Skip to content

Venafi CLI tool releases

Learn about current and past releases of the Venafi CLI tool.

Latest release

The latest stable version of Venafi CLI is v1.6.0.

Select the file appropriate for your platform below:

Latest Release OS Architecture GPG Signature
Venafi CLI Linux AMD64 / x86-64 Signature
Venafi CLI Linux ARM64 Signature
Venafi CLI macOS AMD64 / x86-64 Signature
Venafi CLI macOS ARM64, Apple Silicon Signature
Venafi CLI Windows AMD64 / x86-64 Signature
Checksums (SHA256)

Verifying Venafi CLI archives after download

Once you have downloaded the Venafi CLI archive and its corresponding signature file, you can verify by executing a command similar to the following:

gpg --verify venctl-linux-amd64.zip.sig venctl-linux-amd64.zip

For a valid signature, the output is similar to the example below:

gpg: Signature made Wed Dec  6 11:09:05 2023 UTC
gpg:                using RSA key BA2F4B4442D945F0A2810A686B99EC1CEEE83892
gpg:                issuer "gpg-vaas@venafi.com"
gpg: Good signature from "Venafi, Inc. <gpg-vaas@venafi.com>" [ultimate]
If you see the error message Can't check signature: No public key., it means that you haven't trusted Venafi's GPG (GNU Privacy Guard)signing key yet. To prevent this error, make sure to trust Venafi's GPG signing key manually before verifying the Venafi CLI archive.

Trusting the Venafi GPG signing key
  1. Download the Venafi GPG public key:

    curl -O https://dl.venafi.cloud/vaaskey.pub
    
  2. Import the key into your GPG keyring:

    gpg --import ./vaaskey.pub
    
  3. Set ownertrust for Venafi Inc. to ultimate:

    echo -e "trust\n5\ny\n" | gpg --no-tty --command-fd 0 --edit-key "gpg-vaas@venafi.com"
    
  4. Verify the key in your keyring:

    gpg --list-keys
    

    The result should look similar to the following:

    /home/user/.gnupg/pubring.kbx
    -----------------------------
    pub   rsa4096 2022-03-18 [SCEA]
          BA2F4B4442D945F0A2810A686B99EC1CEEE83892
    uid           [ultimate] Venafi, Inc. <gpg-vaas@venafi.com>
    sub   rsa2048 2022-03-22 [A]
    sub   rsa2048 2022-03-22 [E]
    

Release 1.6.0

Venafi CLI tool 1.6.0 was released on February 23, 2024.

Key features

  • Service account creation for Firefly

    Release 1.6.0 allows you to create services accounts that allow Venafi Firefly to connect to Venafi Control Plane using the new venctl iam service-accounts firefly create command. For more information, see the Venafi CLI command reference documentation.

  • FIPS support for CSI Driver

    This release includes support for FIPS-compliant versions of Docker images for CSI Driver.

  • New positional arguments

    Instead of having to use the --name flag with the following commands, you can now also use positional arguments:

    • venctl iam service-accounts describe
    • venctl iam service-accounts registry create
    • venctl iam service-accounts delete
    • venctl installation cluster connect

    For example:

    venctl iam service-accounts describe my-service-account
    
  • Logging and error messages improvements

    Several updates have been made that improve error messages and logging in the Venafi CLI tool.

  • Default component versions for this release

    The venctl components kubernetes manifest generate command now installs Venafi Enhanced Issuer v0.12.0 and Venafi Kubernetes Agent v0.1.45.

    Below is a full list of the component versions installable by default in release 1.6.0.

