- fix(management): Management jobs for
K8STLSSecretandK8SSecrettypes handle ECC keys. - fix(manifest): Update store-type definitions to include params
IncludeCertChainandSeparateChain - fix(docs): Update screenshots for
K8SClusterandK8SNSstore types custom fields.
- feat(storetypes):
K8SPKCS12store type added to support PKCS12, .P12, PFX, files in K8Sopaquesecrets. - feat(storetypes):
K8SJKSstore type added to support JKS files in K8Sopaquesecrets. - feat(storetypes):
K8SCLUSTERstore type added to support PEM files in K8Sopaqueandtlssecrets for an entire cluster as a single store. - feat(storetypes):
K8SNSstore type added to support PEM files in K8Sopaqueandtlssecrets for a single namespace as a single store. - feat(discovery): Support added for:
K8SNS,K8SPKCS12,K8SJKSstore types. - feat(management): Support added for:,
K8SCLUSTER,K8SNS,K8SPKCS12,K8SJKSstore types. - feat(inventory): Support added for:
K8SCLUSTER,K8SNS,K8SPKCS12,K8SJKSstore types.
- fix(base): If unable to convert to x509Certificate2 object then just use raw bytes from job.
- fix(client): Replace remaining "private_keys" refs to "tls.key"
- fix(management): Private keys coming from Keyfactor command are not stored unencrypted in secrets.
- fix(management): Remove check for cert bytes in HandleTlsSecret
- fix(management): Condition for handling "create_store" includes check of PEM and alias.
- chore(scripts): Add script to stand up Hashicorp Vault CA and create some certs then push them into K8S secrets.
- fix(management): Opaque secrets now manage tls.crt and tls.key rather than
certificatesandprivate_keys. Only a single cert and key are supported.
- fix(base): Add additional logic extracting private keys
- fix(base): Verbose logging.
- fix(client): Discovery locations now include cluster name.
- fix(discovery): StorePath now includes cluster name from kubeconfig credentials.
- fix(management): When creating
X509Certificate2include flag to allow export. - fix(scripts): Fixed k8s service account scripts to default to index 0 and added notes about assumption.
- chore(docs): Added docs about
StorePath
- fix(base): Add support for empty or null
ServerUsernameand default tokubeconfig - fix(base): Throw configuration exception if
ServerPasswordis null or empty. - fix(client): Init kf logger properly.
- fix(client): Remove will search all secret keys to check for cert rather than just managed keys.
- fix(discovery): Remove duplicate locations from results and print out discovered locations in the message.
- fix(discovery): Lists all namespaces and then checks if namespace is in the "Directories to search" parameter rather than filter by API call.
- fix(discovery): Now checks the storetype passed to determine what K8S secret type to import when checking secret keys.
- fix(inventory): Added more logging
- fix(inventory): When secret is not found on K8S inventory is assumed empty.
- fix(management): Add support for
createStore - fix(management): Enable use of "create store" tick box, which triggers an empty management job.
- fix(manifest): Capability names match docs
- fix(store-types): Update store types to require server and remove
KubeSvcCredsfield.
- chore(docs): Removed KubeSvcCreds reference from PAM stub.
- fix(base): Parse
KubeNamespaceandKubeSecretNamefrom storepath if contains/ - fix(inventory): Allowing for secret key tls.crt and tls.key for
Opaquesecret types. - fix(inventory): Returned certs list now returns list of certs.
- chore(docs): Remove references to
KubeSvcCredsfield, and instead forceNeeds Serverwhich implicitly adds fields forServerUsernameandServerPassword
- Initial release