Skip to content

Releases: cloudfoundry-community/vault-boshrelease

v1.0.1

12 Jun 17:55
@starkandwayne-bot starkandwayne-bot
v1.0.1
7d8da7b
Compare
Choose a tag to compare
v1.0.1

Improvements

  • The new vault.skip_verify property allows you to use
    self-signed certificates, or other untrusted X.509 certs,
    with the automatic unseal bits. Previously, this would
    fail because the vault CLI was not seeing VAULT_SKIP_VERIFY
    in the environment.

    This is off by default, preserving the legacy (more secure)
    behavior.

  • The new vault.addr property allows you to target the correct
    IP or domain name, in the event that you are using a real,
    trusted X.509 certificate. This property honors the replacement
    tokens (ip) and (index) in case you want to name your Vaults
    after their index.

Bug Fixes

  • Various documentation, example, and README updates were made.
    Whee!

  • Empty keys are skipped in the automatic vault unseal step, if
    you are using that functionality.

Software Updates

  • Bumped Vault binary to v0.10.2

Deployment

releases:
- name: vault
  version: 1.0.1
  url: https://github.com/cloudfoundry-community/vault-boshrelease/releases/download/v1.0.1/vault-1.0.1.tgz
  sha1: 1a413c31f2d3472d6d600bc59c7f634a047d048a
Loading

v1.0.0

04 Apr 00:19
@starkandwayne-bot starkandwayne-bot
v1.0.0
24eda86
Compare
Choose a tag to compare
v1.0.0

This release contains BREAKING CHANGES to
backwards-compatibility

Almost all of the configuration properties have been removed.
In their place, a single vault.config property has been
created to house a complete HCL string, as a multi-line block.

The new vault.tls allows operators to specify the certificates
and keys that their configuration (vault.config) uses.

Refer to the manifests/vault.yml example deployment manifest for
details on how to use vault.tls and vault.config in concert.

The vault-broker job has been removed from this release. If you
would like a more packaged BOSH experience, you are encouraged
to migrate to the [safe BOSH release][safe-bosh].

Updates

  • The BOSH 2.0 manifest manifests/vault.yml now has default
    cloud-config parameters that match those of cf-deployment.
    Operators can modify these by including the scale ops file.

  • Bumped https://github.com/hashicorp/vault to v0.9.6

Deployment

releases:
- name: vault
  version: 1.0.0
  url: https://github.com/cloudfoundry-community/vault-boshrelease/releases/download/v1.0.0/vault-1.0.0.tgz
  sha1: 09622ca3598cbbdf20abb45b51d5ddf15368343f
Loading

v0.8.0

22 Sep 16:33
@drnic drnic
v0.8.0
8ea5c70
Compare
Choose a tag to compare
v0.8.0

Build / Dev Changes

The vault-boshrelease pipeline now tracks the vault-broker
releases and pulls them into this BOSH release semi-automagically,
to help keep it up-to-date.

New Software

vault

Bumped https://github.com/hashicorp/vault to v0.8.3

vault-broker

Bumped https://github.com/cloudfoundry-community/vault-broker to v0.0.1

This version of vault-broker fixes a bug in unbinding with the
Vault API. Users are encouraged to upgrade as soon as possible if
they are using the Cloud Foundry vault-broker service broker.

Deployment

releases:
- name: vault
  version: 0.8.0
  url: https://github.com/cloudfoundry-community/vault-boshrelease/releases/download/v0.8.0/vault-0.8.0.tgz
  sha1: 0e870bbe5f75db0f87c1ed23fdc53765c5cbec0c
Loading

v0.7.0

21 Sep 07:28
@drnic drnic
v0.7.0
4fb6959
Compare
Choose a tag to compare
v0.7.0
  • CI upgraded to add testflight-pr job to automatically test pull requests
  • Removed old bosh1 manifests (see v0.6.3 tag to find them)
  • Last release containing v0.7.3 vault

Deployment

releases:
- name: vault
  version: 0.7.0
  url: https://github.com/cloudfoundry-community/vault-boshrelease/releases/download/v0.7.0/vault-0.7.0.tgz
  sha1: 6a59d2d30a5eb68e3f26e612751a760f895bf1b7
Loading

Vault BOSH Release v0.6.2

13 Jul 15:01
@starkandwayne-bot starkandwayne-bot
v0.6.2
ad82173
Compare
Choose a tag to compare
Vault BOSH Release v0.6.2

Bug Fixes

  • Fixed a variable naming bug, so that VAULT_ADVERTISE_ADDR is
    properly set so that vault can take advantage of it.
    (We had mistakenly left the critical _ADDR part off...)
Loading

Vault BOSH Release v0.6.1

03 Jul 11:55
@starkandwayne-bot starkandwayne-bot
v0.6.1
d9a5878
Compare
Choose a tag to compare
Vault BOSH Release v0.6.1

#Bug fixes

  • fix escape of '"' in config
  • fix step-down when tls is enabled
Loading

Vault BOSH Release v0.6.0

26 Jun 16:25
@starkandwayne-bot starkandwayne-bot
v0.6.0
adf4da4
Compare
Choose a tag to compare
Vault BOSH Release v0.6.0

Improvements

  • use spec.ip to determin own ip address (compatible with BOSH-release v258+)

Changes

  • Remove consuming ssl certs from linked consul. The hostnames will need to be set for vault rendering the certs unusable.
Loading

Vault BOSH Release v0.5.0

26 Jun 12:08
@starkandwayne-bot starkandwayne-bot
v0.5.0
263cf3c
Compare
Choose a tag to compare
Vault BOSH Release v0.5.0

Improvements

  • update vault binary to v0.7.3
  • consume ssl certs from linked consul
  • enable zero-downtime deployments via step_down_token and unseal_keys

Breaking changes

  • renamed all backend settings to storage in line with Vaults naming conventions.

Fixes

  • remove some redundant settings
Loading

Vault BOSH Release v0.4.3

18 Dec 19:34
@starkandwayne-bot starkandwayne-bot
v0.4.3
3ca4a83
Compare
Choose a tag to compare
Vault BOSH Release v0.4.3

Improvements

  • Updated vault-broker for policy changes fix.
Loading

Vault BOSH Release v0.4.2

29 Nov 18:26
@starkandwayne-bot starkandwayne-bot
v0.4.2
4e81324
Compare
Choose a tag to compare
Vault BOSH Release v0.4.2

Improvements

  • Vault was bumped to version 0.6.2
Loading