Note:

• This release does not ship with the UI enabled. The UI will be available in the future. #129
• This release provides initial support for artifact signing.
• OpenBao does not provide support for Vault Enterprise features. If there is an enterprise feature you would like to see added to the project, please open a feature request.
• OpenBao is fully API compatible with Vault 1.14.9, and seal compatible with the plugins the project supports. Plugin support for OpenBao can be found here.
• The v2.0.0 tag was originally pushed as commit 7e0e830; changes to the workflows needed to occur causing v2.0.0 to be re-tagged as commit 700fe3f. If a local copy was pulled with this tag, please run git tag -d v2.0.0 && git fetch origin tag v2.0.0 to update to the correct commit. No code changes occurred between these two releases.

Changelog over v2.0.0-beta

• 7e40243: Add GOOS matrix to release workflow (#411) (@cipherboy)
• 5c7b08d: Bump actions/configure-pages from 4 to 5 (#370) (@dependabot[bot])
• 9a4c16e: Bump actions/github-script from 6.4.1 to 7.0.1 (#198) (@dependabot[bot])
• 0852db8: Bump actions/upload-artifact from 3.1.2 to 4.3.3 (#376) (@dependabot[bot])
• 84b25c2: Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#395) (@dependabot[bot])
• 5412ae6: Bump browser-actions/setup-chrome from 1.5.0 to 1.7.1 (#377) (@dependabot[bot])
• eb709ea: Bump test-summary/action from 2.1 to 2.3 (#199) (@dependabot[bot])
• f8b0953: Bump test-summary/action from 2.2 to 2.4 (#387) (@dependabot[bot])
• d7130e1: Clarify fork point in FAQ (#392) (@cipherboy)
• 4dc1fa0: Downgrade test-summary/action from 2.3 to 2.2 (#381) (@JanMa)
• 9a3a3a4: Fix artifact signing, use default runner (@cipherboy)
• 700fe3f: Gate Docker steps behind GOOS (#412) (@cipherboy)
• 22c93f7: Remove cross-cluster revocation from PKI (#365) (@cipherboy)
• ac47724: Remove mlock and replace with cgroups (#363) (@IohannesArnold)
• 7e0e830: Update Go version, changelog, modules for GA (#410) (@cipherboy)
• 603efd3: Update docs to include mlock removal RFC (#391) (@IohannesArnold)
• 7276406: docs(token): document the token format (#372) (@nobe4)
• 1971309: fix release asset parsing for download page (#378) (@JanMa)
• f0288a1: set bao binary version info with Goreleaser (#401) (@JanMa)
• b2b9021: update website dependencies (#368) (@JanMa)

This release is for development and testing only

Note:

• This release does not ship with the UI enabled. The UI will be available in the future. #129
• This release provides beta support for artifact signing. Artifact signing will be stable in the next GA release of OpenBao.
• OpenBao does not provide support for Vault Enterprise features. If there is an enterprise feature you would like to see added to the project, please open a feature request.
• OpenBao is fully API compatible with Vault 1.14.9, and seal compatible with the plugins the project supports. Plugin support for OpenBao can be found here

