Skip to content

docs: remove compliance claims and fix Mermaid diagram line breaks #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
spbsoluble merged 2 commits into from
Jun 16, 2026
Merged

docs: remove compliance claims and fix Mermaid diagram line breaks #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0ddfa92
docs: remove SOX audit compliance claim from architecture docs
spbsoluble Jun 15, 2026
d397fed
docs: fix Mermaid diagram \n sequences — use <br/> for line breaks
spbsoluble Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 30 additions & 30 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -406,9 +406,9 @@ sequenceDiagram
participant API as CERTInext API

GW->>Plugin: Load CA connector configuration
Plugin->>Plugin: Validate required fields\n(API URL, account number, credentials)
Plugin->>Plugin: Initialize API client\nwith configured auth mode
Plugin->>Plugin: Record which credential fields are populated\n(values are never logged)
Plugin->>Plugin: Validate required fields<br/>(API URL, account number, credentials)
Plugin->>Plugin: Initialize API client<br/>with configured auth mode
Plugin->>Plugin: Record which credential fields are populated<br/>(values are never logged)
GW->>Plugin: Test connection
Plugin->>API: Verify credentials
API-->>Plugin: Credentials accepted
Expand All @@ -427,11 +427,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API

CMD->>Plugin: Start synchronization\n(full refresh or incremental since last sync)
Plugin->>Plugin: Determine date filter\n(none for full sync, last sync date for incremental)
CMD->>Plugin: Start synchronization<br/>(full refresh or incremental since last sync)
Plugin->>Plugin: Determine date filter<br/>(none for full sync, last sync date for incremental)

loop Retrieve one page at a time
Plugin->>API: Request next page of orders\n(filtered by date if incremental)
Plugin->>API: Request next page of orders<br/>(filtered by date if incremental)
API-->>Plugin: Page of order records

loop For each order on the page
Expand Down Expand Up @@ -467,11 +467,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API

CMD->>Plugin: Request new certificate\n(CSR, subject, SANs, product code, requester details)
CMD->>Plugin: Request new certificate<br/>(CSR, subject, SANs, product code, requester details)
Plugin->>Plugin: Validate product code is present
Plugin->>Plugin: Record enrollment intent in audit log\n(subject, SANs, product, requester — before any API call)
Plugin->>Plugin: Record enrollment intent in audit log<br/>(subject, SANs, product, requester — before any API call)

Plugin->>API: Place certificate order\n(CSR, domain, organization details,\nsubscriber agreement, requestor info)
Plugin->>API: Place certificate order<br/>(CSR, domain, organization details,<br/>subscriber agreement, requestor info)
API-->>Plugin: Order accepted — order number assigned

Plugin->>API: Check order status
Expand All @@ -480,12 +480,12 @@ sequenceDiagram
alt Certificate issued immediately
Plugin-->>CMD: Certificate ready — PEM returned
else Certificate pending approval
Plugin-->>CMD: Pending — Command will pick it up\nduring the next synchronization
Plugin-->>CMD: Pending — Command will pick it up<br/>during the next synchronization
else Order rejected by CERTInext
Plugin-->>CMD: Enrollment failed — see gateway logs
end

Plugin->>Plugin: Record enrollment outcome in audit log\n(order number, serial number, status)
Plugin->>Plugin: Record enrollment outcome in audit log<br/>(order number, serial number, status)
```

### Renewal
Expand All @@ -496,15 +496,15 @@ When Command initiates a renewal, the plugin checks whether the existing certifi

```mermaid
flowchart TD
A([Renewal requested]) --> B{Prior certificate\nserial number\nprovided?}
A([Renewal requested]) --> B{"Prior certificate<br/>serial number<br/>provided?"}
B -- No --> C[Issue new certificate]
B -- Yes --> D[Look up prior order\nin Command database]
D --> E{Prior order\nfound?}
B -- Yes --> D["Look up prior order<br/>in Command database"]
D --> E{"Prior order<br/>found?"}
E -- No --> C
E -- Yes --> F[Check certificate\nexpiry date]
F --> G{Within renewal\nwindow?}
G -- Yes\nwithin window --> H[Submit new order\nlinked to prior record]
G -- No\noutside window --> C
E -- Yes --> F["Check certificate<br/>expiry date"]
F --> G{"Within renewal<br/>window?"}
G -- Yes, within window --> H["Submit new order<br/>linked to prior record"]
G -- No, outside window --> C
H --> I([Certificate issued or pending])
C --> I
```
Expand All @@ -521,8 +521,8 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API

CMD->>Plugin: Revoke certificate\n(order number, serial number, reason code)
Plugin->>Plugin: Record revocation intent in audit log\n(order number, serial, reason — before any API call)
CMD->>Plugin: Revoke certificate<br/>(order number, serial number, reason code)
Plugin->>Plugin: Record revocation intent in audit log<br/>(order number, serial, reason — before any API call)

Plugin->>API: Retrieve current certificate status
API-->>Plugin: Current status and details
Expand All @@ -534,17 +534,17 @@ sequenceDiagram
Plugin->>Plugin: Log error — cannot revoke
Plugin-->>CMD: Error — certificate is not revocable
else Certificate is issued and active
Plugin->>API: Submit revocation request\n(order number, reason, remarks)
Plugin->>API: Submit revocation request<br/>(order number, reason, remarks)
API-->>Plugin: Revocation confirmed

Plugin->>Plugin: Record revocation outcome in audit log\n(order number, serial, subject, reason)
Plugin->>Plugin: Record revocation outcome in audit log<br/>(order number, serial, subject, reason)
Plugin-->>CMD: Certificate revoked
end
```