    Component Default version for this release
    Approver Policy v0.12.1
    Approver Policy Enterprise v0.13.0
    AWS Private CA Issuer v1.2.7
    cert-manager v1.14.3
    CSI Driver v0.7.1
    Firefly v1.3.1
    Trust Manager v0.8.0
    Venafi Connection v0.0.19
    Venafi Enhanced Issuer v0.12.0
    Venafi Kubernetes Agent v0.1.45
Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.6.0 Linux AMD64 / x86-64 08ad637f5f3b55fe0ea232e1c9b2f318a1a388408db0d2f5e550fb39a6da9b57 Signature
Venafi CLI 1.6.0 Linux ARM64 d36ac9abe8df6f812d864442501217a7e369cb68a54f32582a3d711fdb314952 Signature
Venafi CLI 1.6.0 macOS AMD64 / x86-64 104086f856e2f7c69602029a38377a3efbd208595473233e3e5d78872b9fab1c Signature
Venafi CLI 1.6.0 macOS ARM64, Apple Silicon 2ab8e11408297b3c1077112b899bae2c45cec6cc4351f316180dd7b38042ddc6 Signature
Venafi CLI 1.6.0 Windows AMD64 / x86-64 9753d92abcbacce0144b42ce075399f6d235e5265d1377e3d8eacbda1d8b9239 Signature
Checksums (SHA256)

Release 1.5.0

Venafi CLI tool 1.5.0 was released on February 9, 2024.

Breaking Changes

Updated flags in venctl iam service-accounts registry create

As of this version, the Venafi CLI tool introduces two critical flag changes that impact how you create service accounts for Venafi OCI registry access:

  • Renamed Flag: --image-pull-secret-file is now --credential-file.
  • Renamed Flag: --image-pull-secret-format is now --credential-format.

This change aligns with broader terminology within the Venafi CLI tool, and aims to simplify usage. Remember to update your commands accordingly to avoid errors.

Example:

  • Venafi CLI tool 1.2.0 - 1.4.0:

    venctl iam service-accounts registry create --name sa --image-pull-secret-file my-secret.yaml --image-pull-secret-format secret
    
  • Venafi CLI tool 1.5.0:

    venctl iam service-accounts registry create --name sa --credential-file my-credential.json --credential-format secret
    

Updated the output format of --credential-format secret for venctl iam service-accounts registry create

This update impacts how Venafi CLI tool generates service accounts for registry access with the --credential-format secret flag.

Previously, only the Kubernetes secret (in YAML format) was included in the output. Now, both client_id and the Kubernetes secret for image pulling (in YAML format) are provided under a JSON structure.

Output details

Upon successful execution of venctl iam service-accounts registry create --name sa --credential-file my-credential.json --credential-format secret, the output will include:

  • client_id: The client identifier used for authentication with the registry.
  • image_pull_secret: The Kubernetes secret encoded in YAML format, granting access to Venafi OCI registry artifacts.

Accessing the client ID and secret

To extract the image_pull_secret from the JSON output, use the following command:

jq -r '.image_pull_secret' < my-credential.json

To extract the client_id from the JSON output, use the following command:

jq -r '.client_id' < my-credential.json

Important

The commands above assume the output is saved in a file named my-credential.json. Replace it with the actual file path as necessary.

Key features

  • Service account creation for Venafi Kubernetes Agent

    A venctl iam service-accounts agent create command was added. This command allows you to create service accounts in Venafi Control Plane for your Venafi Kubernetes Agents.

  • Service account listing

    A new venctl iam service-accounts list command was added. This command lists all service accounts in the Venafi Control Plane. For more information, see the venctl reference page.

  • Service account description

    The venctl iam service-accounts show command has been renamed venctl iam service-accounts describe. It provides a description of a named service account in the Venafi Control Plane. For more information, see the venctl reference page.

  • Venafi Improvements to the Venafi Kubernetes Manifest feature of Venafi CLI

    This release also sees updates to the way that the Venafi Manifest tool deploys cert-manager, and adds support for cert-manager v1.14.1 and later.

  • Flag changes

    The --image-pull-secret-file and --image-pull-secret-format flags for the venctl iam service-accounts registry create command have been renamed to --credential-file and --credential-format, respectively.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.5.0 Linux AMD64 / x86-64 3f3b41b9808b4af71491a147d2d42e962780548ce4188d21bb3de7a98d547722 Signature
Venafi CLI 1.5.0 Linux ARM64 1984c6a5c6b8a4a2d5ad50b227bc006a6ec8e42792fb363ef594c2bc825cdaba Signature
Venafi CLI 1.5.0 macOS AMD64 / x86-64 ba3dd02f21f99e5a75b32cd28ddd83478c578fc427d7158359af7fc7348182a9 Signature
Venafi CLI 1.5.0 macOS ARM64, Apple Silicon 37038c99e9b39e4c06b94124e139b6ade73ce87afaacba2b9e55441dc49a6611 Signature
Venafi CLI 1.5.0 Windows AMD64 / x86-64 e35546749dd395cdfde4969a5ec8853ebf71e528de3f6ecd46a64c9a38cb1bdf Signature
Checksums (SHA256)

Release 1.4.0

Venafi CLI tool 1.4.0 was released on January 25, 2024.

