Venafi CLI tool releases¶

Learn about current and past releases of the Venafi CLI tool.

Latest release¶

The latest stable version of Venafi CLI is v1.15.2.

Select the file appropriate for your platform below:

Verifying Venafi CLI archives after download¶

Once you have downloaded the Venafi CLI archive and its corresponding signature file, you can verify by executing a command similar to the following:

gpg --verify venctl-linux-amd64.zip.sig venctl-linux-amd64.zip

For a valid signature, the output is similar to the example below:

gpg: Signature made Wed Dec  6 11:09:05 2023 UTC
gpg:                using RSA key BA2F4B4442D945F0A2810A686B99EC1CEEE83892
gpg:                issuer "gpg-vaas@venafi.com"
gpg: Good signature from "Venafi, Inc. <gpg-vaas@venafi.com>" [ultimate]

Release 1.15.2¶

Venafi CLI tool 1.15.2 was released on October 30, 2024.

Key features¶

• venctl installation cluster connect command updates

  This release includes an update to the venctl installation cluster connect command to improve the connectivity process to Venafi Control Plane.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.15.2.

  Component	Default version for this release
  Approver Policy	v0.16.0
  Approver Policy Enterprise	v0.18.1
  AWS Private CA Issuer	v1.4.0
  cert-manager	v1.16.1
  CSI driver	v0.10.1
  CSI driver for SPIFFE	v0.8.1
  Firefly	v1.5.0
  Istio CSR	0.12.0
  OpenShift Routes	0.7.0
  Trust Manager	v0.12.0
  Venafi Connection	v0.2.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v1.1.0

Release 1.15.1¶

Venafi CLI tool 1.15.1 was released on October 15, 2024.

Key features¶

• Version output fix

  This release fixes an issue where the venctl version command and the associated auto update feature of venctl mistakenly reported the version as being dev.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.15.1.

  Component	Default version for this release
  Approver Policy	v0.15.2
  Approver Policy Enterprise	v0.18.1
  AWS Private CA Issuer	v1.3.0
  cert-manager	v1.16.1
  CSI driver	v0.10.1
  CSI driver for SPIFFE	v0.8.1
  Firefly	v1.5.0
  Istio CSR	0.12.0
  OpenShift Routes	0.7.0
  Trust Manager	v0.12.0
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v1.0.0

Release 1.15.0¶

Venafi CLI tool 1.15.0 was released on October 4, 2024.

Key features¶

• Venafi Manifest tool environment variable support

  The Venafi Manifest tool now supports the VENAFI_KUBERNETES_AGENT_CLUSTER_NAME environment variable for setting the cluster name when installing the agent. This means you no longer have to create a custom values.yaml per cluster.

• Venafi Manifest tool bug fix

  Release 1.15.0 corrects an issue where the Venafi Manifest tool attempted to set the topologySpreadConstraints field for the cert-manager startupapicheck, which doesn't exist.

• Go version updated

  The version of Go used was updated to v1.23.2.

• Default component versions for this release

  This release upgrades some dependency versions proactively to address CVEs reported by scanners but which weren't exploitable.

  The following is a full list of the component versions installable by default in release 1.15.0.

  Component	Default version for this release
  Approver Policy	v0.15.2
  Approver Policy Enterprise	v0.18.1
  AWS Private CA Issuer	v1.3.0
  cert-manager	v1.16.0
  CSI driver	v0.10.1
  CSI driver for SPIFFE	v0.8.1
  Firefly	v1.5.0
  Istio CSR	0.12.0
  OpenShift Routes	0.7.0
  Trust Manager	v0.12.0
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v1.0.0

Release 1.14.1¶

Venafi CLI tool 1.14.1 was released on September 11, 2024.

Key features¶

• Bug fixes An issue where venctl installation cluster connect failed in release v1.14.0.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.14.1.

  Component	Default version for this release
  Approver Policy	v0.15.1
  Approver Policy Enterprise	v0.18.1
  AWS Private CA Issuer	v1.3.0
  cert-manager	v1.15.3
  CSI driver	v0.10.1
  CSI driver for SPIFFE	v0.8.1
  Firefly	v1.5.0
  Istio CSR	0.12.0
  OpenShift Routes	0.6.0
  Trust Manager	v0.12.0
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v1.0.0

Release 1.14.0¶

Venafi CLI tool 1.14.0 was released on September 11, 2024.

Key features¶

• OpenShift Routes support Release v1.14.0 adds support for installing the OpenShift Routes component.
• Venafi Kubernetes Agent manifest improvements You can now generate manifests for agents without needing to specify a client ID.
• Manifest comments Generated manifests now include a comment at the top containing the command used to generate the manifest. This helps you to edit or recreate a manifest if required later..
• Istio CSR support This release adds support for Istio CSR with extra objects defined at manifest generation time.
• Bug fixes An issue where the Venafi CLI tool incorrectly required a TTY when the --no-prompts flags is used was corrected.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.14.0.

  Component	Default version for this release
  Approver Policy	v0.15.1
  Approver Policy Enterprise	v0.18.1
  AWS Private CA Issuer	v1.3.0
  cert-manager	v1.15.3
  CSI driver	v0.10.1
  CSI driver for SPIFFE	v0.8.1
  Firefly	v1.5.0
  Istio CSR	0.12.0
  OpenShift Routes	0.6.0
  Trust Manager	v0.12.0
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v1.0.0

Release 1.13.0¶

Venafi CLI tool 1.13.0 was released on August 6, 2024.

app:
tls:
    certificateDNSNames:
    - cert-manager-istio-csr.venafi.svc

venctl components kubernetes manifest generate --cert-manager --istio-csr --istio-csr-values-files values.yaml --default-approver

Key features¶

• Istio CSR support

  The Venafi CLI tool now allows you to install Istio CSR in addition to the other Venafi Kubernetes components.

• New Helm custom chart repository CA options added

  The Venafi CLI tool includes new custom chart repository CA flags for the venctl components kubernetes manifest generate and venctl components kubernetes apply commands to indicate the path to PEM-formatted CA bundles used to validate the Helm repository for component charts. Learn more

• Go version updated

  The version of Go used was updated to v1.22.5.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.13.0.

  Component	Default version for this release
  Approver Policy	v0.15.0
  Approver Policy Enterprise	v0.18.0
  AWS Private CA Issuer	v1.3.0
  cert-manager	v1.15.2
  CSI driver	v0.10.0
  CSI driver for SPIFFE	v0.8.0
  Firefly	v1.4.2
  Istio CSR	0.11.0
  Trust Manager	v0.12.0
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v0.1.49

Release 1.12.0¶

Venafi CLI tool 1.12.0 was released on July 18, 2024.

Key features¶

• Helm chart repository authentication

  This release adds new authentication parameters for protected OCI (credential configuration) and non-OCI (username and password) Helm chart repositories. Learn more.

  If you are using a protected Helm registry you may be required to provide additional authentication. New flags for the venctl components kubernetes manifest generate and venctl components kubernetes apply commands allow you to authenticate to protected Helm registries.

  For an OCI-based Helm registry you can provide a docker_config.json file containing authentication credentials:

  venctl components kubernetes apply \
    --cert-manager \
    --custom-chart-repository oci://my-registry.example.com/charts \
    --custom-chart-repository-config docker_config.json
  

  For HTTPs-based Helm registry you can specify the username and password:

  venctl components kubernetes apply \
    --cert manager \
    --custom-chart-repository https://my-charts.example.com/ \
    --custom-chart-repository-username <username> \
    --custom-chart-repository-password <password>
  

• enterprise-cert-manager scope renamed to cert-manager-components

  The enterprise-cert-manager value for the --scopes flag used with the venctl iam service-accounts registry create command is deprecated in favor of cert-manager-components.

  A sample venctl iam service-accounts registry create command using the new flag:

  venctl iam service-accounts registry create --name "My Service Account" --output-file "venafi-image-pull-secret.json" --owning-team "My Platform Team" --scopes "cert-manager-components" --validity 365 --api-key xyz
  

  An example of the same command in previous releases:

  venctl iam service-accounts registry create --name "My Service Account" --output-file "venafi-image-pull-secret.json" --owning-team "My Platform Team" --scopes "enterprise-cert-manager" --validity 365 --api-key xyz
  

• Repository updates for livenessprobe and csi-node-driver-registrar images

  Venafi CLI tool was updated to install the livenessprobe and csi-node-driver-registrar images from the private-registry.venafi.cloud/csi-driver-spiffe repository.

