Merge branch 'ab#69246_rebase' of github.com:Keyfactor/axis-ipcamera-orchestrator into ab#69246_rebase

Elena Fiocca · Elena Fiocca · commit e7e9d6cd40fb · 2025-08-26T15:52:37.000-06:00
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 <p align="center">
   <!-- Badges -->
-<img src="https://img.shields.io/badge/integration_status-prototype-3D1973?style=flat-square" alt="Integration Status: prototype" />
+<img src="https://img.shields.io/badge/integration_status-pilot-3D1973?style=flat-square" alt="Integration Status: pilot" />
 <a href="https://github.com/Keyfactor/axis-ipcamera-orchestrator/releases"><img src="https://img.shields.io/github/v/release/Keyfactor/axis-ipcamera-orchestrator?style=flat-square" alt="Release" /></a>
 <img src="https://img.shields.io/github/issues/Keyfactor/axis-ipcamera-orchestrator?style=flat-square" alt="Issues" />
 <img src="https://img.shields.io/github/downloads/Keyfactor/axis-ipcamera-orchestrator/total?style=flat-square&label=downloads&color=28B905" alt="GitHub Downloads (all assets, all releases)" />
@@ -52,9 +52,9 @@ Before installing the AXIS IP Camera Universal Orchestrator extension, we recomm
 TODO Requirements is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
 
 
-## MOST Certificate Store Type
+## AxisIPCamera Certificate Store Type
 
-To use the AXIS IP Camera Universal Orchestrator extension, you **must** create the MOST Certificate Store Type. This only needs to happen _once_ per Keyfactor Command instance.
+To use the AXIS IP Camera Universal Orchestrator extension, you **must** create the AxisIPCamera Certificate Store Type. This only needs to happen _once_ per Keyfactor Command instance.
 
 
 
@@ -65,7 +65,7 @@ TODO Global Store Type Section is an optional section. If this section doesn't s
 
 
 
-#### MyOrchestratorStoreType Requirements
+#### Axis IP Camera Requirements
 
 TODO Requirements is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
 
@@ -75,24 +75,24 @@ TODO Requirements is an optional section. If this section doesn't seem necessary
 
 | Operation    | Is Supported                                                                                                           |
 |--------------|------------------------------------------------------------------------------------------------------------------------|
-| Add          | 🔲 Unchecked        |
-| Remove       | 🔲 Unchecked     |
-| Discovery    | ✅ Checked  |
-| Reenrollment | 🔲 Unchecked |
+| Add          | ✅ Checked        |
+| Remove       | ✅ Checked     |
+| Discovery    | 🔲 Unchecked  |
+| Reenrollment | ✅ Checked |
 | Create       | 🔲 Unchecked     |
 
 #### Store Type Creation
 
 ##### Using kfutil:
 `kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types.
 For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart)
-   <details><summary>Click to expand MOST kfutil details</summary>
+   <details><summary>Click to expand AxisIPCamera kfutil details</summary>
 
    ##### Using online definition from GitHub:
    This will reach out to GitHub and pull the latest store-type definition
    ```shell
-   # MyOrchestratorStoreType
-   kfutil store-types create MOST
+   # Axis IP Camera
+   kfutil store-types create AxisIPCamera
    ```
 
    ##### Offline creation using integration-manifest file:
@@ -106,22 +106,22 @@ For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out
 
 
 #### Manual Creation
-Below are instructions on how to create the MOST store type manually in
+Below are instructions on how to create the AxisIPCamera store type manually in
 the Keyfactor Command Portal
-   <details><summary>Click to expand manual MOST details</summary>
+   <details><summary>Click to expand manual AxisIPCamera details</summary>
 
-   Create a store type called `MOST` with the attributes in the tables below:
+   Create a store type called `AxisIPCamera` with the attributes in the tables below:
 