Known Issue

Versions 1.4.0 and earlier of the Venafi CLI tool are not able to install cert-manager v1.14.0 or later from a generated manifest.

This issue is addressed in Venafi CLI tool 1.5.0.

Key features

  • FIPS support

This release includes support for FIPS-compliant versions of Docker images for Venafi components for Kubernetes. A --use-fips-images flag has been added to the venctl components kubernetes manifest generate command to install the desired component using the FIPS-compliant version of the component Docker image.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.4.0 Linux AMD64 / x86-64 f913e9cce9d29f2bdd0d165d9829ace60e49075ed02139a42d761cfb5ef05d9d Signature
Venafi CLI 1.4.0 Linux ARM64 8520421b39c09a2b8b56cd1e53e1b1df758ce92840f0778c7eed8a7cdc58f3af Signature
Venafi CLI 1.4.0 macOS AMD64 / x86-64 50dae730b043d498ae16149be22a5c0edb57b1f12c68b4bb40f72b1ac58af171 Signature
Venafi CLI 1.4.0 macOS ARM64, Apple Silicon 7d41273e9e44e082d29cd5aa9e6cdb7a9d083cbb76b79699fd825075053d5279 Signature
Venafi CLI 1.4.0 Windows AMD64 / x86-64 739f1cca4445868c062c600acea3a9e9fc4f172883e07aed531329d191bb9ada Signature
Checksums (SHA256)

Release 1.3.2

Venafi CLI tool 1.3.2 was released on January 15, 2024.

Key features

  • Service accounts show command

    A new venctl iam service-accounts show command was added. This command provides information on a named service account in the Venafi Control Plane. For more information, see the venctl reference page.

  • Logging improvements

    This release sees improvements in logging to support the venctl iam service-accounts show command.

  • Miscellaneous minor bug fixes

    Several minor bugs were also fixed in this release.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.3.2 Linux AMD64 / x86-64 123641fad7fab857fedb739aa8386df92cae178c034d59ac2e71e1e868c1dd64 Signature
Venafi CLI 1.3.2 Linux ARM64 4677c8e8bbe2f28014b3f6cdee11651180a4c5b7ad83a5196fc8cf07b7c26958 Signature
Venafi CLI 1.3.2 macOS AMD64 / x86-64 87e6beba0f5241a9f88ddafb0f50c45b76934857725854bd473050312a710947 Signature
Venafi CLI 1.3.2 macOS ARM64, Apple Silicon ff2283cbc9bd01f8f32975b6375c856ef4b8b151f3390194918cca9bb7cc20cc Signature
Venafi CLI 1.3.2 Windows AMD64 / x86-64 0111fcc0013f619e895082bc1041a44086d07be4db3f49a686bba5adb4387006 Signature
Checksums (SHA256)

Release 1.3.1

Venafi CLI tool 1.3.1 was released on December 20, 2023.

Key features

  • EU region service account deletion issue

    Release 1.3.1 fixes an issue where the venctl iam service-accounts delete command didn't work for service accounts using the EU Venafi Control Plane region.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.3.1 Linux AMD64 / x86-64 2743d0ac27a515177c4351a8be70870922332058c2e443868a958ffc865b3cd4 Signature
Venafi CLI 1.3.1 Linux ARM64 c1379600daf9e5f1df0e7dbbb7e3b39e7672844fac98dd72f319259bc2f74596 Signature
Venafi CLI 1.3.1 macOS AMD64 / x86-64 eaf728c5824b9c317e033fd082a99222b9dcfba858d9b2af0867816273a9d926 Signature
Venafi CLI 1.3.1 macOS ARM64, Apple Silicon 9513f6d19afe697a8f04a46bdf0c65b1a34cda15cbcfd53e4b147914ce6f768f Signature
Venafi CLI 1.3.1 Windows AMD64 / x86-64 fe3dbd642334bb4a30bb5ac78a7e67358b8629651b006a3ca540143044aabfe9 Signature
Checksums (SHA256)

Release 1.3.0

Venafi CLI tool 1.3.0 was released on December 15, 2023.

