You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When using TLS authentication with the metadata of entity aliases activated with enable_identity_alias_metadata, the serial number is returned as a string representation of its decimal value.
For instance "207720964414718439776028734852258731377870138924".
This representation is not very convenient to use, because all the endpoints of the PKI API take the hexadecimal representation of the serial number separated with colon.
We can still recreate this representation at the client side, but because the integer is bigger than u128, for most of the programming languages, we must use an external library to parse it. As supply chain attacks are a big concern for me, I would like to have the fewest dependency as possible.
Describe the solution you'd like
Would you be OK to return the hexadecimal representation directly?
I think it's just a matter of calling this function
Is your feature request related to a problem? Please describe.
When using TLS authentication with the metadata of entity aliases activated with enable_identity_alias_metadata, the serial number is returned as a string representation of its decimal value.
For instance "207720964414718439776028734852258731377870138924".
Here is the following code that does that:
vault/builtin/credential/cert/path_login.go
Line 149 in d1e30ba
This representation is not very convenient to use, because all the endpoints of the PKI API take the hexadecimal representation of the serial number separated with colon.
We can still recreate this representation at the client side, but because the integer is bigger than u128, for most of the programming languages, we must use an external library to parse it. As supply chain attacks are a big concern for me, I would like to have the fewest dependency as possible.
Describe the solution you'd like
Would you be OK to return the hexadecimal representation directly?
I think it's just a matter of calling this function
vault/sdk/helper/certutil/helpers.go
Line 112 in d1e30ba
Describe alternatives you've considered
Adding an external library at the client side and build the hexadecimal representation from here.
The text was updated successfully, but these errors were encountered: