v0.44.1

Fixed

• Migration tools for 1Password now work again correctly with the latest version of the 1Password CLI. #400

v0.44.0

Added:

• Added support for using 1Password CLI 2 when using the migration tools. See https://secrethub.io/docs/1password/migration/ for detailed instructions on how to use these new commands. (#396)

v0.43.0

Added

• Added commands that allows you to migrate secrethub.env files, configuration files that include secret references and template files (used with inject) to 1Password. See https://secrethub.io/docs/1password/migration/ for detailed instructions on how to use these new commands. (#386, #389, #390)

Changed

• The command to migrate your secrets from SecretHub to 1Password is now idempotent, so it supports running them again to apply any new changes without changing the already migrated secrets. (#379)
• When migrating your secrets to 1Password, the API Credential item type is now used instead of the Login item type (#387)

v0.42.1

Fixed

• Fixed a bug that causes testcases to sometimes fail on some systems. This is relevant for AUR, since the tests are run as part of the installation process. (#382)
• Added support for more 1Password CLI configuration directories for the migration commands. (#378)
• In the migration commands, handle the case were a user is a member of a repository, but does not have read access on any directories in the repo (#380)

v0.42.0

Release v0.42.0

Added

• Added commands to plan and execute a migration of secrets to 1Passsword and a command to assist in using those secrets with the 1Password Kubernetes operator. Check out https://secrethub.io/blog/secrethub-joins-1password/ for the announcement of the acquisition and https://secrethub.io/docs/1password/migration/ for detailed instructions on migrating to 1Password Secrets Automation. (37521a4)
• Added auto-completion (#333)
• Improved error message for missing credentials of machine accounts (#370)
• Added support to use secrethub account inspect for service accounts (#359)
• Improved help-text for --secrets-dir flag of run command (#350)

Fixed

• Corrected help-text message for AWS service account default descriptions (#356)

Removed

• Removed the previously deprecated signup command. Use https://signup.secrethub.io instead.

v0.41.2

Fixed

• When secret paths contain . or - characters, these are now replaced with _ in the names of environment variables loaded by the --secrets-dir flag of secrethub run. . and - are illegal characters in environment variable keys. (#352)

v0.41.1

This is a hotfix release to address a test that failed 50% of the time, causing installation through the Arch User Repository and builds from source to not always work as expected.

Fixed

• CLI test that failed randomly based on the order in which a range statement was executed. (#348)

v0.41.0

Added

• --secrets-dir flag that maps all secrets in a directory to environment variables (#299)
• -f, -i and --noreport flags to tree command (#319)

Changed

• New signup flow using https://signup.secrethub.io/ (#332, #340, #341, #342)
• demo init doesn't error when demo repo already exists (#321)

Fixed

• Masker race condition (#320)

v0.40.0

Added

• Introducing keyless apps for Google Cloud Platform: applications running on Google's compute services (GCE, GKE, etc.) can now natively authenticate to SecretHub to fetch their secrets, without needing to manage another key.
• Functions to create and manage links to GCP projects: secrethub service gcp link, secrethub service gcp list-links and secrethub service gcp delete-link. These links are needed to create a service account that makes use of the SecretHub Identity Provider. The GCP project of every GCP Service Account that is used for the Identity Provider first has to be linked to a SecretHub namespace. (#298)

Changed

• secrethub service init now returns an error if it is passed the path to a directory instead of a repository as the argument. (#311)

v0.39.0

Added

• Proxy to use for connecting to the SecretHub API can now be set with the --proxy-address flag or by setting the SECRETHUB_PROXY_ADDRESS environment variable. (#293)
• secrethub mkdir now accepts multiple arguments for directories to create. (#290)
• secrethub audit now supports --output-format=json to output the audit log entries in JSON format. (#269)
• [private beta] Functionality for creating and using the GCP Identity Provider to use keyless authentication on GCP was introduced.

Changed

• secrethub audit uses the OS's default pager ($PAGER) to paginate its output. If no default is set, less or else more is used if it's available. If no pager is available, the output is limited to 100 lines. (#269)

Please note that the GCP Identity Provider is released as a private beta. This means that the API will not accept the creation of a service account using this Identity Provider if you're not admitted to the private beta. Furthermore, the signature of this functionality might change in the future.

If you want to test this functionality, please reach out to us at support@secrethub.io.