Key features

  • Service account deletion

    Release 1.3.0 adds a new venctl iam service-accounts delete command for deleting service accounts in the Venafi Control Plane.

    For more information on how to use this feature, see Venafi CLI reference page.

  • Venafi Kubernetes manifest for trust-manager

    This release addresses an issue in the Venafi Kubernetes manifest for the trust-manager. Previously, the generated manifest pulled the open-source image for the default trust package, now the enterprise trust-manager version is used unless another registry is configured.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.3.0 Linux AMD64 / x86-64 c46cbb94a3db8d909fa2e079d0f64653ae328e21d4c150187d47a4703a6ec3e9 Signature
Venafi CLI 1.3.0 Linux ARM64 7c98800e69b18a688969700a02cea1b09946f001daa78c7324dec69e6a216fc5 Signature
Venafi CLI 1.3.0 macOS AMD64 / x86-64 4c454d7688f6989495583686a6395709b7b886c32d9c93243a4f8d824be26074 Signature
Venafi CLI 1.3.0 macOS ARM64, Apple Silicon f0761d5edb7c1904ccf0641c4da9edac93d3f3c3217bcd7fa90202df7948217c Signature
Venafi CLI 1.3.0 Windows AMD64 / x86-64 8b7e12a0deb9b988d00bb4994bea81cac94d6207957898cdc83ec25ae128122b Signature
Checksums (SHA256)

Release 1.2.1

Venafi CLI tool 1.2.1 was released on December 7, 2023.

Key features

  • macOS install script fix

    This release fixes an issue with the Bash script used to install the utility on the macOS platform when no GPG tool is installed.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.2.1 Linux 64-bit a09b716ac8699abb6106aaaab3785a7028b739b10f91c2d9df4020c017b71b4f Signature
Venafi CLI 1.2.1 Linux ARM64 cca761d02e61bba83b15cd77e8fe51e59ebb69b2a216dc743cd09e2a015bef0f Signature
Venafi CLI 1.2.1 macOS 64-bit 352cb55fa351263a83258b4d17384ea71cdf80c6f92b76407887d4af97048a4e Signature
Venafi CLI 1.2.1 macOS ARM64, Apple Silicon bde09e185bf639ed8d635aa812f239c855ce5654f985a11d8c7e6dea45c8ef14 Signature
Venafi CLI 1.2.1 Windows 64-bit d1c1d8461bd78c0ae33c73edbdc3e9be4125d46be8567f5deea5bda7affa4aaa Signature
Checksums (SHA256)

Release 1.2.0

Venafi CLI tool 1.2.0 was released on December 6, 2023.

Key features

  • Venafi Manifest Generator functionality

    This release sees the addition of Venafi Manifest Generator functionality to the Venafi CLI tool. You can now install Venafi Kubernetes components using the Venafi CLI utility.

    For more information on how to use this feature, see Venafi CLI reference page.

  • Service account creation

    Release 1.2.0 adds a new venctl iam service-accounts registry create command for creating service accounts in the Venafi Control Plane for accessing container images from the private Venafi OCI registry.

    For more information on how to use this feature, see Venafi CLI reference page.

  • Utility updates

    The release adds the venctl update command to update the venctl binary to the latest available stable version.

