Skip to content

6.0

Compare
Choose a tag to compare
@mtharp mtharp released this 21 May 14:59
· 142 commits to master since this release

Features

Server model

Introduced a new server model. Instead of spawning a subprocess for each package signed, relic maintains a persistent pool of one or more worker subprocesses for each configured token. The subprocess periodically monitors the token status, and if it fails a health check or a signing operation fails with an error indicative of token problems the subprocess exits and a new one starts. The main server process will retry several times before giving up.

PKI authentication

In addition to the existing fingerprint-based authentication, a PKI-based option is now available. Attaching a certificate to a configured client enables clients to authenticate using a certificate signed by the configured one. This enables the use of time-limited, job-specific and/or centrally-managed certificates from e.g. vault. The subject name of the certificate is also logged and can be used to trace the request to its original job.

Deprecations

  • Windows service support has been removed. Command-line token use will continue to be supported, as well the pure-Go client-only executable.
  • Removed the ability to "seal" audit log entries.