Update generated docs

Keyfactor · Keyfactor · commit 6f12821001bb · 2025-05-08T15:37:05.000Z
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@
     <b>Related Integrations</b>
   </a>
 </p>
- 
+
 ## Overview
 
 The WinCertStore Orchestrator remotely manages certificates in a Windows Server local machine certificate store.  Users are able to determine which store they wish to place certificates in by entering the correct store path.  For a complete list of local machine cert stores you can execute the PowerShell command:
@@ -154,13 +154,22 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 <details><summary>Windows Certificate (WinCert)</summary>
 
 
-* **Create WinCert using kfutil**:
+### Using kfutil:
+
+#### Using online definition from GitHub:
+This will reach out to GitHub and pull the latest store-type definition
+```shell
+# Windows Certificate
+kfutil store-types create WinCert
+```
 
-    ```shell
-    # Windows Certificate
-    kfutil store-types create WinCert
-    ```
+#### Offline creation using integration-manifest file:
+If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo.
+```shell
+kfutil store-types create --from-file integration-manifest.json
+```
 
+### Manually
 * **Create WinCert manually in the Command UI**:
     <details><summary>Create WinCert manually in the Command UI</summary>
 
@@ -231,19 +240,28 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 
 
 
-    </details>
+
 </details>
 
 <details><summary>IIS Bound Certificate (IISU)</summary>
 
 
-* **Create IISU using kfutil**:
+### Using kfutil:
 
-    ```shell
-    # IIS Bound Certificate
-    kfutil store-types create IISU
-    ```
+#### Using online definition from GitHub:
+This will reach out to GitHub and pull the latest store-type definition
+```shell
+# IIS Bound Certificate
+kfutil store-types create IISU
+```
 
+#### Offline creation using integration-manifest file:
+If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo.
+```shell
+kfutil store-types create --from-file integration-manifest.json
+```
+
+### Manually
 * **Create IISU manually in the Command UI**:
     <details><summary>Create IISU manually in the Command UI</summary>
 
@@ -320,19 +338,28 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 
 
 
-    </details>
+
 </details>
 
 <details><summary>WinSql (WinSql)</summary>
 
 
-* **Create WinSql using kfutil**:
+### Using kfutil:
+
+#### Using online definition from GitHub:
+This will reach out to GitHub and pull the latest store-type definition
+```shell
+# WinSql
+kfutil store-types create WinSql
+```
 
-    ```shell
-    # WinSql
-    kfutil store-types create WinSql
-    ```
+#### Offline creation using integration-manifest file:
+If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo.
+```shell
+kfutil store-types create --from-file integration-manifest.json
+```
 
+### Manually
 * **Create WinSql manually in the Command UI**:
     <details><summary>Create WinSql manually in the Command UI</summary>
 
@@ -405,7 +432,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 
 
 
-    </details>
+
 </details>
 
 
@@ -414,6 +441,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 1. **Download the latest Windows Certificate Universal Orchestrator extension from GitHub.** 
 
     Navigate to the [Windows Certificate Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/iis-orchestrator/releases/latest). Refer to the compatibility matrix below to determine whether the `net6.0` or `net8.0` asset should be downloaded. Then, click the corresponding asset to download the zip archive.
+
     | Universal Orchestrator Version | Latest .NET version installed on the Universal Orchestrator server | `rollForward` condition in `Orchestrator.runtimeconfig.json` | `iis-orchestrator` .NET version to download |
     | --------- | ----------- | ----------- | ----------- |
     | Older than `11.0.0` | | | `net6.0` |
@@ -443,8 +471,14 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     Refer to [Starting/Restarting the Universal Orchestrator service](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/StarttheService.htm).
 
 
+6. **(optional) PAM Integration** 
+
+    The Windows Certificate Universal Orchestrator extension is compatible with all supported Keyfactor PAM extensions to resolve PAM-eligible secrets. PAM extensions running on Universal Orchestrators enable secure retrieval of secrets from a connected PAM provider.
+
+    To configure a PAM provider, [reference the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) to select an extension, and follow the associated instructions to install it on the Universal Orchestrator (remote).
 
-> The above installation steps can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions).
+
+> The above installation steps can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions).
 
