Safe v0.0.23

New Features

• Added safe dhparam for generating randomized DH params,
  and storing the PEM data in the secret backend.
• safe get can now be used to get a single key from a path,
  using the format safe get secret/path/to/thing:key. Similarly,
  this notation can be used for things like safe export, and
  safe copy.

Improvements

• safe crl-pem and safe ca-pem now support a path argument,
  triggering safe to store the corresponding PEM data in the
  secret backend, at path.

Bug Fixes

• safe cert no longer stomps on pre-existing values stored
  in the path at which the cert is being generated.

Safe v0.0.22

New Features

• Added safe curl command for arbitrarily executing HTTP queries
  against a safe target. This allows you to authenticate to Vault,
  and hit the raw APIs for experimentation.
• Added safe cert command for issuing signed certificates using
  Vault's PKI backend.
• Added safe revoke command for revoking certificates issued
  using Vault's PKI backend.
• Added safe crl-pem command for displaying the Certificate
  Revocation List (CRL) in PEM format, pulled from Vault's
  PKI backend.
• Added safe ca-pem command for displaying the Certificate
  Authority certificiate in PEM format, pulled from Vault's PKI
  backend.

Safe v0.0.21

Improvments

• Non-data messaging is now sent to standard error, so that it
  doesn't interfere with piping data to other safe commands.

• Add support for recursive move/copy/delete

  Users are now able to move, copy, or delete
  trees in Vault recursively, via the -R flag.
  This will prompt for confirmation. If you wish
  to ignore confirmation and copy/move/delete blindly,
  use the -f flag as well.

  NOTE: Vault does not appear to delete empty directories,
  which may lead to confusion after a move/delete, and
  the directories still appear. Any keys/values inside
  those directories have been removed.

• In order to properly display, copy, and move these, safe
  now makes a distinction between node1/ and node. This
  will show up in safe tree as a blue directory node, and a
  green leaf node.

• safe tree and safe paths will now hide any intermediary
  nodes that do not have any leaf nodes underneath them (or any
  of their child-intermediary nodes).

• Added request debugging

Bug Fixes

• Fixed a bug in safe tree and safe paths whereby
  the listings of node1/ would be duplicated, and the listing
  of node1 was overlooked.

Safe v0.0.20

Bug Fixes

• Tree facilities like safe tree and safe export now work with
  Vault 0.6.0+, while retaining backwards compatibility with prior
  versions. Fixes #31

Development Improvements

• We now have a regression test suite, that gets tested against
  several versions of Vault (look Ma, no mocks!)

Safe v0.0.19

Improvements

• Output from safe targets is now sorted.
• safe target (with no arguments) prints the currently targeted
  Vault (name and URL), or the error "No Vault currently targeted"

Safe v0.0.18

New Features

• safe set can now take arguments in the form attr@/path, to
  read the contents of an on-disk file into the named attribute of
  the path being modified. This should allow importing multiline
  data (like RSA keys and SSL/TLS certificates) more naturally.
  Fixes #17

Bug Fixes

• safe rsa now generates the RSA public key in PKCS#8 format,
  instead of PKCS#1 format. Primary difference is that #8 uses
  the leader / trailer -- BEGIN/END PUBLIC KEY --, whereas #1 uses
  -- BEGIN/END RSA PUBLIC KEY --. That extra "RSA" trips up some
  software that does explicit header inspection (ike CF UAA)

Safe v0.0.17

Bug Fixes

• Properly handle 307 redirects in an HA configuration, when
  authenticating against the non-leader vault.

Safe v0.0.16

Improvements

• New -k / --insecure flag for forcibly skipping the SSL/TLS
  certificate verification phase of Vault communication, in case
  you have a self-signed certificate and don't want to keep
  setting $VAULT_SKIP_VERIFY manually (Issue #23).
• Secure prompts now accept input from standard input. This
  allows scripted installations of Vault (to a degree) since the
  safe auth step can be fed data from a file (Issue #21).
• safe target now inspects the alias and url that you give it,
  and if it finds that you have switched them, it reorders them
  for you. (Issue #25).
• safe now falls back to using $VAULT_ADDR and ~/.vault-token
  (if present) when there is no ~/.saferc, allowing people to
  transition from using the vault CLI to use safe with targets
  (Issue #11).

Bug Fixes

• Duplication of subtrees is now fixed. Previously, if you had a
  path, say secret/aws that help attributes of its own (like
  access_key and secret_key), but you also had a path like
  secret/aws/environment/stuff, the tree subcommand would list
  the aws subtree twice: once for the path itself (including all
  children) and a second time for the component of the larger
  path. This has been fixed (Issue #24).

Safe v0.0.14

#New Features

• The safe fmt command has been added, to reformat
  keys already stored in Vault, such as encoding it in
  base64, or creating a crypt-sha512 hash of it

Safe v0.0.11

#Improvements

• When using safe ssh, the data inserted into vault will now also
  include the ssh fingerprint of the pubkey (similar to what is returned
  via ssh-keygen -lf <pubkey>.