v1.3.0

Change log

Added

• Added trivy security scan to project pipeline (#986)
• Added unit tests to ConfigEnv, profile and signal packages
• Added alpha MSSQL connector (#964)
• Added template skeleton for connector plugins (#967)

Changed

• Extract config validation from ProxyServices and add unit tests
• Improved available_plugins unit tests
• Updated juxtaposer configs for perf tests (#969)

Fixed

• Ensure MySQL uses appropriate default sslmode value (#928)
• Improved pg error propagation (#974)

v1.2.0

In this release we made some big changes to the Secretless internals to enable simple contributions of new connectors. For more information on the Secretless Plugin SDK, please see our internal plugin notes.

In addition, please see the release assets or our homebrew tap for new Linux and OSX binaries included in the release! 🍾

Change log

Added

• Added a new public plugin interface for building connector plugins
• Added a new public log interface for standardizing logging
• Added code coverage reporting to unit test output
• Added ability to run k8s-demo test on GKE

Changed

• Refactored existing connectors to use new public connector plugin interface
• Changed the core proxy and plugin manager to support the new public connector
  plugin interface
• Edited website Google Group links to link to Discourse
• Updated the example plugin to implement the new plugin interface
• Minor format changes to Apache 2.0 license
• Project structure reorganized
• Internal code updated to use v2 config instead of v1 config
• Goreleaser build updated to cross-compile linux and darwin
• Updated Conjur tests to use official CLI image

Fixed

• Improve namespace cleanup in k8s-ci/test
• Add COMPOSE_PROJECT_NAME to tests to fix namespace collision errors
• Updated k8s-demo to use LoadBalancer on Services to avoid NodePort conflicts
• Clarified quick demo directions
• Improved error-handling / retry logic in k8s-ci

Deprecated

• Protocol key in v2 config is replaced with connector key

v1.1.0

Change log

Added

• Added version output to logs on startup
• Added NOTICES.txt to the project
• Added dependency tracking tools and info
• Added ability to configure PG connector with host/port combination
• Added gitleaks config to enable running gitleaks pre-push

Changed

• Minor edits to website quick start instructions
• Updated versioning method for the project to use version.go
• Parallelized integration tests
• Upgraded summon module dependency to 0.7.0
• Cleaned up go.mod and go.sum with go mod tidy
• Only pin to vault/api submodule rather than larger vault module
• MySQL port defaults to 3306 if not specified
• Updated health check test to wait longer for server to come up to prevent
  test failures
• Revised README for simplicity and to describe available releases

Removed

• Removed custom script to check style in favor of code climate
• Removed old benchmark proof of concepts
• Removed GitLab pipeline
• Removed ability to pass dbname in the address field of the PostgreSQL
  config - the PostgreSQL address config now only accepts host:[port]

Fixed

• Resolved shellcheck errors
• Standardized spacing in testutil package
• Fixed changelog prefill script

Deprecated

• Deprecated support for PG connector configurations with address field in favor of host and port

v1.0.0

We're proud to bring you the 1.0.0 release of Secretless Broker! 🎉

Change log

Added

• Added aggregation script to performance test code

Changed

• Revised "service authenticator" to "service connector" and updated docs/links
• Moved plugin interfaces to internal pending redesign
• Updated project so internal dev tags push to internal registry instead of
  DockerHub
• Removed beta label from project and updated README
• Updated configuration samples in demos to use v2 config

Fixed

• Fixed go lint errors
• Fixed broken homepage link
• Fixed bug with MySQL connector (#766) that returned "Malformed packet" for all
  errors

Removed

• Removed deprecated full-demo

v0.8.0

Release highlights

In this release we promote several key project components to stable, and remove the beta label from the project! 🎉

Secretless Broker v0.8.0 is ready for you to use in your production Kubernetes or OpenShift environments when used with a MySQL or PostgreSQL database as the target service, and with CyberArk Dynamic Access Provider as the credential provider. 💥

We've also added support for a new and improved v2 configuration (design doc) that makes it simpler than ever to set up your Secretless Broker instance. In addition, our performance testing tool that we used to validate the stability and performance under load of Secretless is available in bin/juxtaposer - though in a future release we may move it into a separate project.

Change log

Added

• Added a performance testing tool to bin/juxtaposer
• Added a v2 configuration syntax that is simpler and easier to use

Fixed

• Updated the Conjur Kubernetes authenticator client to 0.13.0 to fix a bug
  that caused the token refresh to fail after the cert expired

Changed

• Revised "k8s-demo"
• Upgraded to Golang v1.12.5 from v1.11.4
• Updated conjur-authn-k8s-client dependency to v0.13.0
• Updated conjur-api-go dependency to v0.5.2
• Removed third-party module for evaluating home directory path
• Updated goreleaser config to address deprecated archive tag
• Revised PR template to remove unneeded manual tests

v0.7.1

Added

• Added several issue templates
• Added improved tutorial flow to webpage

Changed

• Noted alpha support for HCV provider in README
• Improved CRD testing
• Updated base image used for GitLab CI
• Updated contributor info for documentation
• Updated to use universal psql command throughout repo`

Fixed

• Corrected tutorial issues with code snippets and spacing

v0.7.0

Added

• Add ability to verify plugin checksums
• Add kubernetes secrets provider to README.md
• Note styling in Kubernetes tutorial
• Add link to /tutorials in the top nav
• Add daily build trigger
• Add redirect link capabilities
• Add version to README.md
• Add a README for the shared library
• C shared library exposing secret providers (POC)
• Add custom 404 page

Changed

• Update Kubernetes Tutorial for Simplicity and Clarity
• Simplify fast k8s tutorial
• Update CTA links
• Refactor mysql/NativePassword to take bytes
• Clean up Go memory of secrets
• Refactor MySQL handler for readability and consistency
• Updating website build to gen godocs in go img

Fixed

• Fix kubernetes secrets example in README
• Fix kubernetes-secrets-provider hash
• Remove target=blank from footer links
• Fix broken website publishing
• Fix all non-TODO CodeClimate issues
• Fix ssh hadler test naming
• Make ssh-handler integration test pull images before build
• Remove references to doc layout and update links
• Remove hashicorp root cert to fix broken build
• Fix the vault test that broke due to vault CLI updates
• Re-enable ssh-handler tests

v0.6.4

Added

• Added a design proposal for credential zeroization
• Improved dev functionality in handler integration tests

Changed

• Removed checksum hacks for client-go from Dockerfiles, since this is fixed
  in Go 1.11.4
• Improved and refactored database integration test suite

Fixed

• Updated MySQL handler to handle authPluginName mismatch and to have consistent
  sequenceIds

v0.6.3

Added

• Database handlers support private-key pair as sslkey and sslcert

Changed

• Permissions have been fixed for OpenShift non-root integration and use

v0.6.2

Added

• Added Kubernetes authenticator documentation for Conjur credential provider

Changed

• Sanitized remaining listeners/handlers from dumping data on the CLI when debug mode is on
• Removed developer-only debug mode from demos and examples