    ##### Basic Tab
    | Attribute | Value | Description |
    | --------- | ----- | ----- |
-   | Name | MyOrchestratorStoreType | Display name for the store type (may be customized) |
-   | Short Name | MOST | Short display name for the store type |
-   | Capability | MOST | Store type name orchestrator will register with. Check the box to allow entry of value |
-   | Supports Add | 🔲 Unchecked |  Indicates that the Store Type supports Management Add |
-   | Supports Remove | 🔲 Unchecked |  Indicates that the Store Type supports Management Remove |
-   | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery |
-   | Supports Reenrollment | 🔲 Unchecked |  Indicates that the Store Type supports Reenrollment |
+   | Name | Axis IP Camera | Display name for the store type (may be customized) |
+   | Short Name | AxisIPCamera | Short display name for the store type |
+   | Capability | AxisIPCamera | Store type name orchestrator will register with. Check the box to allow entry of value |
+   | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add |
+   | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove |
+   | Supports Discovery | 🔲 Unchecked |  Indicates that the Store Type supports Discovery |
+   | Supports Reenrollment | ✅ Checked |  Indicates that the Store Type supports Reenrollment |
    | Supports Create | 🔲 Unchecked |  Indicates that the Store Type supports store creation |
    | Needs Server | ✅ Checked | Determines if a target server name is required when creating store |
    | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint |
@@ -131,18 +131,18 @@ the Keyfactor Command Portal
 
    The Basic tab should look like this:
 
-   ![MOST Basic Tab](docsource/images/MOST-basic-store-type-dialog.png)
+   ![AxisIPCamera Basic Tab](docsource/images/AxisIPCamera-basic-store-type-dialog.png)
 
    ##### Advanced Tab
    | Attribute | Value | Description |
    | --------- | ----- | ----- |
-   | Supports Custom Alias | Forbidden | Determines if an individual entry within a store can have a custom Alias. |
+   | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. |
    | Private Key Handling | Forbidden | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. |
    | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) |
 
    The Advanced tab should look like this:
 
-   ![MOST Advanced Tab](docsource/images/MOST-advanced-store-type-dialog.png)
+   ![AxisIPCamera Advanced Tab](docsource/images/AxisIPCamera-advanced-store-type-dialog.png)
 
    > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
 
@@ -151,12 +151,23 @@ the Keyfactor Command Portal
 
    | Name | Display Name | Description | Type | Default Value/Options | Required |
    | ---- | ------------ | ---- | --------------------- | -------- | ----------- |
-   | CustomField1 | CustomField1 |  | String | default | ✅ Checked |
-   | CustomField2 | CustomField2 |  | String | None | ✅ Checked |
+   | ServerUsername | Server Username | Enter the username of the configured "service" user on the camera | Secret |  | 🔲 Unchecked |
+   | ServerPassword | Server Password | Enter the password of the configured "service" user on the camera | Secret |  | 🔲 Unchecked |
+   | ServerUseSsl | Use SSL | Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be "True" | Bool | true | ✅ Checked |
 
    The Custom Fields tab should look like this:
 
-   ![MOST Custom Fields Tab](docsource/images/MOST-custom-fields-store-type-dialog.png)
+   ![AxisIPCamera Custom Fields Tab](docsource/images/AxisIPCamera-custom-fields-store-type-dialog.png)
+
+   ##### Entry Parameters Tab
+
+   | Name | Display Name | Description | Type | Default Value | Entry has a private key | Adding an entry | Removing an entry | Reenrolling an entry |
+   | ---- | ------------ | ---- | ------------- | ----------------------- | ---------------- | ----------------- | ------------------- | ----------- |
+   | CertUsage | Certificate Usage | The Certificate Usage to assign to the cert after enrollment. Can be left 'Other' to be assigned later. | MultipleChoice |  | 🔲 Unchecked | ✅ Checked | 🔲 Unchecked | ✅ Checked |
+
+   The Entry Parameters tab should look like this:
+
+   ![AxisIPCamera Entry Parameters Tab](docsource/images/AxisIPCamera-entry-parameters-store-type-dialog.png)
 
    </details>
 
@@ -195,6 +206,12 @@ the Keyfactor Command Portal
     Refer to [Starting/Restarting the Universal Orchestrator service](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/StarttheService.htm).
 
 
+6. **(optional) PAM Integration**
+
+    The AXIS IP Camera Universal Orchestrator extension is compatible with all supported Keyfactor PAM extensions to resolve PAM-eligible secrets. PAM extensions running on Universal Orchestrators enable secure retrieval of secrets from a connected PAM provider.
+
+    To configure a PAM provider, [reference the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) to select an extension and follow the associated instructions to install it on the Universal Orchestrator (remote).
+
 
 > The above installation steps can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions).
 
