AWS cli documentation change
Summary
Added new parameter '--reuse-last-generated-token' to allow reusing existing export tokens and signing key certificates with at least 7 days of remaining validity instead of generating new ones each time
Security assessment
This change introduces a feature to reuse cryptographic tokens, which could have security implications if tokens are reused beyond their intended lifecycle. However, the documentation specifies a 7-day minimum validity requirement and appears to be a feature enhancement rather than addressing a specific vulnerability.
Diff
diff --git a/cli/latest/reference/payment-cryptography/get-parameters-for-export.md b/cli/latest/reference/payment-cryptography/get-parameters-for-export.md index 7ec5cf2b9..3c0f09c1e 100644 --- a//cli/latest/reference/payment-cryptography/get-parameters-for-export.md +++ b//cli/latest/reference/payment-cryptography/get-parameters-for-export.md @@ -15 +15 @@ - * [AWS CLI 2.34.23 Command Reference](../../index.html) » + * [AWS CLI 2.34.25 Command Reference](../../index.html) » @@ -63,0 +64,2 @@ The signing key certificate signs the wrapped key under export within the TR-34 +To return a previously generated export token and signing key certificate instead of generating new ones, set `ReuseLastGeneratedToken` to `true` . + @@ -80,0 +83 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/paymen + [--reuse-last-generated-token | --no-reuse-last-generated-token] @@ -143,0 +147,4 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/paymen +`--reuse-last-generated-token` | `--no-reuse-last-generated-token` (boolean) + +> Specifies whether to reuse the existing export token and signing key certificate. If set to `true` and a valid export token exists for the same key material type and signing key algorithm with at least 7 days of remaining validity, the existing token and signing key certificate are returned. Otherwise, a new export token and signing key certificate are generated. The default value is `false` , which generates a new export token and signing key certificate on every call. + @@ -390 +397 @@ ParametersValidUntilTimestamp -> (timestamp) - * [AWS CLI 2.34.23 Command Reference](../../index.html) » + * [AWS CLI 2.34.25 Command Reference](../../index.html) »