- Cache Hashicorp connection for same host/port
- Azure bulk map secrets can now be filtered based on tags.
- AWS/Azure Secret mapping results reporting error count. This can be used as part of healthcheck service.
- Update Azure SDK versions
- Updating jackson and aws sdk versions
- AWS Secrets Manager - multiple values can be parsed from single secret name (line terminated values).
- Various dependency upgrades
- Added support for prefix filter for AWS secrets manager
- Added support for bulk loading of secrets from AWS Secrets Manager
- AWS secrets manager using environment config didn't work when using web identity tokens due to missing sts library.
- Update various dependent libraries versions
- Performance improvements for AWS Secrets Manager
- Added support for AWS Secrets Manager
- Update various dependencies.
- Adding Vertx 4 which makes signers backward incompatible.
- Update Tuweni libraries to 2.0.0
- Add ALLOWLIST as Hashicorp TrustStore type.
- Updated to log4j 2.17.1. Resolves two potential vulnerabilities which are only exploitable when using custom log4j configurations that are either writable by untrusted users or log data from the
ThreadContext.
- Updated log4j to 2.17.0 to mitigate potential DOS vulnerability when the logging configuration uses a non-default Pattern Layout with a Context Lookup.
- Updated log4j to 2.16.0 to mitigate JNDI attack via thread context.
- Allow BLS key store data to be loaded from string.
- SignerProvider to use SignerIdentifier instead of ECPublicKey to obtain Signers.
- Allow empty password files to be read when creating a Signer
- Upgrade to Azure Key Vault 4.3.3 removes support for previously deprecated SECP256K1 curve.
- Azure remote signing - add support for keys using curve name P-256K and signature algorithm name ES256K. Curve name SECP256K and signature algorithm name ECDSA256 are deprecated by Azure.
- Upgrade gradle version
- test-fixtures jars are handled by cloudsmith
- Publish artifacts to Cloudsmith
- Move to tag based release
- Managed Identity credentials support in Azure Key Vault
- NA
- BLS keystore file (EIP-2335) parsing - make path and UUID fields optional
- NA
- Change Interlock keystore API fetchKey argument type
- NA
- YubiHSM2 as keystore using PKCS11 module.
- yubihsm-shell integration has been removed.
- N/A
- F-Secure Interlock for Armory II as keystore
- N/A
- YubiHSM2 as keystore
- N/A
- N/A
- Correctly handle null/exceptions when raised by mapper passed into Azure Key Vault
- Added ability to map all secrets in Azure Key Vault to a business object
- N/A
- "Raw" toml files can now be created (toml file contains a single private key hex string)
- Add ability to list all secret names in an Azure Key Vault
- N/A
- Applied new unicode normalization rules for EIP2335 keystore passwords.
- AzureKeyVaultSigner can be configured to not hash data prior to signing
- Allowed CredentialSigner to hash (or not) the supplied data prior to siging
- N/A
- Changed signer's language from 'Address' to 'PublicKey'
- Uses java security ECPublicKey to index signers
- Moved to latest version of Azure KeyVault libraries
- Able to sign using a key stored as a hex string in an Azure KeyVault Secret (but signing performed on local machine)
- Enabled check_licenses gradle task to ensure compliance with Apache 2.0 licensing