v1.9.2

.github/config/environments.tf

@@ -1,83 +1,12 @@
-module "keyfactor_github_test_environment_10_5_0" {
+module "keyfactor_github_test_environment_ses_2541" {
   source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
 
-  gh_environment_name = "KFC_10_5_0"
-  gh_repo_name        = data.github_repository.repo.name
-  keyfactor_hostname  = var.keyfactor_hostname_10_5_0
-  keyfactor_username  = var.keyfactor_username_AD
-  keyfactor_password  = var.keyfactor_password_AD
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
-
-module "keyfactor_github_test_environment_10_5_0_CLEAN" {
-  source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
-
-  gh_environment_name = "KFC_10_5_0_CLEAN"
-  gh_repo_name        = data.github_repository.repo.name
-  keyfactor_hostname = var.keyfactor_hostname_10_5_0_CLEAN
-  keyfactor_username  = var.keyfactor_username_AD
-  keyfactor_password  = var.keyfactor_password_AD
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
-
-module "keyfactor_github_test_environment_11_5_0" {
-  source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
-
-  gh_environment_name = "KFC_11_5_0"
-  gh_repo_name        = data.github_repository.repo.name
-  keyfactor_hostname  = var.keyfactor_hostname_11_5_0
-  keyfactor_username  = var.keyfactor_username_AD
-  keyfactor_password  = var.keyfactor_password_AD
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
-
-module "keyfactor_github_test_environment_11_5_0_CLEAN" {
-  source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
-
-  gh_environment_name = "KFC_11_5_0_CLEAN"
-  gh_repo_name        = data.github_repository.repo.name
-  keyfactor_hostname = var.keyfactor_hostname_11_5_0_CLEAN
-  keyfactor_username  = var.keyfactor_username_AD
-  keyfactor_password  = var.keyfactor_password_AD
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
-
-module "keyfactor_github_test_environment_11_5_0_OAUTH" {
-  source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
-
-  gh_environment_name       = "KFC_11_5_0_OAUTH"
-  gh_repo_name              = data.github_repository.repo.name
-  keyfactor_hostname        = var.keyfactor_hostname_11_5_0_OAUTH
-  keyfactor_auth_token_url  = var.keyfactor_auth_token_url
-  keyfactor_client_id       = var.keyfactor_client_id
-  keyfactor_client_secret   = var.keyfactor_client_secret
-  keyfactor_tls_skip_verify = true
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
-
-module "keyfactor_github_test_environment_11_5_0_OAUTH_CLEAN" {
-  source = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
-
-  gh_environment_name       = "KFC_11_5_0_OAUTH_CLEAN"
+  gh_environment_name       = "SES_2541"
   gh_repo_name              = data.github_repository.repo.name
-  keyfactor_hostname        = var.keyfactor_hostname_11_5_0_OAUTH_CLEAN
-  keyfactor_auth_token_url  = var.keyfactor_auth_token_url
-  keyfactor_client_id       = var.keyfactor_client_id
-  keyfactor_client_secret   = var.keyfactor_client_secret
+  keyfactor_hostname        = var.ses_2541_hostname
+  keyfactor_auth_token_url  = var.ses_2541_auth_token_url
+  keyfactor_client_id       = var.ses_2541_client_id
+  keyfactor_client_secret   = var.ses_2541_client_secret
   keyfactor_tls_skip_verify = true
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
+  keyfactor_config_file     = base64encode(file("${path.module}/ses2541_command_config.json"))
 }
-
-module "keyfactor_github_test_environment_12_3_0_AD" {
-  source                    = "git::ssh://git@github.com/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
-  gh_environment_name       = "KFC_12_3_0_AD"
-  gh_repo_name              = data.github_repository.repo.name
-  keyfactor_hostname        = var.keyfactor_hostname_12_3_0
-  keyfactor_username        = var.keyfactor_username_AD
-  keyfactor_password        = var.keyfactor_password_AD
-  keyfactor_tls_skip_verify = true
-  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
-}
-
-
-

.github/config/variables.tf

@@ -1,85 +1,22 @@
-// Hosts
-variable "keyfactor_hostname_10_5_0" {
-  description = "The hostname of the Keyfactor v10.5.x instance"
+variable "ses_2541_hostname" {
+  description = "The hostname of the SES 25.4.1 Keyfactor Command instance"
   type        = string
-  default     = "integrations1050-lab.kfdelivery.com"
+  default     = "int25-4-1.kftestlab.com"
 }
 
