Skip to content

Releases: IBM/trusted-service-identity

Tornjak-helm

15 Sep 13:52
@mrsabath mrsabath
spire-v0.12.1
8f93b7d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Tornjak-helm Pre-release
Pre-release

This release contains helm charts and documentation for Tornjak with SPIRE version 0.12.1

Assets 2
Loading
0 Join discussion

Initial SPIRE release

26 Mar 13:01
@mrsabath mrsabath
spire-v0.1
976a98a
Compare
Choose a tag to compare
Initial SPIRE release Pre-release
Pre-release

Introduction of SPIRE service

Assets 2
Loading

Added support for initContainers, TPM, Attestation and Keycloak

26 Nov 10:02
@mrsabath mrsabath
v1.8.2
b2e66aa
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Added support for initContainers, TPM, Attestation and Keycloak Latest
Latest
  • Added initContainer to retrieve secrets from Vault
  • Support for multiple initContainers
  • Support for multiple pod images
  • README documentation updates
  • Added attestation to VTPM service
  • Support for TPM Proxy when TPM device busy
  • Introduced encoded owner password for TPM
  • Enable Keycloak for Identity Management PoC
Assets 2
Loading

Secrects revocation and CRC support

11 Aug 14:54
@mrsabath mrsabath
v1.7.3
5d140da
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Secrects revocation and CRC support
  • Supports secretes revocation. Sidecar removes the secrets from the container when they are removed from Vault
  • move scripts to utils directory
  • updates to OpenShift installation, including support for RH Code Ready Containers (CRC)
  • automate demos with demos scripts
  • move the location of the TSI directory from /tsi-secure to /var/tsi-secure on worker node
Assets 2
Loading

Application on-boarding scripts

16 Jun 12:37
@mrsabath mrsabath
v1.7.0
5da327b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Application on-boarding scripts
  • Added a script to help on-boarding applications: inspect secretes, create a secret injection, script to inspect claims and cluster information
  • consolidated vault setup and initial policy load
  • containerized all the scripts, so no additional tooling is needed locally
  • redesign policy and role format
  • added examples for pod, daemonset and deployment
  • updated documentation for a vault demo and attack surface reduction
Assets 2
Loading

Moved 'vault-plugin' to 'components' directory

28 May 14:42
@mrsabath mrsabath
v1.6.0
1fa4e75
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Moved 'vault-plugin' to 'components' directory
  • moved 'vault-plugin' to 'components' directory
  • fixed the bug that was preventing restart of JSS daemonsets
  • published docs/attack-surface-reduction.md document
Assets 2
Loading

Location trust boundary enforcement

11 May 18:23
@mrsabath mrsabath
v1.5
4e879ad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Location trust boundary enforcement

TSI ensures location trust boundary enforcement through embedding the location properties into the certificate structure. If the claims don't match the x509_v3 CA extensions the Signing Service and TSI Vault Auth Plugin will reject the request.

Assets 2
Loading

Protect TSI namespace

29 Apr 14:47
@mrsabath mrsabath
v1.4
06c1dca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Protect TSI namespace

From now on, all the application containers must be deployed in a namespace different than TSI (default: trusted-identity)

Assets 2
Loading

Removed unnecessary pycrypto and extended examples

01 Apr 17:38
@mrsabath mrsabath
v1.3.1
b2fac60
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Removed unnecessary pycrypto and extended examples

Removed unnecessary pycrypto requirement, extended examples (JWT client/server) and ti-setup helm charts

Assets 2
Loading

Webhook prevents containers from connecting to host socket

31 Mar 19:31
@mrsabath mrsabath
v1.3
dd78ad0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Webhook prevents containers from connecting to host socket

This release prevents containers from mounting to host socket files. Only the sidecar is allowed to access it. There are also new test cases for webhook. Upgraded to Go 1.14. This is the last release that contains extended examples: jwt-client and jwt-server

Assets 2
Loading