зеркало из https://github.com/getsops/sops.git
322 строки
8.5 KiB
ReStructuredText
322 строки
8.5 KiB
ReStructuredText
Changelog
|
|
=========
|
|
|
|
3.7.3
|
|
-----
|
|
Changes:
|
|
|
|
* Upgrade dependencies (#1024, #1045)
|
|
* Build alpine container in CI (#1018, #1032, #1025)
|
|
* keyservice: accept KeyServiceServer in LocalClient (#1035)
|
|
* Add support for GCP Service Account within `GOOGLE_CREDENTIALS` (#953)
|
|
|
|
Bug fixes:
|
|
|
|
* Upload the correct binary for the linux amd64 build (#1026)
|
|
* Fix bug when specifying multiple age recipients (#966)
|
|
* Allow for empty yaml maps (#908)
|
|
* Limit AWS role names to 64 characters (#1037)
|
|
|
|
3.7.2
|
|
-----
|
|
Changes:
|
|
|
|
* README updates (#861, #860)
|
|
* Various test fixes (#909, #906, #1008)
|
|
* Added Linux and Darwin arm64 releases (#911, #891)
|
|
* Upgrade to go v1.17 (#1012)
|
|
* Support SOPS_AGE_KEY environment variable (#1006)
|
|
|
|
Bug fixes:
|
|
|
|
* Make sure comments in yaml files are not duplicated (#866)
|
|
* Make sure configuration file paths work correctly relative to the config file in us (#853)
|
|
|
|
3.7.1
|
|
-----
|
|
Changes:
|
|
|
|
* Security fix
|
|
* Add release workflow (#843)
|
|
* Fix issue where CI wouldn't run against master (#848)
|
|
* Trim extra whitespace around age keys (#846)
|
|
|
|
3.7.0
|
|
-----
|
|
Features:
|
|
|
|
* Add support for age (#688)
|
|
* Add filename to exec-file (#761)
|
|
|
|
Changes:
|
|
|
|
* On failed decryption with GPG, return the error returned by GPG to the sops user (#762)
|
|
* Use yaml.v3 instead of modified yaml.v2 for handling YAML files (#791)
|
|
* Update aws-sdk-go to version v1.37.18 (#823)
|
|
|
|
Project Changes:
|
|
|
|
* Switch from TravisCI to Github Actions (#792)
|
|
|
|
3.6.1
|
|
-----
|
|
Features:
|
|
|
|
* Add support for --unencrypted-regex (#715)
|
|
|
|
Changes:
|
|
|
|
* Use keys.openpgp.org instead of gpg.mozilla.org (#732)
|
|
* Upgrade AWS SDK version (#714)
|
|
* Support --input-type for exec-file (#699)
|
|
|
|
Bug fixes:
|
|
|
|
* Fixes broken Vault tests (#731)
|
|
* Revert "Add standard newline/quoting behavior to dotenv store" (#706)
|
|
|
|
|
|
3.6.0
|
|
-----
|
|
Features:
|
|
|
|
* Support for encrypting data through the use of Hashicorp Vault (#655)
|
|
* `sops publish` now supports `--recursive` flag for publishing all files in a directory (#602)
|
|
* `sops publish` now supports `--omit-extensions` flag for omitting the extension in the destination path (#602)
|
|
* sops now supports JSON arrays of arrays (#642)
|
|
|
|
Improvements:
|
|
|
|
* Updates and standardization for the dotenv store (#612, #622)
|
|
* Close temp files after using them for edit command (#685)
|
|
|
|
Bug fixes:
|
|
|
|
* AWS SDK usage now correctly resolves the `~/.aws/config` file (#680)
|
|
* `sops updatekeys` now correctly matches config rules (#682)
|
|
* `sops updatekeys` now correctly uses the config path cli flag (#672)
|
|
* Partially empty sops config files don't break the use of sops anymore (#662)
|
|
* Fix possible infinite loop in PGP's passphrase prompt call (#690)
|
|
|
|
Project changes:
|
|
|
|
* Dockerfile now based off of golang version 1.14 (#649)
|
|
* Push alpine version of docker image to Dockerhub (#609)
|
|
* Push major, major.minor, and major.minor.patch tagged docker images to Dockerhub (#607)
|
|
* Removed out of date contact information (#668)
|
|
* Update authors in the cli help text (#645)
|
|
|
|
|
|
3.5.0
|
|
-----
|
|
Features:
|
|
|
|
* `sops exec-env` and `sops exec-file`, two new commands for utilizing sops secrets within a temporary file or env vars
|
|
|
|
Bug fixes:
|
|
|
|
* Sanitize AWS STS session name, as sops creates it based off of the machines hostname
|
|
* Fix for `decrypt.Data` to support `.ini` files
|
|
* Various package fixes related to switching to Go Modules
|
|
* Fixes for Vault-related tests running locally and in CI.
