Releases: elastic/harp
Releases · elastic/harp
v0.2.4
cmd/harp/v0.2.4
cmd/harp/v0.2.4
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Changes
- Use Go 1.17.5 (std + goboring)
- Github actions automation for release process
v0.2.3
What's Changed
- feat(crypto): move pasetov4 to security sdk. by @Zenithar in #87
- feat(paseto): benchmarks and API changes. by @Zenithar in #88
- feat(seal): fips compliant container seal algorithm. by @Zenithar in #89
- fix(sec): GHSA on opencontainer/runc used in tests. by @Zenithar in #91
- feat(transformer): support JWS, PASETO signer and verifier. by @Zenithar in #90
Full Changelog: v0.2.2...v0.2.3
Contributors
Zenithar
Assets 2
cmd/harp/v0.2.3
cmd/harp/v0.2.3
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Modern NIST compliant seal
v0.2.2
What's Changed
- crypto: paseto v4 public implementation by @Zenithar in #83
- Additional regions for Azure and IBM by @fin09pcap in #84
- Test kv consul unit tests by @Zenithar in #85
Full Changelog: v0.2.1...v0.2.2
Contributors
Zenithar and fin09pcap
Assets 2
cmd/harp/v0.2.2
cmd/harp/v0.2.2
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
v0.2.1
What's Changed
- chore(go): update to 1.17.3. by @Zenithar in #76
- refactoring(test): autumn cleanup by @Zenithar in #77
- test(pkg/kv): integration tests by @Zenithar in #78
- chore(legal): update dependencies and regenerate notice. by @Zenithar in #79
- Feat crypto migrate to ed25519 identities by @Zenithar in #80
- feat(cmd): KV store publication commands. by @Zenithar in #81
- feat(value): paseto transformer. by @Zenithar in #82
Full Changelog: v0.2.0...v0.2.1
Contributors
Zenithar
Assets 2
cmd/harp/v0.2.1
cmd/harp/v0.2.1
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
2021-11-17
BREAKING-CHANGES:
- cmd/ruleset: Ruleset generation from a Bundle has been relocated to
to rulesetcommand. #77 - bundle/filter: parameter
--jmespathas been renamed to--query. #77 - bundle/dump: parameter
--jmespathas been renamed to--query. #77 - deprecation: package
github.com/elastic/harp/pkg/bundle/vfshas been removed. The Golang 1.16fs.FSimplementation must be used and located atgithub.com/elastic/harp/pkg/bundle/fs. #77 - container/identity: identities are using
ed25519key pairs vsx25519keys in previous versions. For conversion, you can still unseal a container using oldx25519key based identities, but you can't seal with them. To be future-proof, you have to regenerate new identities. #79 - sdk/transformer: Encryption transformers must be imported to be registered in the encryption transformer registry. #80
FEATURES:
- bundle/encryption: Partial bundle encryption based on annotations. #77
- task/bundle: Fully unit tested. #77
- core/kv: Support KV Store publication for Etcd3/Zookeeper/Consul. #77
- value/transformer: Transformer mock is available for testing. #77
- value/encryption: Expose
encryption.Must(value.Transformer, error)to build a transformer instance with a panic raised on error. #77 - sdk/cmdutil:
DiscardWriter()is aio.Writerprovider used to discard all output. #77 - sdk/cmdutil:
DirectWriter(io.Writer)is aio.Writerprovider used to delegate to input writer. #77 - sdk/cmdutil:
NewClosedWriter()is aio.Writerimplementation who always return onWrite()calls. #77 - pkg/kv: integration tests and behavior validation test suite. #78
- value/transformers: expose new JWE based encryption transformers #80
jwe:a128kw:<base64>to initialize a AES128 Key Wrapper with AES128 GCM Encryption transformerjwe:a192kw:<base64>to initialize a AES192 Key Wrapper with AES192 GCM Encryption transformerjwe:a256kw:<base64>to initialize a AES256 Key Wrapper with AES256 GCM Encryption transformerjwe:pbes2-hs256-a128kw:<ascii>to initialize a PBES2 key derivation function for AES128 key wrapping with AES128 GCM Encryption transformerjwe:pbes2-hs384-a192kw:<ascii>to initialize a PBES2 key derivation function for AES192 key wrapping with AES192 GCM Encryption transformerjwe:pbes2-hs512-a256kw:<ascii>to initialize a PBES2 key derivation function for AES256 key wrapping with AES256 GCM Encryption transformer
- sdk/transformer: Encryption transformer dynamic factory. #80
- Use
pkg/value/encryption.Register(prefix, factory)to register a transformer factory matching the given prefix.
- Use
- bundle/prefixer: parameter
--removeadded to support prefix removal operation. #81 - to/object: support
tomlformat as output. #81 - value/transformer: Support PASETO
v4.localtransformer. #82
CHANGES:
- container/identity: converge to
value.Transformerusage for identity protection. #81 - container/recover: converge to
value.Transformerusage for container key recovery from an identity. #81 - sdk/types:
IsNil()now recognize nil function pointer. #77 - sdk/dep: #79
- github.com/google/gops v0.3.22
- github.com/gosimple/slug v1.11.2
- github.com/hashicorp/consul/api v1.11.0
- github.com/hashicorp/vault/api v1.3.0
- github.com/zclconf/go-cty v1.10.0
- go.step.sm/crypto v0.13.0
- golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa
- golang.org/x/sys v0.0.0-20211113001501-0c823b97ae02
- google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd
- google.golang.org/grpc v1.42.0
DIST:
- go: Build with Golang 1.17.3.
- tools: Update
golangci-linttov1.43.0. #76 - docs: General review for typo / grammar.
v0.2.0
What's Changed
- feat(vault): support custom metadata. by @Zenithar in #68
- feat(vault): support read from legacy metadata format. by @Zenithar in #69
- feat(template) add json escaping functions. by @Zenithar in #70
- Chore brew fix formula generation by @Zenithar in #71
- Chore deps repository maintenance by @Zenithar in #72
- Feat crypto use smallstep library by @Zenithar in #73
- feat(bundle): bundle package path prefixer. by @Zenithar in #74
- feat(plugin): make kv plugin builtin. by @Zenithar in #75
Full Changelog: v0.1.24...v0.2.0
Contributors
Zenithar
Assets 2
cmd/harp/v0.2.0
cmd/harp/v0.2.0
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
0.2.0
2021-10-26
BREAKING-CHANGES:
- Metadata storage has been modified to support a JSON level complexity. All plugins must align their metadata management to the new format.
- Legacy metadata format is converted to new format on read.
DIST:
- go: Build with Golang 1.17.2.
- homebrew: Approriate harp version can be installed according to your platform architecture and OS #71
CHANGES:
- core/vault: Replace json encoded metadata in secret data by a JSON object. #68
- crypto/pem: Delegate PEM encoding/decoding to
go.step.sm/crypto#73
FEATURES:
- to/vault: Support Vault >1.9 custom metadata for bundle metadata publication. #68
- from/vault: Support Vault >1.9 custom metadata for bundle metadata retrieval. #68
- from/vault: Support legacy bundle metadata format. #69
- template/engine:
jsonEscape/jsonUnescapeis added to handle string escaping using JSON character escaping strategy #70 - template/engine:
unquoteis added to unquote aquoteescaped string. #70 - bundle/prefixer: Globally add a prefix to all secret package. #74
- plugin/kv: Promote harp-kv as builtin. #75