**Idempotency:** If Command retries a revocation request (for example, after a timeout), the plugin detects that the certificate is already revoked and returns success without submitting a duplicate request to CERTInext.

**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails, satisfying SOX audit requirements.
**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails.

---

Expand All @@ -554,14 +554,14 @@ When an administrator saves or edits a CERTInext CA connector in the Keyfactor C

```mermaid
flowchart TD
A([Save connector configuration]) --> B{Connector\nmarked as disabled?}
B -- Yes --> C([Saved without validation\nConnector will not process requests])
B -- No --> D{Required fields\npresent and valid?\nAPI URL · Account Number · Credentials}
A([Save connector configuration]) --> B{"Connector<br/>marked as disabled?"}
B -- Yes --> C(["Saved without validation<br/>Connector will not process requests"])
B -- No --> D{"Required fields<br/>present and valid?<br/>API URL · Account Number · Credentials"}
D -- Missing or invalid --> E([Validation error shown to administrator])
D -- Valid --> F[Build temporary API client\nfrom supplied settings]
F --> G[Send test request\nto CERTInext]
G --> H{API accepted\nthe credentials?}
H -- No --> I([Connection test failed\nCheck credentials and API URL])
D -- Valid --> F["Build temporary API client<br/>from supplied settings"]
F --> G[Send test request to CERTInext]
G --> H{"API accepted<br/>the credentials?"}
H -- No --> I(["Connection test failed<br/>Check credentials and API URL"])
H -- Yes --> J([Connector saved and active])
```

Expand Down
60 changes: 30 additions & 30 deletions docsource/architecture.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,9 @@ sequenceDiagram
participant API as CERTInext API

GW->>Plugin: Load CA connector configuration
Plugin->>Plugin: Validate required fields\n(API URL, account number, credentials)
Plugin->>Plugin: Initialize API client\nwith configured auth mode
Plugin->>Plugin: Record which credential fields are populated\n(values are never logged)
Plugin->>Plugin: Validate required fields<br/>(API URL, account number, credentials)
Plugin->>Plugin: Initialize API client<br/>with configured auth mode
Plugin->>Plugin: Record which credential fields are populated<br/>(values are never logged)
GW->>Plugin: Test connection
Plugin->>API: Verify credentials
API-->>Plugin: Credentials accepted
Expand All @@ -87,11 +87,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API

CMD->>Plugin: Start synchronization\n(full refresh or incremental since last sync)
Plugin->>Plugin: Determine date filter\n(none for full sync, last sync date for incremental)
CMD->>Plugin: Start synchronization<br/>(full refresh or incremental since last sync)
Plugin->>Plugin: Determine date filter<br/>(none for full sync, last sync date for incremental)

loop Retrieve one page at a time
Plugin->>API: Request next page of orders\n(filtered by date if incremental)
Plugin->>API: Request next page of orders<br/>(filtered by date if incremental)
API-->>Plugin: Page of order records

loop For each order on the page
Expand Down Expand Up @@ -127,11 +127,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API

CMD->>Plugin: Request new certificate\n(CSR, subject, SANs, product code, requester details)
CMD->>Plugin: Request new certificate<br/>(CSR, subject, SANs, product code, requester details)
Plugin->>Plugin: Validate product code is present
Plugin->>Plugin: Record enrollment intent in audit log\n(subject, SANs, product, requester — before any API call)
Plugin->>Plugin: Record enrollment intent in audit log<br/>(subject, SANs, product, requester — before any API call)

Plugin->>API: Place certificate order\n(CSR, domain, organization details,\nsubscriber agreement, requestor info)
Plugin->>API: Place certificate order<br/>(CSR, domain, organization details,<br/>subscriber agreement, requestor info)
API-->>Plugin: Order accepted — order number assigned

