- Fix panic
d.nx != 0
caused by concurrency issue on hashing credentials.
- Fix padding issue with malleable ECDSA signatures
- Mathematically transform malleable ECDSA signatures into non-malleable signatures.
- Support for OIDC token custom claims
AUTH_OIDC_CUSTOM_CLAIMS
for tenant_id and permissions. - Support for ED25519 keys (EdDSA signature scheme using SHA-512 and Curve25519)
- Invalid authentication forwarded to downstream proxy nodes if QKM authentication is enabled.
- Fixed AWS client issue preventing racing condition on key state transition changes.
- Fixed invalid request error on create Registry with empty payload
- Fixed forwarding of vault service 429 errors.
- Retry on AKV malleable ecdsa signatures.
- Fixed failure on estimating gas sending deploy contract eea_transactions.
- Fixed a bug in the
sync
command that prevent it from running. - Fixed database connectivity when password contains non URL encoded characters.
- Support for import of secrets, keys and ethereum accounts through command line (
sync
command) - Support for alias management on
/registries/{registryName}/aliases
- Support Token Issuer Servers to validate JWTs. Environment variable
AUTH_JWT_ISSUER_URL
andAUTH_JWT_AUDIENCE
- Env var
AUTH_OIDC_CA_CERT
and flag--auth-oidc-ca-cert
renamed toAUTH_OIDC_PUB_KEY
and--auth-oidc-pub-key
- Manifest definition changes introducing the new kind
Vault
. See the documentation for more information. - Removed usage of
AUTH_JWT_CERTIFICATE
in favor ofAUTH_JWT_ISSUER_URL
andAUTH_JWT_AUDIENCE
- Fixes bug in Hashicorp client that prevents the process from exiting when a new token is written or updated from filesystem.
- Use comma as column separator in CSV file for API key definition
- Enabled support for TLS communication with Hashicorp Vault
Initial release of the Quorum Key Manager
- Support for Hashicorp KV Secrets Engine
- Support for Quorum Hashicorp Vault Plugin (custom plugin)
- Support for Azure Key Vault (secrets and keys)
- Support for AWS Secrets Manager
- Support for AWS Key Management Service (KMS)
- Support for Ethereum account management using an underlying key store
- Node proxy connected to an underlying Blockchain Node (tested with GoQuorum and Hyperledger Besu) intercepting JSON-RPC calls
- Support for authorization using OIDC, TLS and API-KEY
- Support for authentication based on roles and permissions
- Usage Postgres DB to resources public information
- Support for PostgreSQL migrations through command line
- Communication between HashiCorp Vault and Quorum Key Manager cannot use TLS