Changelog

• a5e299d: Add changelog entry for #313 (@ruuda)
• ec9b2e8: Added Dockerhub and quay.io to goreleaser ( <>)
• 26a0717: Added changelog for Docker registries ( <>)
• ee45b4d: Adding OpenBao's new maintainers, working group, and tsc voting member. (@naphelps)
• 8578e57: Adding linux/ppc64le and linux/s390x support. Adding sbom support for all artifacts. Updated Docker base image versions. (@naphelps)
• 37cafcd: Adding sbom support to the release process. (@naphelps)
• 6cd4807: Avoid invoking token helper on login (@ruuda)
• 1800244: Bump actions/checkout from 3.5.3 to 4.1.7 (#367) (@dependabot[bot])
• 67dd84e: Bump go version to 1.22.4 (@cipherboy)
• 5ac7393: Clarify Integrated Storage is only backend (@IohannesArnold)
• cf73343: Complete the conversion of jwt plugin html responses to OpenBao (@DrDaveD)
• eea3d80: Correctly seek in raft's ListPage when after=. (@cipherboy)
• 553d045: Fix command usage docs (#364) (@Wouterkoorn)
• 9c8b041: Fix compatibility with Vault plugins (@cipherboy)
• 74c2ddd: Fix remote port information in plugins (@tsipinakis)
• 8499e4e: Fix tests for release and remove legacy build process (#362) (@cipherboy)
• 87aca6e: Fixed docker registry in build flow ( <>)
• 6b68e6c: Fixed typo in quay login ( <>)
• dec7a66: Fixing broken readme logo. (@naphelps)
• df55735: Issue 285: Corrected Viaccess-Orca's company name on website. (@naphelps)
• 8283776: Issue 330: Adding TSC Alternate. (@naphelps)
• dc3bea3: Issue 330: Adding TSC alternate. (@naphelps)
• bcb326e: Issue 330: Adding Technical Steering Committee members to the Contributing.md document. (@naphelps)
• bb70c6f: Issue 330: Fixed github account reference. (@naphelps)
• 7f838e9: Issue 358: Swapped Hashicorp's CoC for LF's. Added a Maintainers markdown file. (@naphelps)
• 1c194a1: Limit parallelism on goreleaser (@cipherboy)
• 99fc565: Remove "Migration pre 1.5.1" in docs (@IohannesArnold)
• 527fb9e: Remove references to tutorials (@cipherboy)
• c297148: Removed dragonfly from build process. Issues with os.signals. (@naphelps)
• f62d36c: Removed misc dash. (@naphelps)
• 15c4855: Revert "Remove Server Side Consistent Tokens (SSCTs)" (@cipherboy)
• 4d13206: Separating UBI from Alpine based images. Generalizing container organization for development/testing. (@naphelps)
• 53ff6ef: Set DisableSSCTokens=true as the default config (@cipherboy)
• f8dbc4b: Start a contributing guide with code layout (@cipherboy)
• 0bb52bf: Update use-cases.mdx (@goldenson)
• 1c37b6d: Updated github action to log into all registries ( <>)
• 637519c: Updated workflow build to include other registries ( <>)
• 5a9f3c1: add 2.0.0-alpha20240329 release notes to website (@JanMa)
• 154c647: add download page to website (@JanMa)
• 5048f5e: add warning about missing UI to changelog (@JanMa)
• 94238c0: changed Docker registry to docker.io ( <>)
• 0534d95: chore: remove refs to deprecated io/ioutil (@testwill)
• 141bfca: cleanup unused static assets (@JanMa)
• 02e0c9b: download docker images from quay.io (@JanMa)
• 5a1d104: fix LF Edge Logo path in footer (@JanMa)
• 015bd84: remove unused images from website (@JanMa)
• feab8cb: update website dependencies (@JanMa)
• 44f445b: update website footer (@JanMa)

This release is for development and testing only

Note:

• This release does not ship with the UI enabled. The UI will be available in the future. #129
• This release does not support artifact signing. Artifact signing will be available in the next GA release of OpenBao.
• OpenBao does not provide support for Vault Enterprise features. If there is an enterprise feature you would like to see added to the project, please open a feature request.
• OpenBao is fully API compatible with Vault 1.14.9, and seal compatible with the plugins the project supports. Plugin support for OpenBao can be found here