|
|
|
|
Project changes:
|
|
|
|
* Change to proper use of go modules, changing to primary module name to `go.mozilla.org/sops/v3`
|
|
* Change tags to requiring a `v` prefix.
|
|
* Add documentation for `sops updatekeys` command
|
|
|
|
3.4.0
|
|
-----
|
|
Features:
|
|
|
|
* `sops publish`, a new command for publishing sops encrypted secrets to S3, GCS, or Hashicorp Vault
|
|
* Support for multiple Azure authentication mechanisms
|
|
* Azure Keyvault support to the sops config file
|
|
* `encrypted_regex` option to the sops config file
|
|
|
|
Bug fixes:
|
|
|
|
* Return non-zero exit code for invalid CLI flags
|
|
* Broken path handling for sops editing on Windows
|
|
* `go lint/fmt` violations
|
|
* Check for pgp fingerprint before slicing it
|
|
|
|
Project changes:
|
|
|
|
* Build container using golang 1.12
|
|
* Switch to using go modules
|
|
* Hashicorp Vault server in Travis CI build
|
|
* Mozilla Publice License file to repo
|
|
* Replaced expiring test gpg keys
|
|
|
|
3.3.1
|
|
-----
|
|
|
|
Bug fixes:
|
|
|
|
* Make sure the pgp key fingerprint is longer than 16 characters before
|
|
slicing it. (#463)
|
|
* Allow for `--set` value to be a string. (#461)
|
|
|
|
Project changes:
|
|
|
|
* Using `develop` as a staging branch to create releases off of. What
|
|
is in `master` is now the current stable release.
|
|
* Upgrade to using Go 1.12 to build sops
|
|
* Updated all vendored packages
|
|
|
|
3.3.0
|
|
-----
|
|
|
|
New features:
|
|
|
|
* Multi-document support for YAML files
|
|
* Support referencing AWS KMS keys by their alias
|
|
* Support for INI files
|
|
* Support for AWS CLI profiles
|
|
* Comment support in .env files
|
|
* Added vi to the list of known editors
|
|
* Added a way to specify the GPG key server to use through the
|
|
SOPS_GPG_KEYSERVER environment variable
|
|
|
|
Bug fixes:
|
|
|
|
* Now uses $HOME instead of ~ (which didn't work) to find the GPG home
|
|
* Fix panic when vim was not available as an editor, but other
|
|
alternative editors were
|
|
* Fix issue with AWS KMS Encryption Contexts (#445) with more than one
|
|
context value failing to decrypt intermittently. Includes an
|
|
automatic fix for old files affected by this issue.
