You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Following the release of v1.9.0 which included a medium security bug fix, we have some clients capable of rotating API keys which need to be updated to ensure they follow the new guidelines.
In Conjur v1.9.0+ (and DAP 11.7+), when a role is rotating its own API key, it must authenticate to the /api_key route using basic authentication, and cannot send the request with only an access token.
That is, the request should look something like:
curl -f -X PUT -s --user "host/{host ID}:{api_key}" http://{Conjur URL}/authn/{accouont}/api_key
In this mini-epic, we track the work required to make these downstream updates.
Following the release of v1.9.0 which included a medium security bug fix, we have some clients capable of rotating API keys which need to be updated to ensure they follow the new guidelines.
In Conjur v1.9.0+ (and DAP 11.7+), when a role is rotating its own API key, it must authenticate to the
/api_key
route using basic authentication, and cannot send the request with only an access token.That is, the request should look something like:
In this mini-epic, we track the work required to make these downstream updates.
uses basic authenticationthrows errors when using the wrong API call for API key rotation events - Ruby client uses basic authentication for API key rotation events conjur-api-ruby#181RotateAPIKey*
conjur-api-go#78The text was updated successfully, but these errors were encountered: