Releases: elastic/harp
Releases · elastic/harp
cmd/harp/v0.1.7
cmd/harp/v0.1.7
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Go 1.15.7
cmd/harp-server/v0.1.7
cmd/harp-server/v0.1.7
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Go 1.15.7
cmd/harp/v0.1.6
cmd/harp/v0.1.6
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Changes
- CSO
- Add
globalregion alias to support region unbounded secrets - Add
localprovider to infrastructure ring
- Add
cmd/harp-server/v0.1.6
cmd/harp-server/v0.1.6
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Changes
harp server vault- Support
--transformer keyName:keywherekeyis generated fromharp keygento expose a transformer as a Vault Transit encryption backend.
- Support
Samples
Expose transformers using Vault Transit backend API.
harp server vault \
--transformer fernet:$(harp keygen fernet) \
--transformer aes-256:$(harp keygen aes-256) \
--transformer secretbox:$(harp keygen secretbox)You can use vault cli to encrypt or decrypt a secret :
$ export VAULT_ADDR=http://127.0.0.1:8200
$ vault write transit/encrypt/<keyName> plaintext=$(base64 <<< "my secret data")
Key Value
--- -----
ciphertext vault:v1:66hL0lIX0lXHFD6sDsl07ztaDStDrJLL7mKGei3zlups6cllARcUec7P4kg4JaA23AEqkNNGqg==Then to decrypt :
$ export VAULT_ADDR=http://127.0.0.1:8200
$ vault write -format=json transit/decrypt/secretbox ciphertext=vault:v1:66hL0lIX0lXHFD6sDsl07ztaDStDrJLL7mKGei3zlups6cllARcUec7P4kg4JaA23AEqkNNGqg== \
| jq -r ".data.plaintext" \
| base64 -D
my secret dataThis does not pretend to replace a full-featured Vault cluster, just expose using Vault compatible API a limited set of features at the bootstrap time during a deployment usable with
Vault CLI, while Vault cluster is not deployed yet.
Once deployed, VAULT_ADDR just need to point to real Vault cluster at showtime.
cmd/harp/v0.1.5
cmd/harp/v0.1.5
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Changes
- Secret value is encoded using a compound ASN.1 sequence to allow future improvements;
- Vault support nested JSON value inserted via UI only, but not via CLI => Harp enforces simple secret key/value as 'string => string' to prevent nested secret tree where the user should dispatch secret across the secret tree. This produces an error on vault import, this error is now logged;
cmd/harp-server/v0.1.5
cmd/harp-server/v0.1.5
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Align to v0.1.5
cmd/harp/v0.1.4
cmd/harp/v0.1.4
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Golang 1.15.6
cmd/harp-server/v0.1.4
cmd/harp-server/v0.1.4
This tag was signed with the committer’s verified signature.
Zenithar
Thibault NORMAND
Golang 1.15.6
cmd/harp/v0.1.3
cmd/harp/v0.1.3
This tag was signed with the committer’s verified signature.
The key has expired.
Zenithar
Thibault NORMAND
7528eaf
This commit was signed with the committer’s verified signature.
The key has expired.
Zenithar
Thibault NORMAND
OSS
cmd/harp-server/v0.1.3
cmd/harp-server/v0.1.3
This tag was signed with the committer’s verified signature.
The key has expired.
Zenithar
Thibault NORMAND
7528eaf
This commit was signed with the committer’s verified signature.
The key has expired.
Zenithar
Thibault NORMAND