@@ -228,13 +245,14 @@ TODO Certificate Store Configuration is an optional section. If this section doe
 
    | Attribute | Description                                             |
    | --------- |---------------------------------------------------------|
-   | Category | Select "MyOrchestratorStoreType" or the customized certificate store name from the previous step. |
+   | Category | Select "Axis IP Camera" or the customized certificate store name from the previous step. |
    | Container | Optional container to associate certificate store with. |
-   | Client Machine |  |
-   | Store Path |  |
-   | Orchestrator | Select an approved orchestrator capable of managing `MOST` certificates. Specifically, one with the `MOST` capability. |
-   | CustomField1 |  |
-   | CustomField2 |  |
+   | Client Machine | The IP address of the Camera. Sample is "192.167.231.174:44444". Include the port if necessary. |
+   | Store Path | Enter the Serial Number of the camera e.g. `0b7c3d2f9e8a` |
+   | Orchestrator | Select an approved orchestrator capable of managing `AxisIPCamera` certificates. Specifically, one with the `AxisIPCamera` capability. |
+   | ServerUsername | Enter the username of the configured "service" user on the camera |
+   | ServerPassword | Enter the password of the configured "service" user on the camera |
+   | ServerUseSsl | Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be "True" |
 
 </details>
 
@@ -244,34 +262,50 @@ TODO Certificate Store Configuration is an optional section. If this section doe
 
 <details><summary>Click to expand details</summary>
 
-1. **Generate a CSV template for the MOST certificate store**
+1. **Generate a CSV template for the AxisIPCamera certificate store**
 
     ```shell
-    kfutil stores import generate-template --store-type-name MOST --outpath MOST.csv
+    kfutil stores import generate-template --store-type-name AxisIPCamera --outpath AxisIPCamera.csv
     ```
 2. **Populate the generated CSV file**
 
     Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
 
    | Attribute | Description |
    | --------- | ----------- |
-   | Category | Select "MyOrchestratorStoreType" or the customized certificate store name from the previous step. |
+   | Category | Select "Axis IP Camera" or the customized certificate store name from the previous step. |
    | Container | Optional container to associate certificate store with. |
-   | Client Machine |  |
-   | Store Path |  |
-   | Orchestrator | Select an approved orchestrator capable of managing `MOST` certificates. Specifically, one with the `MOST` capability. |
-   | Properties.CustomField1 |  |
-   | Properties.CustomField2 |  |
+   | Client Machine | The IP address of the Camera. Sample is "192.167.231.174:44444". Include the port if necessary. |
+   | Store Path | Enter the Serial Number of the camera e.g. `0b7c3d2f9e8a` |
+   | Orchestrator | Select an approved orchestrator capable of managing `AxisIPCamera` certificates. Specifically, one with the `AxisIPCamera` capability. |
+   | Properties.ServerUsername | Enter the username of the configured "service" user on the camera |
+   | Properties.ServerPassword | Enter the password of the configured "service" user on the camera |
+   | Properties.ServerUseSsl | Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera. This should always be "True" |
 
 3. **Import the CSV file to create the certificate stores**
 
     ```shell
-    kfutil stores import csv --store-type-name MOST --file MOST.csv
+    kfutil stores import csv --store-type-name AxisIPCamera --file AxisIPCamera.csv
     ```
 
 </details>
 
 
+#### PAM Provider Eligible Fields
+<details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+
+   | Attribute | Description |
+   | --------- | ----------- |
+   | ServerUsername | Enter the username of the configured "service" user on the camera |
+   | ServerPassword | Enter the password of the configured "service" user on the camera |
+
+Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
+> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
+
+</details>
+
 
 > The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
 
@@ -280,7 +314,7 @@ TODO Certificate Store Configuration is an optional section. If this section doe
 TODO Discovery is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
 
 
-### MyOrchestratorStoreType Discovery Job
+### Axis IP Camera Discovery Job
 TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
 
 
diff --git a/docsource/axisipcamera.md b/docsource/axisipcamera.md
@@ -13,7 +13,3 @@ It is expected that there be one (1) certificate store managed per Axis network
 2. Camera serial number
 3. Camera IP address (and likely port number)
 
-## Global Store Type Section
-
-TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
-
