Skip to content

Releases: Qarik-Group/safe

Safe v1.8.0

16 Feb 01:23
Compare
Choose a tag to compare

Improvements

Safe now supports escaping : and ^ characters in paths and keys with the \ character.

Some examples:
safe get secret/colon\:test:foo will get the key foo from the secret at the path secret/colon:test.
safe get secret/foo:ba\:r will get the key ba:r from the secret at the path secret/foo

This sort of worked before, sometimes, kinda, for some commands, as we'd only acknowledge the last colon as special for commands that accepted keys in their paths. For others, we'd often just err if there was a colon at all in the secret path.

We still only respect the final colon or caret in a path as special, but any of them can be escaped by preceding them with a backslash so that they are not used as a separator.

Additionally, the output of safe paths --keys now escapes colons in the output when they are not the secret:key separator.

Safe v1.7.0

24 Aug 15:41
Compare
Choose a tag to compare

New Features

  • Auth now supports Okta login (thanks @thehandsomezebra)
  • We build for darwin/arm64 now!

Improvements

  • The auth commands now use the same code paths as all of the other Vault-accessing commands, and so now their behavior should be more consistent with other commands.

Safe v1.6.1

24 May 19:37
Compare
Choose a tag to compare

Improvements

  • HTTP calls that list paths in the Vault have been switched to use the GET HTTP method for greater compatibility with proxies.

Safe v1.6.0

29 Mar 17:31
Compare
Choose a tag to compare

New Features

  • safe uuid is a new command that will generate a UUIDv4 and insert it into
    the specified path at the Vault. (thanks @gerardocorea)
  • safe option allows you to view and edit new safe CLI global options.
    Currently, the only option is manage_vault_token, which will have safe
    change the .vault-token file that the Vault CLI uses. (thanks @daviddob)

Improvements

  • safe versions now shows when versions in a KVv2 backend were created.

Miscellaneous

  • The release binaries are now compiled with Go 1.16, up from Go 1.13. This means that these builds include the Go 1.15 x509 library changes that may cause certificates that relied on the target domain being in the Subject line (as opposed to the Subject Alternative Names) to be untrusted.

Safe v1.5.9

20 Jan 14:21
Compare
Choose a tag to compare

New Features

  • x509 renew and x509 reissue now accept the -n and -s flags to update
    subject alternative names and subjects respectively.
  • undelete now treats not specifying a version to mean the latest version
    (@daviddob)
  • cp gives a proper error when trying to perform copy all versions of a
    specific version of a secret, which doesn't make any sense. (@daviddob)

Bug Fixes

  • x509 reissue now properly reads in the key usage flags.
  • cp will no longer panic when trying to copy a version of a secret which is
    not the latest. (@daviddob)

Safe v1.5.8

02 Oct 16:10
Compare
Choose a tag to compare

New Features

  • Added safe auth status command. It prints out information about the
    current auth token.
  • Added --json flag to safe auth status. It prints out said information
    in a JSON format.

Improvements

  • safe targets --json output now includes if the target expects
    a Strongbox server to be present, and also the targeted Vault namespace,
    if any.

Bug Fixes

  • safe auth now respects the -T flag when writing the token.
  • safe local no longer races with the Vault server actually listening on its endpoint, and will wait up to 5 seconds for it to begin listening.

Safe v1.5.7

02 Jul 13:05
Compare
Choose a tag to compare

Bug Fixes

  • safe recognizes performance standbys as standbys for the purpose of safe status.
  • safe now won't use namespaces when trying to interface with /sys/health or /sys/seal-status, because these result in unsupported path errors from Vault.
  • safe ls should now work with more versions of Vault when listing the root.
  • safe env --json now exposes VAULT_NAMESPACE
  • x509 show now displays data encipherment as data encipherment and not data encupherment, which is definitely not data encipherment.

Safe v1.5.6

13 May 14:39
Compare
Choose a tag to compare

Improvements

  • safe local now has a --port flag; you can now manually set the port that
    the local Vault listens on.

Safe v1.5.5

04 May 20:51
Compare
Choose a tag to compare

Improvements

  • safe x509 renew can now set new key usages for the renewed certificate.
  • When using an SSH proxy, safe now handles the ssh known_hosts file better.
    It can now handle when the known_hosts file is empty, and also safe now adds
    newlines to lines that it adds.

Safe v1.5.4

17 Mar 17:52
Compare
Choose a tag to compare

Improvements

  • Better error response for unexpected HTML responses when the HTTP return code
    is non-2xx
  • x509 commands now populate the x509 v3 extensions for authority key ID and
    subject key ID.