BUG FIXES
- Restored the ability to use this gem with older Ruby versions that do not have
the
OpenSSL::SSL::TLS1_2_VERSIONconstant.
IMPROVEMENTS
- Added support for TLS v1.3 by replacing
ssl_versionwithmin_version.
IMPROVEMENTS
- Added MissingRequiredStateErr error type to refer to 412s returned by Vault 1.10 when the WAL index on the node does not match the index in the Server-Side Consistent Token. This error type can be passed as a parameter to
#with_retries, and will also be retried automatically when#with_retriesis used with no parameters.
IMPROVEMENTS
- The timeout used to get a connection from the connection pool that talks with vault is now configurable. Using
Vault.pool_timeoutor the env varVAULT_POOL_TIMEOUT.
IMPROVEMENTS
- Added support for Resource Quotas
IMPROVEMENTS
- Added support for the Transform Secrets Engine
BUG FIXES
- Fixed the ability to use namespace as an option for each request. Previously, that option was ignored.
- aws-sigv4 gem was unlocked after a bug in 1.1.2 broke CI
IMPROVEMENTS
- Added support for defining a namespace when initializing the client, as well as options for changing the namespace via method.
- Added support for sys/namespaces API. Ability to Get, Create, Delete, and List namespaces has been provided.
IMPROVEMENTS
- Add support for versioned KV secrets in the client
IMPROVEMENTS
- Expose the github login path as an optional argument
- Support HTTP basic auth [GH-181]
- Expose the AWS IAM path to use [GH-180]
- Add GCP Auth [GH-173]
- Add shutdown functionality to close persistent connections [GH-175]
BUG FIXES
- Specifing the hostname for SNI didn't work. The functionality has been disabled for now.
IMPROVEMENTS
- Access to health has been added.
- Added ability to handle a Base64 encoded PEM (useful for certs in environment variables)
- Added IAM EC2 authentication support
- Add custom mount path support to TLS authentication
IMPROVEMENTS
vault-rubyis licensed under Mozilla Public License 2.0, and has been for over 2 years. This patch release updates the gemspec to use the correct SPDX ID string for reporting this license, but no change to the licensing of this gem has occurred.
IMPROVEMENTS
#with_retriesnow defaults to checkingHTTPServerErrorif called without an error classes
BUG FIXES
- Don't randomly fail when parsing with Time.parse [GH-140]
IMPROVEMENTS
- The pool size used to talk with vault is now configurable. Using
Vault.pool_sizeor the env varVAULT_POOL_SIZE.
BREAKING CHANGES
- Use PUT/POST for all functions that involve tokens [GH-117]. For Vault 0.6+, this will work as-expected. For older Vault versions, you will need to use an older client library which uses the URL instead. This is deprecated in Vault because the URL would include the token, thus revealing it in request logs. These new methods place the token in the body instead.
BUG FIXES
- Do not convert arrays in
#to_h[GH-125] - Prevent mismatched checkout/checkin from the connection pool; this will avoid masking errors that occur on pool checkout.
IMPROVEMENTS
- Support new init API options [GH-127]
- Return base64-encoded keys in init response [GH-128]
- Add support for
#hostnamefor specifying SNI hostname to validate [GH-112]
BUG FIXES
- Allow options to be set on
Vaultas well as anyVault::Clientinstance to be used properly. - Remove Ruby 2.0 syntax in favor of Ruby 1.9
BUG FIXES
- Set the default pool size to 16 rather than calculating from the number of available file descriptors.
BUG FIXES
- Properly vendor Net::HTTP::Persistent so that it doesn't collide with net-http-persistent
- Fix behavior where
verify_modewas forced toVERIFY_PEERif a custom CA was set
DEPRECATIONS
- Vault versions older than 0.5.3 are no longer tested
NEW FEATURES
- Add support for AppRole
- Expose the auth/tune API
- Add support for leader step down
- Use persistent connections to Vault to speed up requests
- Add support for a custom ssl certificate store
BUG FIXES
- Allow for spaces in secret names properly
NEW FEATURES
- Add support for Vault 0.6.1 APIs
- Add new token
accessorsAPI method - Add TLS authentication endpoints
BUG FIXES
- Restore old
to_hbehavior on response objects
IMPROVEMENTS
- Bootstrap full testing harness against old Vault versions
NEW FEATURES
- Add TTL wrapping to logical and auth backends
- Support passing PGP keys to init
BUG FIXES
- New API documentation
- Remove recursive requires
NEW FEATURES
- Add LDAP authentication method [GH-61]
- Add GitHub authentication method [GH-37]
- Add
create_orphanmethod [GH-65] - Add
lookupandlookup_selffor tokens - Accept
VAULT_SKIP_VERIFYenvironment variable [GH-66]
BUG FIXES
- Prefer
VAULT_TOKENenvironment variable over disk to mirror Vault's own behavior [GH-98] - Do not duplicate query parameters on HEAD/GET requests [GH-62]
- Yield exception in
with_retries[GH-68]
NEW FEATURES
- Add API for
renew_self - Add API for
revoke_self - Add API for listing secrets where supported
BUG FIXES
- Relax bundler constraint
- Fix race conditions on Ruby 2.3
- Escape path params before posting to Vault
IMPROVEMENTS
- Add support for retries (clients must opt-in) [GH-47]
BUG FIXES
- Fix redirection on POST/PUT [GH-40]
- Use
$HOMEinstead of~for shell expansion
IMPROVEMENTS
- Use headers instead of cookies for authenticating to Vault [GH-36]
BUG FIXES
- Do not set undefined OpenSSL options
- Add
ssl_pem_passphraseas a configuration option [GH-35]
IMPROVEMENTS
- Add support for using a custom CA cert [GH-8]
- Allow clients to specify timeouts [GH-12, GH-14]
- Show which error caused the HTTPConnectionError [GH-30]
- Allow clients to specify which SSL cipher suites to use [GH-29]
- Allow clients to specify the SSL pem password [GH-22, GH-31]
BUG FIXES
- Read local token (
~/.vault-token) for token if present [GH-13] - Disable bad SSL cipher suites and force TLSv1.2 [GH-16]
- Update to test against Vault 0.2.0 [GH-20]
- Do not attempt a read on logical path write [GH-11, GH-32]
BUG FIXES
- Decode logical response body if present
BUG FIXES
- Require vault/version before accessing Vault::VERSION in the client
- Improve Travis CI test coverage
- README and typo fixes
- Initial release