• Venafi Connection dependency for Approver Policy Enterprise added to the Venafi Kubernetes Manifest tool

  This release includes a fix for an issue where the Venafi Connection dependency for Approver Policy Enterprise was not installed by the Venafi Kubernetes Manifest tool by default.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.12.0.

  Component	Default version for this release
  Approver Policy	v0.14.1
  Approver Policy Enterprise	v0.17.2
  AWS Private CA Issuer	v1.2.7
  cert-manager	v1.15.1
  CSI driver	v0.9.0
  CSI driver for SPIFFE	v0.7.0
  Firefly	v1.4.1
  Trust Manager	v0.11.1
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v0.1.49

Release 1.11.0¶

Venafi CLI tool 1.11.0 was released on June 6, 2024.

Key features¶

• Default component versions for this release

  Release 1.11.0 updates the Venafi Manifest tool to allow you to install the latest version of cert-manager and Trust Manager.

  The following is a full list of the component versions installable by default in release 1.11.0.

  Component	Default version for this release
  Approver Policy	v0.14.1
  Approver Policy Enterprise	v0.17.0
  AWS Private CA Issuer	v1.2.7
  cert-manager	v1.15.0
  CSI driver	v0.8.1
  CSI driver for SPIFFE	v0.6.0
  Firefly	v1.3.4
  Trust Manager	v0.11.0
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v0.1.48

• Go dependency updated

  This release also updates the version of Go used for the build to 1.22.4.

Release 1.10.0¶

Venafi CLI tool 1.10.0 was released on May 22, 2024.

Key features¶

• Install CSI driver for SPIFFE

  Release 1.10.0 updates the Venafi Manifest tool to allow you to install the CSI driver for SPIFFE component. Learn more

• Minor improvements

  This release introduces improvements to the venctl command:

  • When deploying the Venafi Kubernetes Agent using venctl installation cluster connect, you can now modify the agent's deployment without encountering errors.
  • A pre-requisite check for the minimum required Helm version has been added to commands that use the Helm binary. This ensures compatibility and avoids potential issues.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.10.0.

  Component	Default version for this release
  Approver Policy	v0.14.1
  Approver Policy Enterprise	v0.17.0
  AWS Private CA Issuer	v1.2.7
  cert-manager	v1.14.5
  CSI driver	v0.8.1
  CSI driver for SPIFFE	v0.6.0
  Firefly	v1.3.4
  Trust Manager	v0.10.0
  Venafi Connection	v0.1.0
  Venafi Enhanced Issuer	v0.14.0
  Venafi Kubernetes Agent	v0.1.48

Release 1.9.0¶

Venafi CLI tool 1.9.0 was released on May 8, 2024.

Breaking Changes¶

This release contains the following breaking changes:

• The following flags have been renamed in all commands to which they apply:

  • --output has been renamed to --log-format.

    A sample command using the new flag:

    venctl iam service-accounts describe --api-key xyz -n myaccount --log-format json --no-prompts >> accinfo.json
    

    An example of the same command in previous releases:

    venctl iam service-accounts describe --api-key xyz -n myaccount --output json --no-prompts >> accinfo.json
    

  • --credential-format has been renamed to --output.

    A sample command using the new flag:

    venctl iam service-accounts firefly create --output secret --name sa-firefly --api-key xyz
    

    An example of the same command in previous releases:

    venctl iam service-accounts firefly create --credential-format secret --name sa-firefly --api-key xyz
    

  • --credential-file has been renamed to --output-file.

    A sample command using the new flag:

    venctl iam service-accounts registry create --name "My Service Account" --output-file "venafi-image-pull-secret.json" --owning-team "My Platform Team" --scopes "enterprise-cert-manager" --validity 365 --api-key xyz
    

    An example of the same command in previous releases:

    venctl iam service-accounts registry create --name "My Service Account" --credential-file "venafi-image-pull-secret.json" --owning-team "My Platform Team" --scopes "enterprise-cert-manager" --validity 365 --api-key xyz
    

• The output from the iam service-accounts registry create output dockerconfig has been updated to contain only dockerconfig content rather than being nested in a JSON object.