What's Changed

• Adjust issue template and PR template to fit OpenBao by @Scorpil in #5
• Adjust static files to fit OpenBao by @Scorpil in #8
• Replace Vault with OpenBao by @jmls in #10
• Update go mod ref by @jbutlerdev in #2
• gofmt entire project by @alrs in #28
• Replace Vault with OpenBao in API docs by @JanMa in #22
• Remove vault-enterprise test by @cipherboy in #52
• replace Vault with OpenBao in documentation by @JanMa in #44
• Fix duplicate raft-boltdb declaration by @cipherboy in #58
• Switch to new openbao/go-kms-wrapping repository by @cipherboy in #59
• Re-add stepwise to sdk by @cipherboy in #57
• Remove HCP Link from OpenBao by @cipherboy in #63
• Fix API & SDK failing tests by @cipherboy in #62
• Remove Enterprise documentation by @JanMa in #65
• Clean up CODEOWNERS, remove last changelog entries by @cipherboy in #70
• Remove Enos Test Scenarios by @cipherboy in #83
• Adding Basic SBOM Support by @naphelps in #95
• Part 1/n - Remove non-raft storage backends by @cipherboy in #99
• Part 2/n - Remove non-OSI database plugins by @cipherboy in #100
• Part 3/n - Remove auth plugins by @cipherboy in #101
• Part 4/n - Remove secrets plugins by @cipherboy in #102
• Part 5/n - Add jwt plugin by @cipherboy in #103
• Part 6/n - Add kerberos plugin by @cipherboy in #104
• Part 7/n - Add kubernetes auth plugin by @cipherboy in #105
• Part 8/n - Add redis plugin by @cipherboy in #106
• Part 9/n - Add kubernetes secret plugin by @cipherboy in #107
• Part 10/n - Add openldap plugin by @cipherboy in #108
• Part 11/n - Add K/V Secrets Engine by @cipherboy in #109
• Part 13/n - Remove non-OSI auth methods from API by @cipherboy in #111
• Part 14/n - Remove last references to MongoDB by @cipherboy in #112
• Part 15/n - Minor plugin related changes by @cipherboy in #113
• Part 16/n - Use kv plugin for tests by @cipherboy in #114
• Part 17/17 - Move testIdentityStore to use AppRole instead of GitHub by @cipherboy in #115
• Add proposals to documentation website by @cipherboy in #122
• feat: rename Vault to OpenBao in build files by @kvendingoldo in #45
• Rename Vault->OpenBao in API field descriptions by @cipherboy in #72
• delete docs of removed plugins by @JanMa in #116
• Remove patch for SHA-1 certificates by @cipherboy in #119
• Remove upstream's upgrading guides and release notes by @cipherboy in #123
• Update lf-edge/openbao to openbao/openbao as GH Org reference by @cipherboy in #131
• Fix plugin versioning, references to bao on CLI, version number by @cipherboy in #132
• Add support to Transit, keysutil for XChaCha20-Poly1305 by @cipherboy in #36
• pki: Preserve ordering of submitted SAN names by @cipherboy in #50
• Forbid v1 & v2 convergent keys in Transit by @cipherboy in #85
• Remove old version docs by @JanMa in #137
• Cleanup more obsolete docs by @JanMa in #141
• Allow setting KeyUsage, ExtKeyUsage on CAs by @cipherboy in #76
• Move to Go 1.22.0 by @cipherboy in #124
• Update to protoc-gen-go-v1.31.0 by @cipherboy in #135
• Add accepted migration policy by @cipherboy in #144
• Transit: Fix bug where locks were not being freed on specific operations - with tests by @cipherboy in #139
• Update Vault->OpenBao in the UI by @cipherboy in #128
• fork: Rename Environment Variables by @Mab879 in #138
• Use api.ReadBaoVariable everywhere by @cipherboy in #157
• Fix running API, SDK tests & vetting by @cipherboy in #155
• Build new website for documentation by @JanMa in #156
• Run external tools directly by @cipherboy in #159
• Swap hashicorp/consul-template to openbao/openbao-template by @cipherboy in #160
• Remove Consul storage backend test helper by @cipherboy in #165
• Remove last of the BUSL code by @cipherboy in #166
• Remove Consul service registration by @cipherboy in #167
• Correctly validate leaf certificate trust by @cipherboy in #173
• Fix CI Pipelines, remove references to HashiCorp Infrastructure by @cipherboy in #168
• Fork: Remove 'Enterprise' and related references from user-visible codebase by @Gabrielopesantos in #142
• Remove workflow permission requirements by @cipherboy in #177
• Fix vulnerable dependencies in core, api/, and sdk/ by @cipherboy in #183
• Add Shamir's to shared sdk/, fix titles in API & SDK READMEs by @cipherboy in #181
• Fix OpenBao OIDC followed by Google OIDC not working on Android by @siepkes in #185
• Issue 174: Adding source-available licensing policy to contributing by @naphelps in #175
• Temporarily remove UI from release pipelines by @cipherboy in #190
• Bump actions/go-dependency-submission from 2.0.0 to 2.0.1 by @dependabot in #179
• Bump browser-actions/setup-chrome from 1.2.0 to 1.5.0 by @dependabot in #145
• Bump actions/download-artifact from 3.0.2 to 4.1.4 by @dependabot in #178
• Remove remaining permissions issues in pipelines by @cipherboy in #191
• Remove Performance Secondary, DR Secondary consts by @cipherboy in #193
• Remove activity log from OpenBao by @cipherboy in #194
• Remove eventing & experimental subsystems by @cipherboy in #195
• Remove references to enterprise in vault/ by @cipherboy in #197
• Transit: Remove enterprise no-ops references from API and SDK by @Gabrielopesantos in #196
• PKI: Remove references to managed keys and enterprise no-ops functions by @Gabrielopesantos in #169
• Remove Server Side Consistent Tokens (SSCTs) by @cipherboy in #203
• Improvements to Shamir's implementation by @cipherboy in #210
• Add soft deletion of Transit keys by @cipherboy in #211
• Allow customizing key export format in Transit by @cipherboy in #212
• Document 404 is also an empty list by @cipherboy in #214
• Add delta CRL distribution point extension by @cipherboy in #215
• Fix running external binary tests in CI by @cipherboy in #216
• Fix Solaris and remove i386 builds by @cipherboy in #205
• Docs - Clarify behavior of role'...