Releases: lensesio/secret-provider
Releases · lensesio/secret-provider
2.3.0
Tagging for 2.3.0
**Changes**
* All:
* Security: Write maven Descriptors on packaging to avoid incorrect dependencies being identified by security scanner tools. (Fixes CVE-2023-1370).
* Security: Add dependency checking as part of build process.
* AES256 Provider:
* Security: Change AES256 key to PASSWORD type to avoid logging secrets.
* AWS Secrets Manager Provider:
* New property : `file.write`<br/>
Writes secrets to file on path. Required for Java trust stores, key stores, certs that need to be loaded from file. For ease of use for the secret provider, this is disabled by default.
* New property : `secret.default.ttl`<br/>
If no TTL is configured in AWS Secrets Manager, apply a default TTL (in milliseconds).
* New property : `aws.endpoint.override`<br/>
Add override for non-standard or compatible AWS endpoints.
* Enhancement : Ensuring secrets are cached within their TTL (same as Vault).
* Enhancement : Upgraded dependencies to use AWS V2 Client.
* Enhancement : Added AWS STS dependency to avoid requirement of additional libraries for default authentication (eg. EKS).
* Security: Don't expose secret value in exception message on JsonParseException.
* New property : `secret.type`<br/>
Specify the type of secrets stored in Secret Manager. Defaults to JSON, to enable String secret values change to STRING.
* Bugfix: enable accessKey and secretKey to remain blank if using DEFAULT auth mode.
* Azure Secret Provider:
* Bugfix: Recompute TTL values on each get so timestamp of reschedule shrinks until TTL is reached.
* Bugfix: Fix so that UTF-8 encodings in Azure are correctly mapped to the UTF8 encoding in the secret provider.
* Hashicorp Vault Provider:
* Bugfix: Files will be written to the correct directory.
* New property: `app.role.path`<br/>
Support vault approle custom mount path.
* New property: `kubernetes.auth.path`<br/>
Support vault custom auth path (with default value to be auth/kubernetes).
* Security: `vault-java-driver` was no longer maintained, switched to use a community fork io.github.jopenlibs
* Add support for the Vault Database credential engine
2.2.0
Note:
From Version 2.2.0, the secret provider does not write secrets to file by default.
If you require this behaviour (for trust stores, key stores or certs) you can enable this by adding the propertyfile.write=true.
Changes
Adds new properties properties for the Vault secret provider:
file.write
Writes secrets to file on path. Required for Java trust stores, key stores, certs that need to be loaded from file. For ease of use for the secret provider, this is disabled by default.
secret.default.ttl
If no TTL is configured in Vault, apply a default TTL (in milliseconds).
2.1.6
2.1.6
This tag was signed with the committer’s verified signature.
johnathana
John Athanaselis
ENV secret provider added
2.1.5
2.1.5
2.1.4
2.1.3
2.1.0
Feat/optimised file writing (#15)
* Vault token renewal
Adds a new parameter for the Vault docs to drive the auth token renewal.
* Add file headers
* Complete the Vault ticket renewal.
* Avoid file to be created over and over again
For the AES decoder there was a strategy to create a file (using random UUID) every time the "key" was returned. The new code is changing the approach to make sure we only create the file once. This means though for the AES encoding the encoding format should contain an id for a file:${encoding}_${id}. The id has to be unique as well.
Small code improvement around decoding
* Fix compilation
2.0.1
Fix name
0.0.2
Add ENV Provider.
Release 0.0.1
Relase 0.0.1