Skip to content

Releases: 99designs/aws-vault

v6.6.0

08 Mar 11:20
@mtibben mtibben
v6.6.0
67d1aea
Compare
Choose a tag to compare
v6.6.0

Added

  • Windows arm64 build target 5e9f196
  • [login] allow sourcing STS credentials from environment #861
  • [exec] Add a dynamic role route to ECS server #878
  • Add golangci-lint and fix linting issues #879

Fixed

  • Update to keyring v1.2.1
    • pass backend: use PASSWORD_STORE_DIR if set
    • Fix tilde expansion
Assets 12
Loading

v6.5.0

05 Feb 23:14
@mtibben mtibben
v6.5.0
33b7337
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.5.0

Added

  • Add --stdout option to aws-vault exec #819
  • Add Linux kernel keyring (keyctl) backend implementation 99designs/keyring#91
  • Windows arm64 release build

Fixed

Assets 12
Loading

v6.4.0

18 Jan 04:00
@mtibben mtibben
v6.4.0
3a9eafb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.4.0

Fixed

  • Allow empty passwords in AWS_VAULT_FILE_PASSPHRASE #773
  • Fix ykman prompt for v4. #741 0fa49bd db08b16
  • Improve error messages when rotating 0c92ff7
  • Eagerly fetch credentials when the ECS server starts to prevent timeouts #804
  • Update MFA prompt message, fixes #799

Added

  • Add --force flag to aws-vault rm to remove a profile without a confirmation prompt #731
  • Make "file" backend directory configurable #814
  • Add an example Dockerfile 4de0ce9

Changed

  • Update AWS SDK to v2 #769
  • Security hardening #791 #792
  • Removed android release build #846
Assets 11
Loading

v6.3.1

30 Mar 11:20
@mtibben mtibben
v6.3.1
c99938c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.3.1

Fixed

  • missing keychain backend on darwin arm64 binaries #758 #760
Assets 12
Loading

v6.3.0

19 Mar 11:55
@mtibben mtibben
v6.3.0
33255ec
Compare
Choose a tag to compare
v6.3.0

Fixed

  • Add spanish language to error message checking #674
  • Building openbsd #737 c0dd7f8
  • yubikey helper script: wait time between code generations #728
  • yubikey helper script: compatibility with dash #728

Added

  • A helper script to resync a yubikey #728
  • The env var YKMAN_OATH_DEVICE_SERIAL can now be used to select a Yubikey #748
  • Support for Session Tags #685
  • darwin arm64 binaries for M1 #751
Assets 12
Loading

v6.2.0

25 Sep 12:37
@mtibben mtibben
v6.2.0
f25873e
Compare
Choose a tag to compare
v6.2.0

Fixed

  • AWS User ARN parsing in the Yubikey create script #660
  • broken file backend returned aes.KeyUnwrap(): integrity check failed #663

Added

  • Support for sts_regional_endpoints in the aws config file or via the AWS_STS_REGIONAL_ENDPOINTS env var #662
Assets 11
Loading

v6.1.0

14 Sep 03:48
@mtibben mtibben
v6.1.0
5a90da0
Compare
Choose a tag to compare
v6.1.0

Added

  • release binaries for ppc64le arm7 and android

Fixed

  • DNS resolution on android #647
Assets 11
Loading

v6.0.1

11 Sep 20:45
@mtibben mtibben
v6.0.1
1dfeb25
Compare
Choose a tag to compare
v6.0.1

Fixed

  • an issue where ISO-8601 datetime formats were not compatible with the Java SDK #657
  • formatting of a depreciation message #653
Assets 8
Loading

v6.0.0

02 Sep 23:29
@mtibben mtibben
v6.0.0
56986de
Compare
Choose a tag to compare
v6.0.0

See the full changelog

Added

  • Support for AWS SSO #549 docs
  • Support for Yubikey TOTP #558 docs
  • A shell script for adding a Yubikey to IAM #559
  • aws-vault exec --ecs-server starts an ECS credential server offering many advantages over the EC2 metadata server #556 #375 docs
  • Debug http logging for the server #330
  • Support for setting the secret service collection with --secret-service-collection #539
  • Support for assume roles using OpenID Connect tokens #587
  • A native windows prompt wincredui #613
  • A pass MFA provider that reads from pass otp #640
  • aws-vault proxy --stop will stop the ec2 server proxy and remove the network alias. Fixes #548, #360
  • A new command aws-vault clear [<profile>] to remove short-term session credentials and OIDC tokens #644 #591 #412
  • The environment variable AWS_MIN_TTL will enforce a minimum expiry time on credentials #646

Fixed

  • Ensure all error messages go to stderr #565
  • Using a key with a slash with the file backend 99designs/keyring#69
  • Login hang when using an unknown profile #575 #545
  • Shell completion issues #408, #576
  • Parse Windows netsh error messages in German #610
  • The aws-vault executable location should now be detected correctly in more instances. Fixes #596
  • Use the expiry window when retrieving credentials from the key store to enforce a minimum expiry time #608

Changed

  • Config variable parent_profile renamed to include_profile. The old parent_profile still works for backwards compatibility #520 #560 docs
  • Credentials created with AssumeRole and MFA are now cached #569 (Fixes #552, #532, #525)
  • Profile names are now case-sensitive #570 #528 7262236
  • The proxy command is now aws-vault proxy. This command is not user facing, but the old server subcommand still works just in case for backwards compatibility #627
  • When secret keys are added with aws-vault add, the secret is no longer echoed back into the terminal #625
  • The --sessions-only flag has been deprecated from the remove command in favour of aws-vault clear. The old flag still works for backwards compatibility
Assets 8
Loading

v5.4.4

07 May 05:11
@mtibben mtibben
v5.4.4
ae36903
Compare
Choose a tag to compare
v5.4.4

Security

  • Check the host header to mitigate a DNS rebinding attack #578
Assets 8
Loading