  The following is a sample of the output in this release:

  {
      "auths": {
              "private-registry.venafi.cloud": {
                      "username": "sa-us@1cef4d3d-f28b-11ee-9365-c29bc6f4bab0",
                      "auth": "c2EtdXNAMWNlZjRkM2QtZjI4Yi0xMWVlLTkzNjUtYzI5YmM2ZjRiYWIwOnlWNE5jZHZ5SG1jY2FYU2thQ1FKbUJzZktsZERqRVA5eW11dW5XY1V6c0d2ZWtpamVhZWNBR3o5MlppQ0d5eXVJRmVua2RqalpGY3NrWXZ6WXFPdWlQZnVPd2NCRlRYRVJJcXEyaEloNDVHaEx2c01HNkRtNVJNZHJzNUVCd2Zx"
              }
      }
  }
  

  The following is an example of the output from previous releases:

  {
      "client_id": "f95b37ac-f28c-11ee-a4ea-bad1c4de4f71",
      "image_pull_secret": "{\"auths\":{\"private-registry.venafi.cloud\":{\"username\":\"sa-us@f95b37ac-f28c-11ee-a4ea-bad1c4de4f71\",\"auth\":\"c2EtdXNAZjk1YjM3YWMtZjI4Yy0xMWVlLWE0ZWEtYmFkMWM0ZGU0ZjcxOkVXVFlLTHFRZ0o3U2M4UTlSTDg2SEh2SldVTWlvT2VZSEhDaWpwRmVVRENNM2FIbEhQdURDb1p3RE1pQ0pRVGZOWlpxWExId3VGb0RLS1NrYW9tbDVsUEdxSG1zeVl2cWc2UURFSFlWSVdzblZ2S2ZSZHdvbnhldjF5NG5iUW5V\"}}}\n"
  }
  

The --name, --validity, and --owning-team flags are now only available in the subcommands where they are relevant. These flags have been removed from the main venctl iam service-accounts command and added to each applicable subcommand.

Key features¶

• Dependency updates

  This release updates the version of Go used to 1.22.3. This release also includes a fix for the following Hashicorp go-getter library vulnerability: CVE-2024-3817.

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.9.0.

  Component	Default version for this release
  Approver Policy	v0.14.0
  Approver Policy Enterprise	v0.16.0
  AWS Private CA Issuer	v1.2.7
  cert-manager	v1.14.5
  CSI Driver	v0.8.0
  Firefly	v1.3.4
  Trust Manager	v0.9.2
  Venafi Connection	v0.0.20
  Venafi Enhanced Issuer	v0.13.3
  Venafi Kubernetes Agent	v0.1.47

Release 1.8.0¶

Venafi CLI tool 1.8.0 was released on April 5, 2024.

Breaking changes¶

The output from the venctl iam service-accounts agent create and venctl iam service-accounts firefly create commands now return the raw private key rather than a base64-encoded string.

The following is a sample of the output in this release:

{
        "client_id": "7dd207f4-f1ae-11ee-83f9-3a7af823c704",
        "private_key": "-----BEGIN PRIVATE KEY-----\nMHcCAQEEIKcGfBGimDbNqTrv0zw2h8W2OavVY8WHATEH89VIrQmBoAoGCCqGSM49\nAwEHoUQDQgAEzwbbEkbMMxvRBPLkmAJ/jkJZIHwpskxtBNXZU18jqAW+J8TSfuv6\nkPGe/frubEqyT+w496F45Vqi3Y9ha/6Ozg==\n-----END PRIVATE KEY-----\n"
}

The following is an example of the output from previous releases:

