user=user, password=password,
         #                         http_request_kwargs={"verify": "/path-to/bundle.pem"})