    For more information on how to use this feature, see Venafi CLI reference page.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.2.0 Linux 64-bit 714666fab8a97e267bb0bd2529b363a56644d0d8617a597694d67a927ea6a90d Signature
Venafi CLI 1.2.0 Linux ARM64 850708e36a7c308182f90e6fc86111138eeb2287dfaeef8a372292580b0eba4e Signature
Venafi CLI 1.2.0 macOS 64-bit ee65e6a9ac17630761e97c237dae05b7eff488908d2c92288f53b83ab02a1ece Signature
Venafi CLI 1.2.0 macOS ARM64, Apple Silicon 353573021ce33457be8f31216fa24863b8cf70b0b2f2d17596e91890ec1b807a Signature
Venafi CLI 1.2.0 Windows 64-bit bdc2b91537cd1b293537c8fce1308bb80c72a5c57237cd64a290639c1a4ae0a7 Signature
Checksums (SHA256)

Release 1.1.0

Venafi CLI tool 1.1.0 was released on November 3, 2023.

Key features

  • Code signing

    This release introduces GPG code signing for the Venafi CLI binaries, enabling them to be verified for authenticity.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum GPG Signature
Venafi CLI 1.1.0 Linux 64-bit 939547572ec4e91bc2e5916ec8c22ed544ec7df071b83cd0067b567eb8b1ab4a Signature
Venafi CLI 1.1.0 Linux ARM64 cbd58f3f312d1eaed189350d9fc3762dbba5c149261bc64a5b1dbac7c23056ae Signature
Venafi CLI 1.1.0 macOS 64-bit 2a32444ffb2d935d8af0987fbf997c05224bae0af0caee44927e4d72ecc9fc48 Signature
Venafi CLI 1.1.0 macOS ARM64, Apple Silicon 529bbf3b98d6e3ae829c5210330fbe2aa682980a271d746a3b129a2ae4a94973 Signature
Venafi CLI 1.1.0 Windows 64-bit 72a0a54b7aa755a3b0ea9238369c42c1605f3cdd043b29bcb9af5fe807d0ae3f Signature
Checksums (SHA256)

Release 1.0.2

Venafi CLI tool 1.0.2 was released on November 1, 2023.

Key features

  • Bug fixes and enhancements

    This release of the Venafi CLI tool contains some bug fixes, and some small under-the-hood enhancements.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum
Venafi CLI 1.0.2 Linux 64-bit 18194c1dfadaedabb2d84f87f47917e1af06eeca8d334b11c16f7391c0cb7d1a
Venafi CLI 1.0.2 Linux ARM64 202e6d16672f52fa7b18228642dc22bff6d1ad509dec87840efd49057df4ddb5
Venafi CLI 1.0.2 macOS 64-bit 5574c4bdc8b28b87b799d00f9372b2bcaa3d513e9e900cf9af84e1b9a98d9889
Venafi CLI 1.0.2 macOS ARM64, Apple Silicon 601bf1216ffffdca7ad2105abb3ae18fc7bb83e4ffc3df2747b72369228c88e4
Venafi CLI 1.0.2 Windows 64-bit f502d3f03cdc417e5c71f64c5a5dbd64eabe8dd4d7235e8d3440cc09b7b7e494
Checksums (SHA256)

Release 1.0.0

Venafi CLI tool 1.0.0 was released on October 15, 2023.

Key features

  • Connect Kubernetes clusters to Venafi Control Plane

    Venafi CLI provides a convenient way to connect Kubernetes clusters to Venafi Control Plane.

    To learn more, use the venctl installation cluster connect --help command.

Downloads

Select the file appropriate for your platform:

Release OS Architecture SHA256 Checksum
Venafi CLI 1.0.0 Linux 64-bit 1c8dacade6857266c7cd6c02c6dad139d1f4f0f3fb6d6f14bef551eea8cd0457
Venafi CLI 1.0.0 Linux ARM64 7daad16d55d2aedbc8b6f21944cbaa23adc4ca1011cd6c9eac537b392d0654ee
Venafi CLI 1.0.0 macOS 64-bit fa0aa723eeb58aa85c0fd43419ccbba3080e0638c17d1fe01d77d66f5d9baec4
Venafi CLI 1.0.0 macOS ARM64, Apple Silicon daae557f0fc73e42c2205bda3b5a2cd3d28bd021c0e97cb88b5db47811af071d
Venafi CLI 1.0.0 Windows 64-bit 0f58ff27bd332b92b2cd49af81efd96f74f6336f68f767013dd36882ac20df38
Checksums (SHA256)