{
        "client_id": "7dd207f4-f1ae-11ee-83f9-3a7af823c704",
        "private_key": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5NSGNDQVFFRUlLY0dmQkdpbURiTnFUcnYwencyaDhXMk9hdlZZOFdIQVRFSDg5VklyUW1Cb0FvR0NDcUdTTTQ5XG5Bd0VIb1VRRFFnQUV6d2JiRWtiTU14dlJCUExrbUFKL2prSlpJSHdwc2t4dEJOWFpVMThqcUFXK0o4VFNmdXY2XG5rUEdlL2ZydWJFcXlUK3c0OTZGNDVWcWkzWTloYS82T3pnPT1cbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbgo="
}

Key features¶

• New service account custom integration functionality

  A new venctl iam service-accounts custom-integration createcommand has been added that allows you to create service accounts for custom integrations with Venafi Control Plane. For more information, see the venctl iam service-accounts custom-integration create command reference documentation.

• New service account authentication functionality

  New --auth.client-id, --auth.key, and --auth.key-file flags have been added to the venctl iam service-account agent create command to support service account authentication to Venafi Control Plane. This is useful for non-interactive sessions when service accounts for Venafi Kubernetes Agent are needed. For more information, see the venctl iam service-account agent create command reference documentation.

• Support for global tolerations

  This release includes a new flag, --global-tolerations-file, for the venctl components kubernetes manifest generate command. This flag points to a YAML file containing an array of Kubernetes corev1.Toleration objects. For more information, see Global tolerations.

• Support for global affinities

  This release includes a new flag, --global-affinities-file, for the venctl components kubernetes manifest generate command. This flag points to a YAML file containing an array of Kubernetes corev1.Affinity objects, which is validated in the same way that Kubernetes validates affinities in-cluster. For more information, see Global affinities.

• Support for global topology spread constraints

  This release includes a new flag, --global-topology-spread-constraints-file, for the venctl components kubernetes manifest generate command. This flag allows the configuration of global topology spread constraints which can be applied to all components for which topology spread constraints are configurable. For more information, see Global topology spread constraints.

• Support for High Availability (HA)

  This release includes a new flag, --ha-file-dir, for the venctl components kubernetes manifest generate command that allows you to set default values for HA deployments for the following Venafi Kubernetes components:

  • cert-manager
  • Approver Policy Enterprise
  • CSI Driver
  • Trust Manager
  • Venafi Kubernetes Agent
  • Venafi Enhanced Issuer

  For more information, see Setting default values for HA deployments using the Venafi CLI tool, and the venctl components kubernetes manifest generate command reference documentation..

• Default component versions for this release

  The following is a full list of the component versions installable by default in release 1.8.0.

  Component	Default version for this release
  Approver Policy	v0.13.1
  Approver Policy Enterprise	v0.15.0
  AWS Private CA Issuer	v1.2.7
  cert-manager	v1.14.4
  CSI Driver	v0.8.0
  Firefly	v1.3.3
  Trust Manager	v0.9.2
  Venafi Connection	v0.0.20
  Venafi Enhanced Issuer	v0.13.3
  Venafi Kubernetes Agent	v0.1.47

Release 1.7.0¶

Venafi CLI tool 1.7.0 was released on March 14, 2024.

Key features¶

• New Manifest tool commands

  Two new manifest tool commands have been added:

  • venctl components kubernetes manifest tool diff - Use this command as a convenient way to visualize the changes between the active deployment and the updated manifest.
  • venctl components kubernetes manifest tool template - Use this command to template releases defined in the state file.

  For more information, see the venafi components kubernetes manifest tool diff and venafi components kubernetes manifest tool template reference documentation.

• Quick install/uninstall commands

  This release introduces two new commands that allow you to set up and tear down a Venafi cert-manager environment quickly and easily. This installation method is not recommended for production environments. For more information, see the Venafi CLI command reference documentation.

• Custom registry support

  You can now specify your own custom registry when connecting to Venafi Control Plane using the venctl installation cluster connect command.

• Bug fixes

  The current release includes fix for an issue with the venctl components kubernetes manifest generate command when the default version of a component was specified.

• Default component versions for this release

  Below is a full list of the component versions installable by default in release 1.7.0.

