Releases: egen/safe
Safe v1.8.0
Improvements
Safe now supports escaping :
and ^
characters in paths and keys with the \
character.
Some examples:
safe get secret/colon\:test:foo
will get the key foo from the secret at the path secret/colon:test
.
safe get secret/foo:ba\:r
will get the key ba:r
from the secret at the path secret/foo
This sort of worked before, sometimes, kinda, for some commands, as we'd only acknowledge the last colon as special for commands that accepted keys in their paths. For others, we'd often just err if there was a colon at all in the secret path.
We still only respect the final colon or caret in a path as special, but any of them can be escaped by preceding them with a backslash so that they are not used as a separator.
Additionally, the output of safe paths --keys
now escapes colons in the output when they are not the secret:key separator.
Safe v1.7.0
New Features
- Auth now supports Okta login (thanks @thehandsomezebra)
- We build for darwin/arm64 now!
Improvements
- The auth commands now use the same code paths as all of the other Vault-accessing commands, and so now their behavior should be more consistent with other commands.
Safe v1.6.1
Improvements
- HTTP calls that list paths in the Vault have been switched to use the GET HTTP method for greater compatibility with proxies.
Safe v1.6.0
New Features
safe uuid
is a new command that will generate a UUIDv4 and insert it into
the specified path at the Vault. (thanks @gerardocorea)safe option
allows you to view and edit new safe CLI global options.
Currently, the only option ismanage_vault_token
, which will have safe
change the .vault-token file that the Vault CLI uses. (thanks @daviddob)
Improvements
safe versions
now shows when versions in a KVv2 backend were created.
Miscellaneous
- The release binaries are now compiled with Go 1.16, up from Go 1.13. This means that these builds include the Go 1.15 x509 library changes that may cause certificates that relied on the target domain being in the Subject line (as opposed to the Subject Alternative Names) to be untrusted.
Safe v1.5.9
New Features
x509 renew
andx509 reissue
now accept the-n
and-s
flags to update
subject alternative names and subjects respectively.undelete
now treats not specifying a version to mean the latest version
(@daviddob)cp
gives a proper error when trying to perform copy all versions of a
specific version of a secret, which doesn't make any sense. (@daviddob)
Bug Fixes
x509 reissue
now properly reads in the key usage flags.cp
will no longer panic when trying to copy a version of a secret which is
not the latest. (@daviddob)
Safe v1.5.8
New Features
- Added
safe auth status
command. It prints out information about the
current auth token. - Added
--json
flag tosafe auth status
. It prints out said information
in a JSON format.
Improvements
safe targets --json
output now includes if the target expects
a Strongbox server to be present, and also the targeted Vault namespace,
if any.
Bug Fixes
safe auth
now respects the-T
flag when writing the token.safe local
no longer races with the Vault server actually listening on its endpoint, and will wait up to 5 seconds for it to begin listening.
Safe v1.5.7
Bug Fixes
- safe recognizes performance standbys as standbys for the purpose of
safe status
. - safe now won't use namespaces when trying to interface with /sys/health or /sys/seal-status, because these result in unsupported path errors from Vault.
safe ls
should now work with more versions of Vault when listing the root.safe env --json
now exposes VAULT_NAMESPACE- x509 show now displays data encipherment as data encipherment and not data encupherment, which is definitely not data encipherment.
Safe v1.5.6
Improvements
- safe local now has a --port flag; you can now manually set the port that
the local Vault listens on.
Safe v1.5.5
Improvements
- safe x509 renew can now set new key usages for the renewed certificate.
- When using an SSH proxy, safe now handles the ssh
known_hosts
file better.
It can now handle when theknown_hosts
file is empty, and also safe now adds
newlines to lines that it adds.
Safe v1.5.4
Improvements
- Better error response for unexpected HTML responses when the HTTP return code
is non-2xx - x509 commands now populate the x509 v3 extensions for authority key ID and
subject key ID.