sops/CHANGELOG.rst

Changelog
=========

3.5.0
-----
Features:

    * `sops exec-env` and `sops exec-file`, two new commands for utilizing sops secrets within a temporary file or env vars

Bug fixes:

    * Sanitize AWS STS session name, as sops creates it based off of the machines hostname
    * Fix for `decrypt.Data` to support `.ini` files
    * Various package fixes related to switching to Go Modules
    * Fixes for Vault-related tests running locally and in CI.

Project changes:

    * Change to proper use of go modules, changing to primary module name to `go.mozilla.org/sops/v3`
    * Change tags to requiring a `v` prefix.
    * Add documentation for `sops updatekeys` command

3.4.0
-----
Features:

    * `sops publish`, a new command for publishing sops encrypted secrets to S3, GCS, or Hashicorp Vault
    * Support for multiple Azure authentication mechanisms
    * Azure Keyvault support to the sops config file
    * `encrypted_regex` option to the sops config file

Bug fixes:

    * Return non-zero exit code for invalid CLI flags
    * Broken path handling for sops editing on Windows
    * `go lint/fmt` violations
    * Check for pgp fingerprint before slicing it

Project changes:

    * Build container using golang 1.12
    * Switch to using go modules
    * Hashicorp Vault server in Travis CI build
    * Mozilla Publice License file to repo
    * Replaced expiring test gpg keys

3.3.1
-----

Bug fixes:

* Make sure the pgp key fingerprint is longer than 16 characters before
  slicing it. (#463)
* Allow for `--set` value to be a string. (#461)

Project changes:

* Using `develop` as a staging branch to create releases off of. What
  is in `master` is now the current stable release.
* Upgrade to using Go 1.12 to build sops
* Updated all vendored packages

3.3.0
-----

New features:

* Multi-document support for YAML files
* Support referencing AWS KMS keys by their alias
* Support for INI files
* Support for AWS CLI profiles
* Comment support in .env files
* Added vi to the list of known editors
* Added a way to specify the GPG key server to use through the
  SOPS_GPG_KEYSERVER environment variable

Bug fixes:

* Now uses $HOME instead of ~ (which didn't work) to find the GPG home
* Fix panic when vim was not available as an editor, but other
  alternative editors were
* Fix issue with AWS KMS Encryption Contexts (#445) with more than one
  context value failing to decrypt intermittently. Includes an
  automatic fix for old files affected by this issue.

Project infrastructure changes:

* Added integration tests for AWS KMS
* Added Code of Conduct


3.2.0
-----

* Added --output flag to write output a file directly instead of
  through stdout
* Added support for dotenv files

3.1.1
-----

* Fix incorrect version number from previous release

3.1.0
-----

* Add support for Azure Key Service

* Fix bug that prevented JSON escapes in input files from working

3.0.5
-----

* Prevent files from being encrypted twice

* Fix empty comments not being decrypted correctly

* If keyservicecmd returns an error, log it.

* Initial sops workspace auditing support (still wip)

* Refactor Store interface to reflect operations SOPS performs

3.0.3
-----

* --set now works with nested data structures and not just simple
  values

* Changed default log level to warn instead of info

* Avoid creating empty files when using the editor mode to create new
  files and not making any changes to the example files

* Output unformatted strings when using --extract instead of encoding
  them to yaml

* Allow forcing binary input and output types from command line flags

* Deprecate filename_regex in favor of path_regex. filename_regex had
  a bug and matched on the whole file path, when it should have only
  matched on the file name. path_regex on the other hand is documented
  to match on the whole file path.

* Add an encrypted-suffix option, the exact opposite of
  unencrypted-suffix

* Allow specifying unencrypted_suffix and encrypted_suffix rules in
  the .sops.yaml configuration file

* Introduce key service flag optionally prompting users on
  encryption/decryption

3.0.1
-----

* Don't consider io.EOF returned by Decoder.Token as error

* add IsBinary: true to FileHints when encoding with crypto/openpgp 

* some improvements to error messages

3.0.0
-----

* Shamir secret sharing scheme support allows SOPS to require multiple master
  keys to access a data key and decrypt a file. See `sops groups -help` and the
  documentation in README.

* Keyservice to forward access to a local master key on a socket, similar to
  gpg-agent. See `sops keyservice --help` and the documentation in README.

* Encrypt comments by default

* Support for Google Compute Platform KMS

* Refactor of the store logic to separate the internal representation SOPS
  has of files from the external representation used in JSON and YAML files

* Reencoding of versions as string on sops 1.X files.
  **WARNING** this change breaks backward compatibility.
  SOPS shows an error message with instructions on how to solve
  this if it happens.
  
* Added command to reconfigure the keys used to encrypt/decrypt a file based on the .sops.yaml config file

* Retrieve missing PGP keys from gpg.mozilla.org

* Improved error messages for errors when decrypting files


2.0.0
-----

* [major] rewrite in Go

1.14
----

* [medium] Support AWS KMS Encryption Contexts
* [minor] Support insertion in encrypted documents via --set
* [minor] Read location of gpg binary from SOPS_GPG_EXEC env variables

1.13
----

* [minor] handle $EDITOR variable with parameters

1.12
----

* [minor] make sure filename_regex gets applied to file names, not paths
* [minor] move check of latest version under the -V flag
* [medium] fix handling of binary data to preserve file integrity
* [minor] try to use configuration when encrypting existing files