6.0
Features
Server model
Introduced a new server model. Instead of spawning a subprocess for each package signed, relic maintains a persistent pool of one or more worker subprocesses for each configured token. The subprocess periodically monitors the token status, and if it fails a health check or a signing operation fails with an error indicative of token problems the subprocess exits and a new one starts. The main server process will retry several times before giving up.
PKI authentication
In addition to the existing fingerprint-based authentication, a PKI-based option is now available. Attaching a certificate to a configured client enables clients to authenticate using a certificate signed by the configured one. This enables the use of time-limited, job-specific and/or centrally-managed certificates from e.g. vault. The subject name of the certificate is also logged and can be used to trace the request to its original job.
Deprecations
- Windows service support has been removed. Command-line token use will continue to be supported, as well the pure-Go client-only executable.
- Removed the ability to "seal" audit log entries.