The changelog format is based on Keep a Changelog.
This project uses Semantic Versioning - MAJOR.MINOR.PATCH
- Fixed a crash when a templated field accesses an out-of-bounds list index
- When metadata that is written to Vault is templated using a list or dict, in addition to concatenating the values into a sorted comma-separated list, the master now additionally creates a separate suffixed key for each individual item #106
- Fixed compatibility with master cluster mode #99
- Fixed the client used for unwrapping authentication credentials not respecting
client
configuration when no cached configuration is available #95
- Readded direct package dependency on cryptography
- Change unseal query to be always unauthenticated. #85
- Added support for credential orchestration in Salt-SSH wrappers, added wrappers for vault, vault_db, vault_pki modules #54
- Added
vault_ssh
execution, state and wrapper modules for managing and using the SSH secret backend #58 - Improved handling of KV v2 secret versions #61
- Added
vault_secret
state module for statefully managing secrets #62
- Required x509_v2 modules to be available for specific parameters to
vault_pki
, dropped direct dependency on cryptography #78
- Fixed vault.update_config crash #77
- Fixed a crash when renewing/revoking leases that have been revoked on the Vault server early #45
- Added an optional switch for validating cached leases with the Vault server before returning them from the LeaseStore #46
- Implemented setting per-lease defaults of lifecycle parameters #47
- Implemented caching arbitrary metadata together with a lease and included it in expiry events #48
- Added a LeaseStore method for listing cached lease information #49
- Added
vault_db
modules for management and usage of the Vault database secret backend #52 - Added
vault_lease
beacon module to monitor and renew cached leases #53 - Added vault_pki modules for interfacing with the PKI backend and managing X.509 certificates #58
- Added support for retry logic and specific connection settings in
vault:client
#65
- Deprecated Vault pillar configuration with
conf
parameter andpath=
prefix #30
- Changed Vault pillar module configuration #30
- Fixed Salt master does not renew token #10
- Fixed vault module fetching more than one secret in one run with single-use tokens #11
- Fixed Vault verify option to work on minions when only specified in master config #12
- Fixed vault command errors configured locally #13
- Fixed sdb.get_or_set_hash with Vault single-use tokens #14
- Fixed Vault session storage to allow unlimited use tokens #15
- Fixed salt-minion 3006.0 KeyError without 'vault' config key #22
- Fixed verify parameter for unwrap requests #34
- Added Vault AppRole and identity issuance to minions #16
- Added Vault AppRole auth mount path configuration option #17
- Added distribution of Vault authentication details via response wrapping #18
- Added Vault token lifecycle management #19
- Added Vault lease management utility #20
- Added patch option to Vault SDB driver #21
- Added inline specification of trusted CA root certificate for Vault #23
- Added support for dictionary keys in pattern #26