v0.4.3

• Default egress proxy port changed
  • If you used the default proxy port (9000), make sure to rebuild the images with this version of the Enclaver before running them.
  • The new port is 10000, changed to avoid a conflict with nitro-cli heartbeat port
• Fixed a docker image pull error from some registries
• Updated dependencies

v0.4.2

Security

• Update dependencies to address GHSA-q6cp-qfwq-4gcv and GHSA-6g7w-8wpp-frhj (#187)

v0.4.1

Security

• Update dependencies to address GHSA-8r5v-vm4m-4g25 and GHSA-r24f-hg58-vfrw (#186)

v0.4.0

Security

• Update dependencies to address GHSA-8qv2-5vq6-g2g7 (#174)
• Update dependencies to address GHSA-c827-hfw6-qwvm (#174)

Features

• Wait for all ingress traffic responses before shutting down (#169)
• Output the log files generated by nitro-cli when an enclave fails to start (#171)
• Add a debug-mode flag to enclaver run, which gets forwarded to nitro-cli run-enclave (#170)

v0.3.1

Security

• Update dependencies to address GHSA-8qv2-5vq6-g2g7 (#174)
• Update dependencies to address GHSA-c827-hfw6-qwvm (#174)

v0.3.0

Security

• Use EdgeBit to scan repository for vulnerabilities (#158)
• Update dependencies to address GHSA-g98v-hv3f-hcfr (#161)
• Update dependencies to address GHSA-8qv2-5vq6-g2g7 (#162)

Features

• Added --verbose flag for controlling the amount of logging output (#160)

Documentation Updates

• Run Your First Enclave
  New guide for running an example application within an enclave

Internal Development

• Use Rust's Stable channel (#141)
• Specify MSRV (minimum supported Rust version) (#142)
• Add performance test (#139, #149, #156)
• Add support for tracing (tokio-console) in development builds (#159)

v0.2.0

Features

• Reduced container image sizes by using builder images (PR #118)
• Improved logging of errors that occur on startup (Fixes #75)
• Improved automatic update management of internal dependencies (PR #110)
• CloudFormation for EKS node groups to use Enclaver images (PR #113)

Documentation Updates

• Using the KMS proxy
  New guide to using the KMS proxy with Go, NodeJS, Ruby, and Python to automatically attach the attestation document to API requests.

• Deploy on Kubernetes
  For Kubernetes users, a provided CloudFormation allows for easy creation of EKS node groups. The documentation contains an example Deployment/Pods that install and run secure enclaves alongside your other Kubernetes applications.

• Embedded videos for the AWS, Kubernetes and No-Fly-List guides

• Various updates to the Architecture document

v0.1.0

Enclaver aids engineers in building, testing and running code within secure enclaves, starting with AWS Nitro Enclaves.

Read the announcement blog post.

Features

• Build enclave images from containerized applications with enclaver build (docs)
• Run enclaves on AWS Nitro-enabled instances with enclaver run (docs)
• Enforce egress network policy (docs)
• Integration with AWS KMS to use the enclave's attestation for decryption API calls (docs)

Documentation

• Architecture
  Background about how Enclaver is engineered and why those decisions were made

• No-Fly-List Python app
  Deploy the No-Fly-List app, which checks passengers attempting to fly on an airline against a no-fly list. It’s a fairly simple Python application that requires protection “in-use” for its data, because we don’t want anyone to be able to see the full no-fly list.

  This guide is applicable to any microservice or security-centric function at your organization.

• Hashicorp Vault
  Run Hashicorp Vault within an enclave to fully isolate it after it’s unsealed.

  This guide is model for running off-the-shelf or commercial software in an enclave.