./security/vault, Tool for managing secrets

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.11.2nb6, Package name: vault-0.11.2nb6, Maintainer: fhajny

Vault is a tool for securely accessing secrets. A secret is
anything that you want to tightly control access to, such as API
keys, passwords, certificates, and more. Vault provides a unified
interface to any secret, while providing tight access control and
recording a detailed audit log.


Required to build:
[pkgtools/cwrappers] [lang/go112]

Master sites:

SHA1: edf3693416121ed75244afab37db1bad491733b1
RMD160: 27c7f6a5a8148c993c746b4be7198caa6b37a4f0
Filesize: 24223.117 KB

Version history: (Expand)


CVS history: (Expand)


   2019-04-16 20:41:21 by Benny Siegert | Files touched by this commit (143) | Package updated
Log message:
Revbump all Go packages after go112 update
   2019-03-16 09:35:51 by Benny Siegert | Files touched by this commit (143) | Package updated
Log message:
Revbump all Go packages after Go 1.12.1 update.
   2019-03-09 11:05:15 by Benny Siegert | Files touched by this commit (143)
Log message:
all: revbump Go packages, now that they use go112 to build
   2019-01-24 11:00:46 by Benny Siegert | Files touched by this commit (144) | Package updated
Log message:
Revbump Go packages after lang/go111 update.
   2018-12-19 16:47:12 by Benny Siegert | Files touched by this commit (141) | Package updated
Log message:
Revbump all Go packages after go111 update.
   2018-12-15 22:12:25 by Thomas Klausner | Files touched by this commit (67) | Package updated
Log message:
*: update email for fhajny
   2018-11-04 19:38:09 by Benny Siegert | Files touched by this commit (122) | Package updated
Log message:
Revbump all Go packages after go111 update.
   2018-10-07 22:19:38 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
## 0.11.2 (October 2nd, 2018)

CHANGES:

- `sys/seal-status` now includes an `initialized` boolean in the
  output. If Vault is not initialized, it will return a `200` with
  this value set `false` instead of a `400`.
- `passthrough_request_headers` will now deny certain headers from
  being provided to backends based on a global denylist.

FEATURES:

- AWS Secret Engine Root Credential Rotation: The credential used by
  the AWS secret engine can now be rotated, to ensure that only Vault
  knows the credentials it is using.
- Storage Backend Migrator: A new `operator migrate` command allows
  offline migration of data between two storage backends.
- AliCloud KMS Auto Unseal and Seal Wrap Support (Enterprise):
  AliCloud KMS can now be used a support seal for  Auto Unseal and
  Seal Wrapping.

BUG FIXES:

- auth/okta: Fix reading deprecated `token` parameter if a token was
  previously set in the configuration
- core: Re-add deprecated capabilities information for now
- core: Fix handling of cyclic token relationships
- storage/mysql: Fix locking on MariaDB
- replication: Fix DR API when using a token
- identity: Ensure old group alias is removed when a new one is
  written
- storage/alicloud: Don't call uname on package init
- secrets/jwt: Fix issue where request context would be canceled too
  early
- ui: fix need to have update for aws iam creds generation
- ui: fix calculation of token expiry

IMPROVEMENTS:

- auth/aws: The identity alias name can now configured to be either
  IAM unique ID of the IAM Principal, or ARN of the caller identity
- auth/cert: Add allowed_organizational_units support
- cli: Format TTLs for non-secret responses
- identity: Support operating on entities and groups by their names
- plugins: Add `env` parameter when registering plugins to the catalog
  to allow operators to include environment variables during plugin
  execution.
- secrets/aws: WAL Rollback improvements
- secrets/aws: Allow specifying STS role-default TTLs
- secrets/pki: Add configuration support for setting NotBefore
- core: Support for passing the Vault token via an Authorization
  Bearer header
- replication: Reindex process now runs in the background and does not
  block other vault operations
- storage/zookeeper: Enable TLS based communication with Zookeeper
- ui: you can now init a cluster with a seal config
- ui: added the option to force promote replication clusters
- replication: Allow promotion of a secondary when data is syncing
  with a "force" flag