  Component	Default version for this release
  Approver Policy	v0.13.0
  Approver Policy Enterprise	v0.14.0
  AWS Private CA Issuer	v1.2.7
  cert-manager	v1.14.4
  CSI Driver	v0.7.1
  Firefly	v1.3.2
  Trust Manager	v0.9.1
  Venafi Connection	v0.0.19
  Venafi Enhanced Issuer	v0.13.1
  Venafi Kubernetes Agent	v0.1.45

Release 1.6.0¶

Venafi CLI tool 1.6.0 was released on February 23, 2024.

Key features¶

• Service account creation for Firefly

  Release 1.6.0 allows you to create services accounts that allow Venafi Firefly to connect to Venafi Control Plane using the new venctl iam service-accounts firefly create command. For more information, see the Venafi CLI command reference documentation.

• FIPS support for CSI Driver

  This release includes support for FIPS-compliant versions of Docker images for CSI Driver.

• New positional arguments

  Instead of having to use the --name flag with the following commands, you can now also use positional arguments:

  • venctl iam service-accounts describe
  • venctl iam service-accounts registry create
  • venctl iam service-accounts delete
  • venctl installation cluster connect

  For example:

  venctl iam service-accounts describe my-service-account
  

• Logging and error messages improvements

  Several updates have been made that improve error messages and logging in the Venafi CLI tool.

• Default component versions for this release

  The venctl components kubernetes manifest generate command now installs Venafi Enhanced Issuer v0.12.0 and Venafi Kubernetes Agent v0.1.45.

  Below is a full list of the component versions installable by default in release 1.6.0.

  Component	Default version for this release
  Approver Policy	v0.12.1
  Approver Policy Enterprise	v0.13.0
  AWS Private CA Issuer	v1.2.7
  cert-manager	v1.14.3
  CSI Driver	v0.7.1
  Firefly	v1.3.1
  Trust Manager	v0.8.0
  Venafi Connection	v0.0.19
  Venafi Enhanced Issuer	v0.12.0
  Venafi Kubernetes Agent	v0.1.45

Release 1.5.0¶

Venafi CLI tool 1.5.0 was released on February 9, 2024.

Breaking Changes¶

Updated flags in venctl iam service-accounts registry create¶

As of this version, the Venafi CLI tool introduces two critical flag changes that impact how you create service accounts for Venafi OCI registry access:

• Renamed Flag: --image-pull-secret-file is now --credential-file.
• Renamed Flag: --image-pull-secret-format is now --credential-format.

This change aligns with broader terminology within the Venafi CLI tool, and aims to simplify usage. Remember to update your commands accordingly to avoid errors.

Example:

• Venafi CLI tool 1.2.0 - 1.4.0:

  venctl iam service-accounts registry create --name sa --image-pull-secret-file my-secret.yaml --image-pull-secret-format secret
  

• Venafi CLI tool 1.5.0:

  venctl iam service-accounts registry create --name sa --credential-file my-credential.json --credential-format secret
  

Updated the output format of --credential-format secret for venctl iam service-accounts registry create¶

This update impacts how Venafi CLI tool generates service accounts for registry access with the --credential-format secret flag.

Previously, only the Kubernetes secret (in YAML format) was included in the output. Now, both client_id and the Kubernetes secret for image pulling (in YAML format) are provided under a JSON structure.

Output details

Upon successful execution of venctl iam service-accounts registry create --name sa --credential-file my-credential.json --credential-format secret, the output will include:

• client_id: The client identifier used for authentication with the registry.
• image_pull_secret: The Kubernetes secret encoded in YAML format, granting access to Venafi OCI registry artifacts.

Accessing the client ID and secret

To extract the image_pull_secret from the JSON output, use the following command:

jq -r '.image_pull_secret' < my-credential.json

To extract the client_id from the JSON output, use the following command:

jq -r '.client_id' < my-credential.json

Key features¶

• Service account creation for Venafi Kubernetes Agent

  A venctl iam service-accounts agent create command was added. This command allows you to create service accounts in Venafi Control Plane for your Venafi Kubernetes Agents.

• Service account listing

  A new venctl iam service-accounts list command was added. This command lists all service accounts in the Venafi Control Plane. For more information, see the venctl reference page.

