You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Migration to this version may fail if the cluster contains credential
libraries. This will be fixed shortly in 0.10.1.
New and Improved
ssh Target Type With Credential Injection (HCP Boundary only): Boundary has
gained a new ssh target type. Using this type, username/password or SSH
private key credentials can be sourced from vault credential libraries or static credentials and injected into the SSH session between a client and
end host. This allows users to securely SSH to remote hosts while never being
in possession of a valid credential for that target host.
SSH Private Key Credentials: There is now an ssh_private_key credential type
that allows submitting a username/private key (and optional passphrase) to
Boundary for use with credential injection or brokering workflows.
boundary connect ssh Credential Brokering Enhancements: we have extended
support into the boundary connect ssh helper for brokered credentials of ssh_private_key type; the command will automatically pass the credentials to
the ssh process (PR).
boundary authenticate, boundary accounts: Enables use of env:// and file:// syntax to specify location of a password
(PR)
Bug Fixes
cli: Correctly cleanup plugins after exiting boundary dev, boundary server
and boundary database init
(Issue, PR).
boundary accounts change-password: Fixed being prompted for confirmation of
the current password instead of the new one
(PR)
Deprecations/Changes
API Module: Changed the return types that reference interfaces into their
expected typed definition. Type casting is only allowed against interface
types, therefore to mitigate compiler errors please remove any type casting
done against the return values.
(Issue, PR)
Targets: Rename Application credentials to Brokered credentials
(PR).
Host plugins: Plugin-type host catalogs/sets/hosts now use typed prefixes for
any newly-created resources. Existing resources will not be affected.
(PR)
Credential stores: Static-type credential stores/credentials now use typed
prefixes for any newly-created resources. Existing resources will not be
affected. (PR)
Change of behavior on -token flag in CLI: Passing a token this way can
reveal the token to any user or service that can look at process information.
This flag must now reference a file on disk or an env var. Direct usage of the BOUNDARY_TOKEN env var is also deprecated as it can show up in environment
information; the env:// format now supported by the -token flag causes the
Boundary process to read it instead of the shell so is safer.
(PR)
Change of behavior on -password flag in CLI: The same change made above for -token has also been applied to -password or, for supporting resource
types, -current-password and -new-password.
(PR)