-variable "keyfactor_hostname_10_5_0_CLEAN" {
-  description = "The hostname of the Keyfactor v10.5.x instance with no stores or orchestrators. This is used for store-type tests."
+variable "ses_2541_auth_token_url" {
+  description = "The OAuth token URL for the SES 25.4.1 Keyfactor Command instance"
   type        = string
-  default     = "int1050-test-clean.kfdelivery.com"
+  default     = "https://auth.kftestlab.com/oauth2/token"
 }
 
-
-variable "keyfactor_hostname_11_5_0" {
-  description = "The hostname of the Keyfactor v11.5.x instance"
-  type        = string
-  default     = "integrations1150-lab.kfdelivery.com"
-}
-
-variable "keyfactor_hostname_11_5_0_CLEAN" {
-  description = "The hostname of the Keyfactor v11.5.x instance with no stores or orchestrators. This is used for store-type tests."
-  type        = string
-  default     = "int1150-test-clean.kfdelivery.com"
-}
-
-variable "keyfactor_hostname_11_5_0_OAUTH" {
-  description = "The hostname of the Keyfactor instance"
-  type        = string
-  default     = "int-oidc-lab.eastus2.cloudapp.azure.com"
-}
-
-variable "keyfactor_hostname_11_5_0_OAUTH_CLEAN" {
-  description = "The hostname of the Keyfactor instance"
-  type        = string
-  default     = "int1150-oauth-test-clean.eastus2.cloudapp.azure.com"
-}
-
-
-variable "keyfactor_hostname_12_3_0" {
-  description = "The hostname of the Keyfactor v12.3.x instance"
-  type        = string
-  default     = "integrations1230-lab.kfdelivery.com"
-}
-
-variable "keyfactor_hostname_12_3_0_CLEAN" {
-  description = "The hostname of the Keyfactor v12.3.x instance with no stores or orchestrators. This is used for store-type tests."
+variable "ses_2541_client_id" {
+  description = "The OAuth client ID for the SES 25.4.1 Keyfactor Command instance"
   type        = string
-  default     = "int1230-test-clean.kfdelivery.com"
 }
 
-variable "keyfactor_hostname_12_3_0_OAUTH" {
-  description = "The hostname of the Keyfactor instance"
+variable "ses_2541_client_secret" {
+  description = "The OAuth client secret for the SES 25.4.1 Keyfactor Command instance"
   type        = string
-  default     = "int-oidc-lab.eastus2.cloudapp.azure.com"
+  sensitive   = true
 }
-
-
-// Authentication
-variable "keyfactor_username_AD" {
-  description = "The username to authenticate with a Keyfactor instance that uses AD authentication"
-  type        = string
-}
-
-variable "keyfactor_password_AD" {
-  description = "The password to authenticate with Keyfactor instance that uses AD authentication"
-  type        = string
-}
-
-variable "keyfactor_client_id" {
-  description = "The client ID to authenticate with the Keyfactor instance using oauth2 client credentials"
-  type        = string
-}
-
-variable "keyfactor_client_secret" {
-  description = "The client secret to authenticate with the Keyfactor instance using oauth2 client credentials"
-  type        = string
-}
-
-variable "keyfactor_auth_token_url" {
-  description = "The token URL to authenticate with the Keyfactor instance using oauth2 client credentials"
-  type        = string
-  default     = "https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"
-}
-

CHANGELOG.md

@@ -1,3 +1,26 @@
+# v1.9.2
+
+## Fixes
+
+### CLI
+
+- `stores import csv`: Support create and sync workflows for certificate stores that use PAM provider-backed
+  `ServerUsername`, `ServerPassword`, and store password values.
+- `stores import csv`: Preserve JSON-shaped secret values as secret strings instead of parsing them into nested
+  request objects.
+- `login`: Add `--skip-validate` to save login configuration without validating credentials against Keyfactor Command.
+
+### Docs
+
+- Add top-level README link to the use-case documentation index.
+- Add use-case documentation for bulk certificate store creation.
+- Add use-case documentation for bulk certificate store updates.
+- Add use-case documentation for migrating certificate store credentials from static values to a PAM provider.
+- Add generated per-store-type bulk create and update use-case guides.
+- Add generated PAM Operations use-case documentation for PAM type and provider creation.
+- `makedocs` now regenerates command docs, store-type use cases, and PAM operation use cases without date-based
+  generated footers.
+
 # v1.9.1
 
