From 6b0ec80afa25d2d448300ff2d178d7cc053e511d Mon Sep 17 00:00:00 2001
From: Vault Automation <github-team-secure-vault-core@hashicorp.com>
Date: Tue, 12 May 2026 15:23:39 -0600
Subject: [PATCH] Remove invalid value from the supported list of ACME
 algorithms (#14737) (#14749) (#14756)

* Remove Ed25519 from the allowed ACME account key types

* Add changelog entry

Co-authored-by: Luciano Arroyo <95649169+DeLuci@users.noreply.github.com>
---
 builtin/logical/pki/acme_jws.go | 19 +++++++++----------
 changelog/_14737.txt            |  3 +++
 2 files changed, 12 insertions(+), 10 deletions(-)
 create mode 100644 changelog/_14737.txt

diff --git a/builtin/logical/pki/acme_jws.go b/builtin/logical/pki/acme_jws.go
index d7207b7fcc..bbf7e99200 100644
--- a/builtin/logical/pki/acme_jws.go
+++ b/builtin/logical/pki/acme_jws.go
@@ -15,16 +15,15 @@ import (
 )
 
 var AllowedOuterJWSTypes = map[string]interface{}{
-	"RS256":  true,
-	"RS384":  true,
-	"RS512":  true,
-	"PS256":  true,
-	"PS384":  true,
-	"PS512":  true,
-	"ES256":  true,
-	"ES384":  true,
-	"ES512":  true,
-	"EdDSA2": true,
+	"RS256": true,
+	"RS384": true,
+	"RS512": true,
+	"PS256": true,
+	"PS384": true,
+	"PS512": true,
+	"ES256": true,
+	"ES384": true,
+	"ES512": true,
 }
 
 var AllowedEabJWSTypes = map[string]interface{}{
diff --git a/changelog/_14737.txt b/changelog/_14737.txt
new file mode 100644
index 0000000000..937032c23a
--- /dev/null
+++ b/changelog/_14737.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: Remove invalid value from the supported list of ACME algorithms.
+```
\ No newline at end of file