v0.8.0

Release highlights

In this release we promote several key project components to stable, and remove the beta label from the project! 🎉

Secretless Broker v0.8.0 is ready for you to use in your production Kubernetes or OpenShift environments when used with a MySQL or PostgreSQL database as the target service, and with CyberArk Dynamic Access Provider as the credential provider. 💥

We've also added support for a new and improved v2 configuration (design doc) that makes it simpler than ever to set up your Secretless Broker instance. In addition, our performance testing tool that we used to validate the stability and performance under load of Secretless is available in bin/juxtaposer - though in a future release we may move it into a separate project.

Change log

Added

• Added a performance testing tool to bin/juxtaposer
• Added a v2 configuration syntax that is simpler and easier to use

Fixed

• Updated the Conjur Kubernetes authenticator client to 0.13.0 to fix a bug
  that caused the token refresh to fail after the cert expired

Changed

• Revised "k8s-demo"
• Upgraded to Golang v1.12.5 from v1.11.4
• Updated conjur-authn-k8s-client dependency to v0.13.0
• Updated conjur-api-go dependency to v0.5.2
• Removed third-party module for evaluating home directory path
• Updated goreleaser config to address deprecated archive tag
• Revised PR template to remove unneeded manual tests

v0.7.1

Added

• Added several issue templates
• Added improved tutorial flow to webpage

Changed

• Noted alpha support for HCV provider in README
• Improved CRD testing
• Updated base image used for GitLab CI
• Updated contributor info for documentation
• Updated to use universal psql command throughout repo`

Fixed

• Corrected tutorial issues with code snippets and spacing

v0.7.0

Added

• Add ability to verify plugin checksums
• Add kubernetes secrets provider to README.md
• Note styling in Kubernetes tutorial
• Add link to /tutorials in the top nav
• Add daily build trigger
• Add redirect link capabilities
• Add version to README.md
• Add a README for the shared library
• C shared library exposing secret providers (POC)
• Add custom 404 page

Changed

• Update Kubernetes Tutorial for Simplicity and Clarity
• Simplify fast k8s tutorial
• Update CTA links
• Refactor mysql/NativePassword to take bytes
• Clean up Go memory of secrets
• Refactor MySQL handler for readability and consistency
• Updating website build to gen godocs in go img

Fixed

• Fix kubernetes secrets example in README
• Fix kubernetes-secrets-provider hash
• Remove target=blank from footer links
• Fix broken website publishing
• Fix all non-TODO CodeClimate issues
• Fix ssh hadler test naming
• Make ssh-handler integration test pull images before build
• Remove references to doc layout and update links
• Remove hashicorp root cert to fix broken build
• Fix the vault test that broke due to vault CLI updates
• Re-enable ssh-handler tests

v0.6.4

Added

• Added a design proposal for credential zeroization
• Improved dev functionality in handler integration tests

Changed

• Removed checksum hacks for client-go from Dockerfiles, since this is fixed
  in Go 1.11.4
• Improved and refactored database integration test suite

Fixed

• Updated MySQL handler to handle authPluginName mismatch and to have consistent
  sequenceIds

v0.6.3

Added

• Database handlers support private-key pair as sslkey and sslcert

Changed

• Permissions have been fixed for OpenShift non-root integration and use

v0.6.2

Added

• Added Kubernetes authenticator documentation for Conjur credential provider

Changed

• Sanitized remaining listeners/handlers from dumping data on the CLI when debug mode is on
• Removed developer-only debug mode from demos and examples

v0.6.1

Changed

• Updated conjur-api-go dependency

Added

• Added /ready and /live endpoints on port 5335 for checking if the broker is ready/live

v0.6.0

Added

• SSL support for MySQL and PostgreSQL handlers
• Improved test utilities
• Added flag for CPU or memory profiling

Changed

• Updated demos to support databases configured with SSL
• Allow ./bin/test_integration to specify individual test_folders + local flag
• Updated goreleaser process to use new image

v0.5.2

Fixed

• Updated Kubernetes secrets provider to retrieve secrets from current namespace
• Fixed broken GitLab build referencing non-existent image
• Fixed broken keychain provider tests, and made easier to run manually

v0.5.1

Added

• Tests for Kubernetes Secrets provider
• Initial benchmark data is compiled during build
• Project now builds in GitLab
• Goreleaser support for deb/rpm packages
• Initial implementation of AWS Secrets provider

Changed

• Removed bash4 dependency
• Documentation updates
• Updated Jekyll dependency to use version 3.8.4

Removed

• Moved the sidecar injector functionality to its [own repo](https://github.com/cyberark/sidecar-injector