 
 
@@ -455,6 +489,8 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 <details><summary>Windows Certificate (WinCert)</summary>
 
 
+### Store Creation
+
 * **Manually with the Command UI**
 
     <details><summary>Create Certificate Stores manually in the UI</summary>
@@ -466,6 +502,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     2. **Add a Certificate Store.**
 
         Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
+
         | Attribute | Description |
         | --------- | ----------- |
         | Category | Select "Windows Certificate" or the customized certificate store name from the previous step. |
@@ -479,12 +516,9 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
         | ServerUsername | Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\username'. |
         | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
         | ServerUseSsl | Determine whether the server uses SSL or not (This field is automatically created) |
-
-
-        
-
     </details>
 
+
 * **Using kfutil**
     
     <details><summary>Create Certificate Stores with kfutil</summary>
@@ -497,6 +531,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     2. **Populate the generated CSV file**
 
         Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
+
         | Attribute | Description |
         | --------- | ----------- |
         | Category | Select "Windows Certificate" or the customized certificate store name from the previous step. |
@@ -510,25 +545,38 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
         | ServerUsername | Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\username'. |
         | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
         | ServerUseSsl | Determine whether the server uses SSL or not (This field is automatically created) |
-
-
-        
-
-    3. **Import the CSV file to create the certificate stores** 
+    3. **Import the CSV file to create the certificate stores**
 
         ```shell
         kfutil stores import csv --store-type-name WinCert --file WinCert.csv
         ```
+
+* **PAM Provider Eligible Fields**
+    <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+    If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+
+    | Attribute | Description |
+    | --------- | ----------- |
+    | ServerUsername | Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\username'. |
+    | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
+
+    Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
+
+    > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
     </details>
 
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
+
+> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
 
 
 </details>
 
 <details><summary>IIS Bound Certificate (IISU)</summary>
 
 
+### Store Creation
+
 * **Manually with the Command UI**
 
     <details><summary>Create Certificate Stores manually in the UI</summary>
@@ -540,6 +588,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     2. **Add a Certificate Store.**
 
         Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
+
         | Attribute | Description |
         | --------- | ----------- |
         | Category | Select "IIS Bound Certificate" or the customized certificate store name from the previous step. |
@@ -553,12 +602,9 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
         | ServerUsername | Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\username'. |
         | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
         | ServerUseSsl | Determine whether the server uses SSL or not (This field is automatically created) |
-
-
-        
-
     </details>
 
+
 * **Using kfutil**
     
     <details><summary>Create Certificate Stores with kfutil</summary>
@@ -571,6 +617,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     2. **Populate the generated CSV file**
 
         Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
+
         | Attribute | Description |
         | --------- | ----------- |
         | Category | Select "IIS Bound Certificate" or the customized certificate store name from the previous step. |
@@ -584,25 +631,38 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
         | ServerUsername | Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\username'. |
         | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
         | ServerUseSsl | Determine whether the server uses SSL or not (This field is automatically created) |
-
-
-        
-
-    3. **Import the CSV file to create the certificate stores** 
+    3. **Import the CSV file to create the certificate stores**
 
         ```shell
         kfutil stores import csv --store-type-name IISU --file IISU.csv
         ```
+
+* **PAM Provider Eligible Fields**
+    <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+    If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+
+    | Attribute | Description |
+    | --------- | ----------- |
+    | ServerUsername | Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\username'. |
+    | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
+
+    Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
+
+    > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
     </details>
 
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
+
+> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
 
 
 </details>
 
 <details><summary>WinSql (WinSql)</summary>
 
 
+### Store Creation
+
 * **Manually with the Command UI**
 
     <details><summary>Create Certificate Stores manually in the UI</summary>
@@ -614,6 +674,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     2. **Add a Certificate Store.**
 
         Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
+
         | Attribute | Description |
         | --------- | ----------- |
         | Category | Select "WinSql" or the customized certificate store name from the previous step. |
@@ -628,12 +689,9 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
         | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
         | ServerUseSsl | Determine whether the server uses SSL or not (This field is automatically created) |
         | RestartService | Boolean value (true or false) indicating whether to restart the SQL Server service after installing the certificate. Example: 'true' to enable service restart after installation. |
-
-
-        
-
     </details>
 
+
 * **Using kfutil**
     
     <details><summary>Create Certificate Stores with kfutil</summary>
@@ -646,6 +704,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     2. **Populate the generated CSV file**
 
         Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
+
         | Attribute | Description |
         | --------- | ----------- |
         | Category | Select "WinSql" or the customized certificate store name from the previous step. |
@@ -660,18 +719,29 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
         | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
         | ServerUseSsl | Determine whether the server uses SSL or not (This field is automatically created) |
         | RestartService | Boolean value (true or false) indicating whether to restart the SQL Server service after installing the certificate. Example: 'true' to enable service restart after installation. |
-
-
-        
-
-    3. **Import the CSV file to create the certificate stores** 
+    3. **Import the CSV file to create the certificate stores**
 
         ```shell
         kfutil stores import csv --store-type-name WinSql --file WinSql.csv
         ```
+
+* **PAM Provider Eligible Fields**
+    <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+    If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+
+    | Attribute | Description |
+    | --------- | ----------- |
+    | ServerUsername | Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\username'. |
+    | ServerPassword | Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'. |
+
+    Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
+
+    > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
     </details>
 
-> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
+
+> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
 
 
 </details>
