BUSINESS PROBLEM
Updating only a custom field(s) of a venafi_certificate resource forces a "replacement" of the resource and ends up with a new version of the certificate being created in venafi. In the case of a DigiCert certificate this can result in additional costs due to the new cert being issued. As I understand it, the custom fields are only stored in venafi and don't form part of the certificate so if an update only includes updates of a custom field(s) then it should probably not result in the creation of a new cert.
PROPOSED SOLUTION
Update the venafi_certificate resource so that updates to the custom fields of a cert do not result in a new version of the certificate being issued. This would only apply if the updates were only to custom fields. If other fields (common name, san_dns, etc) were updated at the same time then a new version of the certificate would be created.
CURRENT ALTERNATIVES
No current known alternative.
VENAFI EXPERIENCE
I have been using Venafi products for 6 months.
BUSINESS PROBLEM Updating only a custom field(s) of a venafi_certificate resource forces a "replacement" of the resource and ends up with a new version of the certificate being created in venafi. In the case of a DigiCert certificate this can result in additional costs due to the new cert being issued. As I understand it, the custom fields are only stored in venafi and don't form part of the certificate so if an update only includes updates of a custom field(s) then it should probably not result in the creation of a new cert.
PROPOSED SOLUTION Update the venafi_certificate resource so that updates to the custom fields of a cert do not result in a new version of the certificate being issued. This would only apply if the updates were only to custom fields. If other fields (common name, san_dns, etc) were updated at the same time then a new version of the certificate would be created.
CURRENT ALTERNATIVES No current known alternative.
VENAFI EXPERIENCE I have been using Venafi products for 6 months.