Releases: bitnami-labs/sealed-secrets
v0.9.0-rc.3
This is a release candidate, see RELEASE-NOTES.md for a preview.
Fixes #265
v0.9.0-rc.2
This is a release candidate, see RELEASE-NOTES.md for a preview.
v0.9.0-rc.1
This is a release candidate, see RELEASE-NOTES.md for a preview.
v0.8.3
Announcement
This release contains a fix for a possible secret leak that can happen when sealing existing secrets that have been retrieved from a cluster (e.g. with kubectl get) where they have been created with kubectl apply (as opposed to kubectl create).
This potential problem has been introduced v0.8.0 when kubeseal learned how to preserve annotations and labels.
Please check your existing sealed secret sources for any annotation kubectl.kubernetes.io/last-applied-configuration, because that annotation would contain your original secrets in clear.
This release strips this annotation (and a similar annotation created by the kubcfg tool)
Changelog
Fixes in this release:
- Round-tripping secrets can leak cleartext in last-applied-configuration (#227)
The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/6?closed=1
Install
Client side
Install client-side tool into /usr/local/bin/:
- Linux x86_64:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.3/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal- Macos: (might lag a few hours behind a new release)
brew install kubeseal- Other OS/arch: you might find binaries for your OS/arch combo attached to this release below.
Cluster side
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.3/controller.yamlNOTE: If you can't (or don't want) to use the kube-system namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
v0.8.2
Changelog
Fixes in this release:
- Endless loop in controller on invalid base64 encrypted data bug (#201)
- Fix RBAC for /v1/cert.pem public key in isolated namespaces, removes most use cases for offline sealing with
--cert(#208,#166) - Accept and seal stringData into secret (#221)
- Fix a couple of blockers for enabling (still experimental) key rotation (#185, #219, #218)
The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/5?closed=1
Install
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.2/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.2/controller.yamlNOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
v0.8.1
Changelog
Fixes in this release:
- Solve kubectl auth issues with clusters using
client.authentication.k8s.io/v1beta1config by upgrading to client-go v12.0.0 (#183) - Fix controller crash when writing logs due to read-only root FS (#200)
The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/4?closed=1
Install
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.1/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.1/controller.yamlNOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
v0.8.0
Changelog
The main improvements in this release are:
- support for annotations and labels (#92)
- support for secrets rotation opt-in (#137)
- fix bug with OwnerReferences handling (#127)
- EKS support; client-go version bump to release-7.0 (#110)
- Instructions to run on GKE when user is not cluster-admin (#111)
- Windows binary of kubeseal (#85)
- Internal codebase modernization (e.g. switch to Go modules)
The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/3?closed=1
Many thanks for all the folks who contributed to this release!
Install
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0/controller.yamlNOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
v0.8.0-rc.3
- Ensure mage pull policy is not Never (#194)
v0.8.0-rc.2
Update github deployment key
v0.8.0-rc.1
Intro
Sorry for the delay, we've been through a fun ride lately but we're back on track.
Thanks to all the people who have contributed and offered their help!
v0.8.0 is a long overdue release but I don't want to rush it.
I would like to ask the community to help us validate this release and I guess cutting a release candidate
will lower the barrier for the testers.
The main improvements in this release are:
- support for annotations and labels (#92)
- support for secrets rotation opt-in (#137)
- fix bug with OwnerReferences handling (#127)
- EKS support; client-go version bump to release-7.0 (#110)
- Instructions to run on GKE when user is not cluster-admin (#111)
- Internal codebase modernization (e.g. switch to Go modules)
The full changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/3?closed=1
Install
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0-rc.1/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0-rc.1/controller.yamlNOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.