Skip to content

Latest commit

 

History

History
369 lines (199 loc) · 32.6 KB

CHANGELOG.md

File metadata and controls

369 lines (199 loc) · 32.6 KB
Raw

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.0.0 (2020-10-09)

⚠ BREAKING CHANGES

  • azure: Unwraps the value returned from Azure Key vault (migration: "property: value" -> remove property selector) (#460)

Features

  • aws: add region support to ssm and sm (#475) (0b35441)
  • aws: add support for setting an intermediate iam role (#454) (72920e4)
  • Cluster level default settings for Hashicorp Vault (#472) (5215090)

Bug Fixes

  • azure: Unwraps the value returned from Azure Key vault (migration: "property: value" -> remove property selector) (#460) (36d5bbb)
  • deps: update dependency @google-cloud/secret-manager to v3 (#345) (2bf42db)
  • helm: apply namespace to Deployment and Service (#471) (ba38e3a)
  • vault: Cache Vault clients/tokens on a per-role&mountpoint basis. (#488) (ab36718)
  • vault: handle token renewal failures (#497) (c3c27bc)
  • e2e tests to work with kind 0.9.0 + bump k8s version used (#498) (f815afd)
  • provide a meaningful error message when an SSM parameter is missing (#483) (99ce81e)

5.2.0 (2020-08-18)

Features

  • logging: add config to allow switching level format to human-readable log levels (#429) (4602ad0)
  • secretsManager: add support for versionId in AWS Secrets Manager (#436) (95827bc)
  • added the option to enforce namespace annotations (#448) (1517333)

Bug Fixes

  • config: extract LOG_MESSAGE_KEY properly (#456) (a50c219)
  • pino: messageKey option as root constructor property (#455) (22208b0)
  • reverts assumeRole to use pod role instead of web identity (#453) (fa747dc)
  • upgrade the Azure Identity SDK and Azure KeyVault secret SDK to support AKS pod identity for authorization (#447) (020c10b)
  • vault: token ttl conditional renew (#457) (a52987b)

5.1.0 (2020-07-27)

Features

  • added the option to enforce namespace annotations (#448) (1517333)

Bug Fixes

  • config: extract LOG_MESSAGE_KEY properly (#456) (a50c219)
  • pino: messageKey option as root constructor property (#455) (22208b0)

5.0.0 (2020-07-24)

Bug Fixes

  • upgrade the Azure Identity SDK and Azure KeyVault secret SDK to support AKS pod identity for authorization (#447) (020c10b)

Features

  • logging: add config to allow switching level format to human-readable log levels (#429) (4602ad0)
  • secretsManager: add support for versionId in AWS Secrets Manager (#436) (95827bc)

4.2.0 (2020-07-12)

Features

  • add support for using either Vault k/v 1 or k/v 2 (#426) (4193050)

4.1.0 (2020-07-09)

Features

  • add e2e test for naming conventions enforcement (#412) (bfb5ed2)
  • allow permitted-key-name to be provided as list (#409) (10e3991)
  • Vault namespace support (#403) (6bd9570)

Bug Fixes

  • vault: fix requestOptions for vault namespace support (#410) (e80d83d)
  • pass in the Web Identity token to assumeRoleWithWebIdentity (#417) (23d511f)
  • use assumeRoleWithWebIdentity when using IRSA (#416) (117b926)

4.0.0 (2020-06-02)

⚠ BREAKING CHANGES

  • Changes the values return type from GCP secret manager Previously secret value was wrapped in an object { "value": <secret> } while now <secret> will be returned directly so KES features can be properly used
  • GOOGLE_APPLICATION_CREDENTIALS: /app/gcp-creds/gcp-creds.json is no longer set by default as it causes conflicts with other configurations.

Features

  • add support for Alibaba Cloud KMS Secret Manager (#355) (cceb40b)
  • Chart optionally installs CRD / CR Manager configurable for more strict clusters (#344) (131e201)

Bug Fixes

  • don't set GOOGLE_APPLICATION_CREDENTIALS by default and update README for Google Secret Manager (#371) (e9db0f8)
  • Handle JSON in GCP Secrets Manager (#373) (4273598)
  • vault: follow all redirects to support vault HA (#394) (a05aa92)

3.3.0 (2020-05-01)

Features

  • add last_state metric (#357) (1d9d237)
  • enable use of AWS STS regional endpoints (#348) (9a46773)
  • improve out-of-the-box compatibility with clusters running locked down PodSecurityPolicy enabling runAsNonRoot by default (#361) (27ba7e1)
  • support isBinary for GCP (#353) (de20a1b), closes #352

Bug Fixes

  • deps: update dependency kubernetes-client to v9 (#367) (f06bd59)
  • deps: update dependency pino to v6 (#322) (3664540)
  • deps: update dependency prom-client to v12 (#323) (504ed6c)

3.2.0 (2020-03-27)

Features

Bug Fixes

  • stringify json object based secrets (#247) (828d0ce)
  • upgrade aws-sdk from 2.575.0 to 2.628.0 (#305) (149e33a)
  • upgrade pino from 5.13.6 to 5.16.0 (#306) (be74814)
  • verify dataFrom property in naming convention verification (#292) (f26bf2b)
  • azure-registry: handle binary files (#311) (9727d48)

3.1.0 (2020-02-06)

Features

  • add validation to CRD (#208) (d2ebaeb)
  • allow disabling of interval polling (#211) (9441216)
  • chart: support mounting existing secrets as files (#213) (ac9b9e2)
  • allow enforcing naming conventions for key names, limiting which keys can be fetched from backends (#230) (c4fdea6), closes #178 #178 #178
  • implement basic e2e tests (#207) (dfa210b)
  • release: use same version for app and chart release (#242) (2000864)
  • secrets-manager: Added support for secrets versioning in Secrets Manager using version stage labels (#181) (9d6c2f9)

