Tags: channable/vaultenv
Tags
v0.15.0 - "A token of my appreciation" This release adds two new authentication methods to Vaultenv: - GitHub authentication - Kubernetes authentication (thanks @ruuda!) The former is meant to be used in a development environment, and works with a personal access token. The latter is meant to be used in a Kubernetes cluster. This release also updates some dependencies.
v0.14.0 - "It's the little things" This release fixes some minor issues in Vaultenv: - Vaultenv will now enable "line buffering" mode for its output, which prevents issues with log messages getting mixed up or delayed if e.g. running under Systemd or Kubernetes. This was fixed by @ruuda in #115. - When printing the configuration with `--log-level info` Vaultenv will now correctly specify the unit for the base delay (milliseconds), where it previously printed an ambiguous plain number. This was added by @ruuda in #113. This release also contains fixes to make running the integration tests more reliable / work in more Linux environments. This was contributed by @ruuda in #114.
v0.13.1 - "Owned by me and not by thee" This release fixes a bug in the provided Debian package. The packages of 0.13.0 and earlier versions were not build with the `fakeroot` utility, which caused the installed package files (`/usr/bin/vaultenv` and `/etc/secrets.d/`) to be owned by the local user with uid 1000 instead of by `root`. We've now adjusted the build script to correctly use `fakeroot`, the package will also automatically correct this issue by changing the owner and mode of `/usr/bin/vaultenv` and `/etc/secrets.d` when upgrading from an earlier version. There are no changes to the code of the Vaultenv binary, except for an increase in the version number.
v0.13.0 - "If at first you don't succeed" This release fixes a bug in Vaultenv's retry behaviour. The bug caused Vaultenv to crash immediately if it failed to retrieve the mount information or a secret from the Vault server, while it was supposed to retry fetching that information. If Vaultenv fails to fetch the mount info or one or more secrets it will now correctly retry fetching that information according to the configured retry policy. This retry policy is (and was) configurable with the options `--retry-base-delay-milliseconds` / `VAULTENV_RETRY_BASE_DELAY_MS` and `--retry-attempts` / `VAULTENV_RETRY_ATTEMPTS`. Vaultenv will now also redact the used Vault token before outputting an error message when a secret or the mount info cannot be fetched within the retry period.
v0.12.0 - "Need to Know" Vaultenv now supports removing specific variables from the environment before executing the wrapped command, allowing the user to selectively inherit the parent environment (instead of completely or not at all). This behaviour can be enabled by passing the `--inherit-env-blacklist` option, setting the `VAULTENV_INHERIT_ENV_BLACKLIST` environment variable, or setting the `VAULTENV_INHERIT_ENV_BLACKLIST` option in a Vaultenv configuration file. The value of the option or variable should be a list of names of environment variables to remove, separated by commas. Vaultenv will remove the variables from the environment of the command to execute if the variable has a name that exactly matches a name in the blacklist. Vaultenv will also remove variables retrieved from Vault if the name of the variable matches a name on the blacklist. The blacklist has no effect if `--no-inherit-env` is used, and the option will be silently ignored.
v0.11.0 - "Destination Unknown" Vaultenv has gained support for reading connection configuration options from the standard `VAULT_ADDR` environment variable. With this release, we have also started shipping fully static binaries for Linux. VAULT_ADDR support ================== Vaultenv already had support for the following CLI options and environment variables to configure connection information: - `--host` or `VAULT_HOST` - `--port` or `VAULT_PORT` - `--[no-]connect-tls` or `VAULTENV_CONNECT_TLS` With this release, we also add support for reading this information from the VAULT_ADDR environment variable. The old configuration options still work and will remain supported. Please refer to the README for details (most notably on how precedence and conflicts in these options are handled). Static binary releases ====================== The Linux binaries that we used to provide were coupled to a version of libc. This meant users had to compile vaultenv from source if they were on a distro with an older libc than the one we compiled Vaultenv with. From now on, the Linux binaries we distribute are fully static, meaning they are no longer coupled to a version of libc. We ship a static binary containing MUSL and integer-simple.
PreviousNext