|
|
|
|
Project infrastructure changes:
|
|
|
|
* Added integration tests for AWS KMS
|
|
* Added Code of Conduct
|
|
|
|
|
|
3.2.0
|
|
-----
|
|
|
|
* Added --output flag to write output a file directly instead of
|
|
through stdout
|
|
* Added support for dotenv files
|
|
|
|
3.1.1
|
|
-----
|
|
|
|
* Fix incorrect version number from previous release
|
|
|
|
3.1.0
|
|
-----
|
|
|
|
* Add support for Azure Key Service
|
|
|
|
* Fix bug that prevented JSON escapes in input files from working
|
|
|
|
3.0.5
|
|
-----
|
|
|
|
* Prevent files from being encrypted twice
|
|
|
|
* Fix empty comments not being decrypted correctly
|
|
|
|
* If keyservicecmd returns an error, log it.
|
|
|
|
* Initial sops workspace auditing support (still wip)
|
|
|
|
* Refactor Store interface to reflect operations SOPS performs
|
|
|
|
3.0.3
|
|
-----
|
|
|
|
* --set now works with nested data structures and not just simple
|
|
values
|
|
|
|
* Changed default log level to warn instead of info
|
|
|
|
* Avoid creating empty files when using the editor mode to create new
|
|
files and not making any changes to the example files
|
|
|
|
* Output unformatted strings when using --extract instead of encoding
|
|
them to yaml
|
|
|
|
* Allow forcing binary input and output types from command line flags
|
|
|
|
* Deprecate filename_regex in favor of path_regex. filename_regex had
|
|
a bug and matched on the whole file path, when it should have only
|
|
matched on the file name. path_regex on the other hand is documented
|
|
to match on the whole file path.
|
|
|
|
* Add an encrypted-suffix option, the exact opposite of
|
|
unencrypted-suffix
|
|
|
|
* Allow specifying unencrypted_suffix and encrypted_suffix rules in
|
|
the .sops.yaml configuration file
|
|
|
|
* Introduce key service flag optionally prompting users on
|
|
encryption/decryption
|
|
|
|
3.0.1
|
|
-----
|
|
|
|
* Don't consider io.EOF returned by Decoder.Token as error
|
|
|
|
* add IsBinary: true to FileHints when encoding with crypto/openpgp
|
|
|
|
* some improvements to error messages
|
|
|
|
3.0.0
|
|
-----
|
|
|
|
* Shamir secret sharing scheme support allows SOPS to require multiple master
|
|
keys to access a data key and decrypt a file. See `sops groups -help` and the
|
|
documentation in README.
|
|
|
|
* Keyservice to forward access to a local master key on a socket, similar to
|
|
gpg-agent. See `sops keyservice --help` and the documentation in README.
|
|
|
|
* Encrypt comments by default
|
|
|
|
* Support for Google Compute Platform KMS
|
|
|
|
* Refactor of the store logic to separate the internal representation SOPS
|
|
has of files from the external representation used in JSON and YAML files
|
|
|
|
* Reencoding of versions as string on sops 1.X files.
|
|
**WARNING** this change breaks backward compatibility.
|
|
SOPS shows an error message with instructions on how to solve
|
|
this if it happens.
|
|
|
|
* Added command to reconfigure the keys used to encrypt/decrypt a file based on the .sops.yaml config file
|
|
|
|
* Retrieve missing PGP keys from gpg.mozilla.org
|
|
|
|
* Improved error messages for errors when decrypting files
|
|
|
|
|
|
2.0.0
|
|
-----
|
|
|
|
* [major] rewrite in Go
|
|
|
|
1.14
|
|
----
|
|
|
|
* [medium] Support AWS KMS Encryption Contexts
|
|
* [minor] Support insertion in encrypted documents via --set
|
|
* [minor] Read location of gpg binary from SOPS_GPG_EXEC env variables
|
|
|
|
1.13
|
|
----
|
|
|
|
* [minor] handle $EDITOR variable with parameters
|
|
|
|
1.12
|
|
----
|
|
|
|
* [minor] make sure filename_regex gets applied to file names, not paths
|
|
* [minor] move check of latest version under the -V flag
|
|
* [medium] fix handling of binary data to preserve file integrity
|
|
* [minor] try to use configuration when encrypting existing files
|