Plugin->>API: Check order status
Expand All @@ -140,12 +140,12 @@ sequenceDiagram
alt Certificate issued immediately
Plugin-->>CMD: Certificate ready — PEM returned
else Certificate pending approval
Plugin-->>CMD: Pending — Command will pick it up\nduring the next synchronization
Plugin-->>CMD: Pending — Command will pick it up<br/>during the next synchronization
else Order rejected by CERTInext
Plugin-->>CMD: Enrollment failed — see gateway logs
end

Plugin->>Plugin: Record enrollment outcome in audit log\n(order number, serial number, status)
Plugin->>Plugin: Record enrollment outcome in audit log<br/>(order number, serial number, status)
```

### Renewal
Expand All @@ -156,15 +156,15 @@ When Command initiates a renewal, the plugin checks whether the existing certifi

```mermaid
flowchart TD
A([Renewal requested]) --> B{Prior certificate\nserial number\nprovided?}
A([Renewal requested]) --> B{"Prior certificate<br/>serial number<br/>provided?"}
B -- No --> C[Issue new certificate]
B -- Yes --> D[Look up prior order\nin Command database]
D --> E{Prior order\nfound?}
B -- Yes --> D["Look up prior order<br/>in Command database"]
D --> E{"Prior order<br/>found?"}
E -- No --> C
E -- Yes --> F[Check certificate\nexpiry date]
F --> G{Within renewal\nwindow?}
G -- Yes\nwithin window --> H[Submit new order\nlinked to prior record]
G -- No\noutside window --> C
E -- Yes --> F["Check certificate<br/>expiry date"]
F --> G{"Within renewal<br/>window?"}
G -- Yes, within window --> H["Submit new order<br/>linked to prior record"]
G -- No, outside window --> C
H --> I([Certificate issued or pending])
C --> I
```
Expand All @@ -181,8 +181,8 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API

CMD->>Plugin: Revoke certificate\n(order number, serial number, reason code)
Plugin->>Plugin: Record revocation intent in audit log\n(order number, serial, reason — before any API call)
CMD->>Plugin: Revoke certificate<br/>(order number, serial number, reason code)
Plugin->>Plugin: Record revocation intent in audit log<br/>(order number, serial, reason — before any API call)

Plugin->>API: Retrieve current certificate status
API-->>Plugin: Current status and details
Expand All @@ -194,17 +194,17 @@ sequenceDiagram
Plugin->>Plugin: Log error — cannot revoke
Plugin-->>CMD: Error — certificate is not revocable
else Certificate is issued and active
Plugin->>API: Submit revocation request\n(order number, reason, remarks)
Plugin->>API: Submit revocation request<br/>(order number, reason, remarks)
API-->>Plugin: Revocation confirmed

Plugin->>Plugin: Record revocation outcome in audit log\n(order number, serial, subject, reason)
Plugin->>Plugin: Record revocation outcome in audit log<br/>(order number, serial, subject, reason)
Plugin-->>CMD: Certificate revoked
end
```

**Idempotency:** If Command retries a revocation request (for example, after a timeout), the plugin detects that the certificate is already revoked and returns success without submitting a duplicate request to CERTInext.

**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails, satisfying SOX audit requirements.
**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails.

---

Expand All @@ -214,14 +214,14 @@ When an administrator saves or edits a CERTInext CA connector in the Keyfactor C

```mermaid
flowchart TD
A([Save connector configuration]) --> B{Connector\nmarked as disabled?}
B -- Yes --> C([Saved without validation\nConnector will not process requests])
B -- No --> D{Required fields\npresent and valid?\nAPI URL · Account Number · Credentials}
A([Save connector configuration]) --> B{"Connector<br/>marked as disabled?"}
B -- Yes --> C(["Saved without validation<br/>Connector will not process requests"])
B -- No --> D{"Required fields<br/>present and valid?<br/>API URL · Account Number · Credentials"}
D -- Missing or invalid --> E([Validation error shown to administrator])
D -- Valid --> F[Build temporary API client\nfrom supplied settings]
F --> G[Send test request\nto CERTInext]
G --> H{API accepted\nthe credentials?}
H -- No --> I([Connection test failed\nCheck credentials and API URL])
D -- Valid --> F["Build temporary API client<br/>from supplied settings"]
F --> G[Send test request to CERTInext]
G --> H{"API accepted<br/>the credentials?"}
H -- No --> I(["Connection test failed<br/>Check credentials and API URL"])
H -- Yes --> J([Connector saved and active])
```

Expand Down
Loading