• Service account description

  The venctl iam service-accounts show command has been renamed venctl iam service-accounts describe. It provides a description of a named service account in the Venafi Control Plane. For more information, see the venctl reference page.

• Venafi Improvements to the Venafi Kubernetes Manifest feature of Venafi CLI

  This release also sees updates to the way that the Venafi Manifest tool deploys cert-manager, and adds support for cert-manager v1.14.1 and later.

• Flag changes

  The --image-pull-secret-file and --image-pull-secret-format flags for the venctl iam service-accounts registry create command have been renamed to --credential-file and --credential-format, respectively.

Release 1.4.0¶

Venafi CLI tool 1.4.0 was released on January 25, 2024.

Key features¶

• FIPS support

This release includes support for FIPS-compliant versions of Docker images for Venafi components for Kubernetes. A --use-fips-images flag has been added to the venctl components kubernetes manifest generate command to install the desired component using the FIPS-compliant version of the component Docker image.

Release 1.3.2¶

Venafi CLI tool 1.3.2 was released on January 15, 2024.

Key features¶

• Service accounts show command

  A new venctl iam service-accounts show command was added. This command provides information on a named service account in the Venafi Control Plane. For more information, see the venctl reference page.

• Logging improvements

  This release sees improvements in logging to support the venctl iam service-accounts show command.

• Miscellaneous minor bug fixes

  Several minor bugs were also fixed in this release.

Release 1.3.1¶

Venafi CLI tool 1.3.1 was released on December 20, 2023.

Key features¶

• EU region service account deletion issue

  Release 1.3.1 fixes an issue where the venctl iam service-accounts delete command didn't work for service accounts using the EU Venafi Control Plane region.

Release 1.3.0¶

Venafi CLI tool 1.3.0 was released on December 15, 2023.

Key features¶

• Service account deletion

  Release 1.3.0 adds a new venctl iam service-accounts delete command for deleting service accounts in the Venafi Control Plane.

  For more information on how to use this feature, see Venafi CLI reference page.

• Venafi Kubernetes manifest for trust-manager

  This release addresses an issue in the Venafi Kubernetes manifest for the trust-manager. Previously, the generated manifest pulled the open-source image for the default trust package, now the enterprise trust-manager version is used unless another registry is configured.

Release 1.2.1¶

Venafi CLI tool 1.2.1 was released on December 7, 2023.

Key features¶

• macOS install script fix

  This release fixes an issue with the Bash script used to install the utility on the macOS platform when no GPG tool is installed.

Release 1.2.0¶

Venafi CLI tool 1.2.0 was released on December 6, 2023.

Key features¶

• Venafi Manifest Generator functionality

  This release sees the addition of Venafi Manifest Generator functionality to the Venafi CLI tool. You can now install Venafi Kubernetes components using the Venafi CLI utility.

  For more information on how to use this feature, see Venafi CLI reference page.

• Service account creation

  Release 1.2.0 adds a new venctl iam service-accounts registry create command for creating service accounts in the Venafi Control Plane for accessing container images from the private Venafi OCI registry.

  For more information on how to use this feature, see Venafi CLI reference page.

• Utility updates

  The release adds the venctl update command to update the venctl binary to the latest available stable version.

  For more information on how to use this feature, see Venafi CLI reference page.

Release 1.1.0¶

Venafi CLI tool 1.1.0 was released on November 3, 2023.

Key features¶

• Code signing

  This release introduces GPG code signing for the Venafi CLI binaries, enabling them to be verified for authenticity.

Release 1.0.2¶

Venafi CLI tool 1.0.2 was released on November 1, 2023.

Key features¶

• Bug fixes and enhancements

  This release of the Venafi CLI tool contains some bug fixes, and some small under-the-hood enhancements.

Release 1.0.0¶

Venafi CLI tool 1.0.0 was released on October 15, 2023.

Key features¶

• Connect Kubernetes clusters to Venafi Control Plane

  Venafi CLI provides a convenient way to connect Kubernetes clusters to Venafi Control Plane.

  To learn more, use the venctl installation cluster connect --help command.

Related links¶

• Venafi CLI tool overview
• Venafi CLI reference
• Installing the Venafi CLI tool