0.2.0
December 30, 2024
CHANGES:
- Support authentication methods such as approle, userpass, and cert for login.
- Support the CLI (Command Line Interface). The supported commands are: server, status, operator [init|seal|unseal], login, auth [list|enable|disable|move], read, list, write, delete.
- Support MySQL backend storage.
- Added the functions of issuing SM2 certificates and managing SM2 and SM4 keys.
- Added the function of RSA asymmetric encryption/decryption.
- Added the Prometheus function.
- Added the function that the crypto module at compile time can be switched to use Tongsuo or OpenSSL according to your own needs.
- Added two request processing phases: pre_auth and post_post. Users can implement their own token verification logic and their own ACL (Access Control List) logic.
- A request can be bound to a Handler. If a request is bound to its own Handler, only its own handler will be called during the request processing phase, and other handlers will not be called.
- Added Context to the request data structure. Users can save their own context information between request processing phases.
IMPROVEMENTS:
- The request processing phase handlers have been changed to asynchronous functions to improve performance.
- Removed the read-write locks for barrier encryption/decryption to improve performance.
- Perform path verification when encrypting/decrypting barriers to prevent paths from accessing encrypted data that does not belong to them.
- Added an HMAC verification value to MountEntry to prevent MountEntry data from being tampered with.
- Added the implementation of the test case framework.
- Added the implementation of environment variables and request headers that are compatible with Vault.
BUG FIXES:
- Fixed the bug that reported an error when remounting the auth path.
- Fixed the bug where the TLS client authentication failed.