About automating PowerShell script updates following service URL and configuration changes

Beginning with Trust Protection Platform version 20.1, you can configure your Adaptable CACertificate Import jobs with two new settings: Service Address and Profile String. The primary benefit of these settings is for third-party Venafi partners as they enable partner's PowerShell scripts to be used as-is without customers having to customize them. So unless you're developing and testing a PowerShell script, you'll not likely need to ever use these settings.

However, a secondary benefit is that in the event that service URL or configuration changes are made, the values you specify for these settings are passed to every PowerShell function in your scripts automatically, preventing service interruptions and avoiding the need to update or re-validate your PowerShell scripts.

What happens to my services if changes are made?

So what happens when changes are made to service URLs (and/or associated configurations) that are referenced by your Adaptable PowerShell scripts? What if your provider makes those changes without your knowledge?

In those cases, you'd have to update every script on all Trust Protection Platform servers where those scripts exist. In addition, you'd have to re-validate each script. This requirement is actually an important Venafi security feature designed to prevent unauthorized changes (see Protecting against unapproved changes to Adaptable CA scripts).

However, if you configure these settings in your Adaptable CA Certificate Import job, then in the event that changes do occur, those values are passed to every PowerShell function in your scripts automatically, preventing service interruptions and avoiding the need to update or re-validate your PowerShell scripts.

For information about configuring these settings, see Importing certificates using the Adaptable CA driver.