Safe v0.9.5

Improvements

• safe x509 issue no longer propagates duplicate --name values
  into the resulting X.509 certificate's subject alt names list.

• The help for safe set now documents all the fun little tricks
  that safe has up its sleeve, like safe set key@some/file.

Bug Fixes

• If you somehow manage to create an empty path via safe set or
  some other out-of-band access to the Vault, safe paths will no
  longer panic when it encounters it.

• For weirdos who populate ~/.saferc with empty tokens and then
  target their vaults via URL (you know who you are), target
  lookup has been fixed to work as expected.

Safe v0.9.4

Bug Fixes

• Line endings on windows are now properly trimmed when using prompt() functionality.

• Windows LDAP auth should now be functional on more environments due to the above fix.

Safe v0.9.3

Improvements

• The secret key needn't be resident in the vault for safe x509 show to work, which is great when you just want to show the
  cert someone gave you, that you didn't generate.

• safe x509 ... commands now properly handle bundled
  certificates, where the intermediary CAs are bundled with in a
  set of PEM blocks concatenated together. Yay for corp X.509!

Safe v0.9.2

Improvements

safe x509 validate now works with PKCS#8 private keys. Which everybody knows
is the kind that openssl makes, obviously.

Safe v0.9.1

Improvements

• Added --bash and --fish flags to safe env to specify the formatting for a specific shell.

Bug Fixes

• safe ls without arguments now lists all kv/generic type mounts. It
  now also formats the output in a way which is consistent with the rest
  of safe ls

Safe v0.9.0

Improvements

• Safe is now more compatible with Windows, which is useful.
  We now also build an release windows binary assets too!

• safe local now works with really old Vaults like 0.6.x

• You can now delete targets from your saferc, without resorting
  to an editor.

Safe v0.8.1

Improvement

• safe seal now accepts all seal keys on standard input, making
  it trivial to automate unsealing of the Vault (assuming you can
  safely handle the seal keys...)

• safe init and safe rekey now write the seal keys to the
  Vault, at secret/vault/seal/keys. This behavior can be turned
  off by specifying the new --no-persist flag.

Safe v0.8.0

Bug Fixes

• safe local now properly re-targets your previous Vault when
  it is done running the Vault.
• safe x509 renew added, allowing you to renew the cert at a given path.
• safe x509 reissue added, allowing you to reissue cert with new random key.

Safe v0.7.0

New Features

• safe local will spin a Vault server for you, initialize and
  unseal it, and target it seamlessly. You can opt for transient
  local vaults via safe local --memory or more durable vaults
  via safe local --file path/to/store. You can name your local
  vaults, but safe took a creative writing course and it itching
  to use its newfound list of adjectives and nouns!

• safe target and safe targets now support a --json flag,
  for getting target information in a script-parseable format.

• Targets can now be specified by URL. If you have multiple
  aliases for the same Vault (i.e. for specifying different auth
  parameters), you must use the aliases, since safe can't
  figure out which target you truly meant.

Safe v0.6.4

Improvements

• X.509 certificates can now be issued with Key-Usage and Extended
  Key-Usage constraints. See RFC 5280 for details.

• safe x509 show now prints out human-readable (and comprehensible!)
  explanations for Key-Usage and Extended Key-Usage constraints.

Bug Fixes

• Paths given to safe curl are now canonicalized, to remove
  extra slashes, since Vault just won't tolerate those sorts of
  shenanigans.