Bug Fixes

  • add dataFrom support to vault backend (refactor kv-backend) (#206) (24421b9)
  • bump pino and sub dependency flatstr, fixes #218 (#219) (db3491b)
  • chart: remove one of the duplicate securityContext (#222) (2b54f34)
  • kv-backend: Add empty keyOptions for dataFrom case. (#221) (8e838ee)
  • script: remove external-secrets.yml patching from release.sh (#216) (9d871cd)
  • default service account annotation value (#252) (b163a69)
  • do not skew binary data (#244) (01e0ca2)
  • remove required top level key from vault backend validation (#255) (e567117)
  • status update conflicts should not cause crash, fixes #199 (#215) (e6171c8)
  • Stringify JSON response for compatibility with KV backend (#214) (5527530)

3.0.0 (2020-01-09)

Bug Fixes

  • default service account annotation value (#252) (b163a69)
  • remove required top level key from vault backend validation (#255) (e567117)

Features

  • allow enforcing naming conventions for key names, limiting which keys can be fetched from backends (#230) (c4fdea6), closes #178 #178 #178
  • release: use same version for app and chart release (#242) (2000864)

2.2.1 (2019-12-06)

Bug Fixes

  • bump pino and sub dependency flatstr, fixes #218 (#219) (db3491b)
  • chart: remove one of the duplicate securityContext (#222) (2b54f34)
  • kv-backend: Add empty keyOptions for dataFrom case. (#221) (8e838ee)
  • do not skew binary data (#244) (01e0ca2)

2.2.0 (2019-11-14)

Bug Fixes

  • add dataFrom support to vault backend (refactor kv-backend) (#206) (24421b9)
  • status update conflicts should not cause crash, fixes #199 (#215) (e6171c8)
  • Stringify JSON response for compatibility with KV backend (#214) (5527530)
  • script: remove external-secrets.yml patching from release.sh (#216) (9d871cd)

Features

  • add validation to CRD (#208) (d2ebaeb)
  • allow disabling of interval polling (#211) (9441216)
  • chart: support mounting existing secrets as files (#213) (ac9b9e2)
  • secrets-manager: Added support for secrets versioning in Secrets Manager using version stage labels (#181) (9d6c2f9)
  • implement basic e2e tests (#207) (dfa210b)

2.1.0 (2019-11-08)

Bug Fixes

Features

  • add option to assume role (#144) (f0ce6ed)
  • add status subresource with last sync and generation tracking (#133) (8db1749)
  • add support for dataFrom & fix: encoding of non-string values (#196) (90f01c5)
  • allow setting additional markup on generated secret resource using template (#192) (25e2f74)
  • make role-scope annotation configurable & fix: allow missing roleArn even if annotations are set (#179) (8c17819), closes #174 #174
  • support Secret Binary from AWS Secrets Manager (#197) (731edb1)
  • Update aws-sdk to enable IRSA (AWS IAM Roles for ServiceAccounts) support, add securityContext to helm chart (#200) (165662c)
  • use spec in external secret resource, keeping secretDescriptor for backwards compat (#204) (a2a9dff)
  • vault: Support for Hashicorp Vault (#198) (d61312c)

2.0.0 (2019-11-05)

Bug Fixes

Features

  • add status subresource with last sync and generation tracking (#133) (8db1749)

1.6.0 (2019-10-23)

Features

1.5.0 (2019-09-27)

Features

1.4.0 (2019-09-27)

Bug Fixes

  • daemon: Upsert secrets immediately poller added (a986dfb)
  • secret: fix SSM parameter store code (e5e635f)

Features

  • allow setting type in external secret to support other than Opaque secrets (#130) (226697a)

1.3.1 (2019-07-18)

Bug Fixes

  • secret: fix SSM parameter store code (e5e635f)

1.3.0 (2019-06-22)

Bug Fixes

  • remove logging of potentially secret value (#96) (6063f79)

Features

  • secret: add ownerreference to remove created secret when external secret is removed (#95) (66af903)

1.2.3 (2019-06-06)

Bug Fixes

  • logging: show error on missing property (#87) (ef8bd5f)

1.2.2 (2019-06-03)

Bug Fixes

  • AWSSM: treat value as object iff the es specifies .property (#74) (1d5a9dd)

1.2.1 (2019-05-20)

Bug Fixes

  • config: remove default aws region (#54) (4584a09)
  • package: update kubernetes-client to version 7.0.0 (#49) (eeb7acf)

1.2.0 (2019-04-09)

Bug Fixes

  • package: update make-promises-safe to version 5.0.0 (#33) (a25b1d2)

Features

  • data: support .data in the secretDescriptor (#40) (4887469)

1.1.0 (2019-03-14)

Bug Fixes

  • backends: fix secretsManager backend name (#27) (d494edf)
  • deploy: fix deployment file (#4) (bcb1ad1)
  • dockerfile: remove broken commands (#3) (7901f90)
  • rbac: adjust the poller upsert code so it doesn't need get (#22) (5cffe97)
  • typo: fix typo in external secrets name (#8) (e26f75c)
  • updating: use PUT not PATCH when updating an existing Secret (#20) (856d8e0)

Features

  • cicd: add .travis.yml file (#9) (fbe52b3)
  • deploy: move deploy resources into single file (#5) (a264f2c)
  • examples: add hello-service example (#6) (af5b1d2)
  • json: support JSON objects in AWS Secret Manager (#13) (cd7130f)
  • project: add nodemon for development (#7) (ec25cbd)