v2.1.0-rc.5

This is a prerelease - please see commit messages for changes

v2.0.0-rc.7

This is a prerelease - please see commit messages for changes

v2.0.0-rc.6

This is a prerelease - please see commit messages for changes

v1.6.4

Release updates:

Name	Version	Changed
safe	0.3.2	yes

v1.6.3

Bug fixes:

Small improvments:

Upgraded to use Bionic.

Release updates:

Name	Version	Changed
safe	0.3.1	yes

v1.6.2

Bug Fixes

• Correct (( static_ips )) operator syntax, which broke Genesis' adaptive
  merge found in Genesis v2.7.23 and later.

Software Components

Release	Version	Release Date	Updated
safe	0.3.0	15 April 2020	no

v1.6.1

Improvements

• If params.vault_domain is specified, the target addon will use the
  domain instead of the IP address in the safe target.

• The target addon will take a <auth-type> argument to specify how to
  authenticate to vault. Defaults to token if unspecified, which is its
  previous exclusive method.

• Vault domain is now available in the exodus data.

• Adds support for explicit IPs by specifying a list under params.ips in the
  environment, and automatically calculates the number of instances based on
  that list of IPs.

• Update post-deploy output for new behaviour:

  Only print info about initializing and unsealing the vault if it wasn't
  able to be insealed automatically.

  KV Secrets Engine v2 is now on by default, but will not upgrade existing
  mounts. Updated post-deploy text to let users know how to upgrade if
  they still have a v1 engine.

  Also prints out the status after insealing vault.

Bug Fixes

• Fix predeploy to grab unseal keys from target vault (#16)

  Prior to this change, keys were being grabbed from the active vault
  being used to deploy this vault. If that vault also had vault unseal
  keys, they would be grabbed, but fail to unseal this fault in the
  post-deploy hook.

• Failed cloud config checks will now exit non-zero.

  This is part of the solution to ensure that if cloud-config checks fail,
  the deployment won't continue. The other half of this fix will be
  provided in genesis v2.7.19.

Software Components

Release	Version	Release Date	Updated
safe	0.3.0	15 April 2020	no

v1.6.0

Kit Breaking Changes

• Moved properties for vault job from instance-group level to job level. This
  is due to support for instance-group level properties being dropped by new
  versions of BOSH.

Update to Genesis v2.7.0

• In order to use the alternate secrets mounts provided by Genesis v2.7.0, the
  kit has been updated to comply with its requirements. You will need to use
  Genesis v2.7.0 or later to use this kit version.

Updates

• Bumped version of Vault to 1.4.0
• Added params.vault_domain to allow setting the DNS SAN for the vault certs.
• Certificates for Vault are now generted by genesis for a TTL of 2y to satisfy new browser certificate constraints
  • You may need to run genesis add-secrets when upgrading to this version of the kit.

v1.5.1

This release cleans up BOSH v1 manifest keys that can prevent deployment with
v270+ BOSH directors.

Software Components

Name	Version	Release Notes
safe-boshrelease	v0.2.1	Release Notes

v1.5.0

Software Updates

• safe-boshrelease bumped to 0.2.1

New Features

• This version of Vault supports versioned secrets. See output of post-deploy summary for details
  on enabling this feature.
• Added ui param. If set to true, turns on the Vault UI. See MANUAL.md for more info.

Software Components

Name	Version	Release Notes
safe-boshrelease	v0.2.1	Release Notes