 ## Fixes

GNUmakefile

@@ -83,5 +83,10 @@ generate_toc:
 	@command -v markdown-toc >/dev/null 2>&1 || (echo "markdown-toc is not installed. Installing..." && npm install -g markdown-toc)
 	markdown-toc -i $(MARKDOWN_FILE) --skip 'Table of Contents'
 
+store-type-docs:
+	GOWORK=off GOCACHE=/tmp/kfutil-gocache go run ./tools/storetypedocs
 
-.PHONY: build prerelease release install test fmt vendor version setversion
+pam-operation-docs:
+	GOWORK=off GOCACHE=/tmp/kfutil-gocache go run ./tools/pamdocs
+
+.PHONY: build prerelease release install test fmt vendor version setversion store-type-docs pam-operation-docs

README.md

@@ -20,6 +20,11 @@ at https://support.keyfactor.com/
 To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual
 bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
 
+## Documentation
+
+- [Command Reference](docs/kfutil.md)
+- [Use Cases](docs/use-cases/README.md)
+
 ## Quickstart
 
 ### Linux/MacOS
@@ -229,13 +234,14 @@ kfutil logout
 
 #### Bulk create cert stores
 
-For full documentation, see [stores import](docs/kfutil_stores_import.md).
+For command documentation, see [stores import](docs/kfutil_stores_import.md). For a task-oriented walkthrough, see
+[Bulk Certificate Store Creation](docs/use-cases/Certificate%20Store%20Operations/bulk-certificate-store-creation.md).
 
 This will attempt to process a CSV input file of certificate stores to create. The template can be generated by
 running: `kfutil stores import generate-template` command.
 
 ```bash
-kfutil stores import create --file <file name to import> --store-type-id <store type id> --store-type-name <store type name> --results-path <filepath for results> --dry-run <check fields only> [flags]
+kfutil stores import csv --file <file name to import> --store-type-id <store type id> --store-type-name <store type name> --results-path <filepath for results> --dry-run <check fields only> [flags]
 ```
 
 ```bash
@@ -246,7 +252,7 @@ Usage:
   kfutil stores import [command]
 
 Available Commands:
-  create            Create certificate stores
+  csv               Create certificate stores from CSV file.
   generate-template For generating a CSV template with headers for bulk store creation.
 
 Flags:
@@ -255,6 +261,18 @@ Flags:
 Use "kfutil stores import [command] --help" for more information about a command.
 ```
 
+#### Bulk update cert stores
+
+For a task-oriented walkthrough, see [Bulk Certificate Store Updates](docs/use-cases/Certificate%20Store%20Operations/bulk-certificate-store-updates.md).
+
+Bulk updates use the CSV import command with `--sync`. Export the target stores, edit the exported CSV, preserve the
+`Id` column, then sync the changes back to Keyfactor Command.
+
+```bash
+kfutil stores export --store-type-name <store type name>
+kfutil stores import csv --file <exported csv file> --store-type-name <store type name> --sync --no-prompt
+```
+
 #### Bulk create cert store types
 
 For full documentation, see [store-types](docs/kfutil_store-types.md).
@@ -514,6 +532,24 @@ kfutil stores inventory remove \
 
 ## Development
 
+### Regenerating documentation
+
+The command reference and generated use-case docs are checked into this repository. Regenerate them after changing CLI
+commands, flags, embedded store type metadata, or embedded PAM type metadata:
+
+```bash
+go run . makedocs
+```
+
+This updates:
+
+- `docs/kfutil*.md` command reference pages
+- `docs/use-cases/Certificate Store Operations/Store Types/*.md`
+- `docs/use-cases/PAM Operations/*.md`
+
+The store type and PAM operation docs are generated from `cmd/store_types.json` and `cmd/pam_types.json`. The generated
+command docs intentionally omit date-based generator footers to avoid unrelated documentation churn.
+
 This CLI developed using [cobra](https://umarcor.github.io/cobra/)
 
 ### Adding a new command