Skip to content

Releases: pivotal/credhub-release

2.0.1

22 Apr 18:14
@pcf-sec-eng-bot pcf-sec-eng-bot
2.0.1
dd1ee2c
Compare
Choose a tag to compare
2.0.1

Features

  • The mode parameter for generate requests has returned. Users can once again specify in generate requests the value of parameters.mode. The supported modes are no-overwrite (refuse to overwrite an existing credential, overwrite (always overwrite an existing credential), converge (only overwrite if the generate request parameters are not matched by the existing credential). converge remains the default behavior as of 2.0.0.

Bug Fixes and Minor Improvements

  • Squashed some 500s.
  • Fixed an error where the pre-start script would regularly rotate the keystore password. pre-start is now idempotent again. (#24)
  • The server now appropriately returns its version number instead of throwing a 500 or returning 0.0.0.
Assets 3
Loading

1.9.6

22 Apr 18:14
@pcf-sec-eng-bot pcf-sec-eng-bot
1.9.6
9541a95
Compare
Choose a tag to compare
1.9.6

Bug Fixes and Minor Improvements

  • Fixed an error where the pre-start script would regularly rotate the keystore password. pre-start is now idempotent again. (#24)
  • The server now appropriately returns its version number instead of throwing a 500 or returning 0.0.0.
Assets 3
Loading

2.0.0

22 Apr 18:14
@pcf-sec-eng-bot pcf-sec-eng-bot
2.0.0
112433b
Compare
Choose a tag to compare
2.0.0

Features

  • Permissions can now be defined in the manifest at deploy time.
  • Permissions can now be defined for namespaces as well as on explicit credential names. Permissions are additive -- if any rule exists authorizing a user to take an action, then the action will be permitted.
  • Permissions can be managed via a new RESTful resource.

Breaking Changes

  • Users no longer have implicit write permissions for credential paths that are not yet occupied. In order to write to CredHub, users must modify their manifests to include an initial permission that grants them the ability to set credentials, generate credentials, or add/remove additional permissions as needed. See example below for a typical admin account: 
     properties:
   credhub:
     authorization:
       permissions:
       - path: /*
         actors: ["uaa-client:credhub_admin_client"]
         operations: [read,write,delete,read_acl,write_acl]
    Permissions for credentials that already exist before upgrading to 2.0 will be migrated to the new model.
  • Find requests now only return the names of credentials for which the authenticated user has read authorization.
  • ACLs are now enabled by default. To disable, set the property credhub.authorization.acls.enabled to false.
  • To configure the credhub job's key_properties and connection_properties, manifests must include the configuration within nested objects in the properties hash. See the credhub job's spec file for more details.
  • Set Credentials and Generate Credentials requests no longer support additional_permissions.
  • overwrite mode no longer exists for set requests. Set always overwrites data that already exists.
  • no-overwrite mode no longer exists for generate requests. The default behavior ("converge" mode) is now to regenerate values when the generation parameters differ from the existing value.
  • Removed the paths=<bool> flag on Find requests.
  • This version of the server only works with credhub cli version 2.x and above.

Bug Fixes and Minor Improvements

  • Resolves an error where CredHub was creating RFC-noncompliant certs such that OpenSSL would fail to verify a leaf certificate in a three-tier or longer cert chain managed by CredHub.
Assets 3
Loading

2.0.0-rc.1

27 Jul 20:02
@mdelillo mdelillo
2.0.0-rc.1
b910d09
Compare
Choose a tag to compare
2.0.0-rc.1 Pre-release
Pre-release

Features

  • Users no longer have implicit write permissions for credential paths that are not yet occupied.
  • Permissions can now be defined in the manifest at deploy time.
  • Permissions can now be defined for namespaces as well as on explicit credential names. Permissions are additive -- if any rule exists authorizing a user to take an action, then the action will be permitted.
Assets 3
Loading

1.6.10

06 Jul 19:51
@pcf-sec-eng-bot pcf-sec-eng-bot
1.6.10
c2b2f32
Compare
Choose a tag to compare
1.6.10
Assets 3
Loading

1.7.7

29 Jun 20:33
@pcf-sec-eng-bot pcf-sec-eng-bot
1.7.7
7d46859
Compare
Choose a tag to compare
1.7.7
  • Resolves an error where CredHub was creating RFC-noncompliant certs such that OpenSSL would fail to verify a leaf certificate in a three-tier or longer cert chain managed by CredHub.
Assets 3
Loading

1.6.9

29 Jun 20:33
@pcf-sec-eng-bot pcf-sec-eng-bot
1.6.9
b811450
Compare
Choose a tag to compare
1.6.9
  • Resolves an error where CredHub was creating RFC-noncompliant certs such that OpenSSL would fail to verify a leaf certificate in a three-tier or longer cert chain managed by CredHub.
Assets 3
Loading

1.9.5

22 Apr 18:14
@pcf-sec-eng-bot pcf-sec-eng-bot
1.9.5
14f35e6
Compare
Choose a tag to compare
1.9.5
  • Resolves an error where CredHub was creating RFC-noncompliant certs such that OpenSSL would fail to verify a leaf certificate in a three-tier or longer cert chain managed by CredHub.
Assets 3
Loading

1.9.4

22 Apr 18:14
@pcf-sec-eng-bot pcf-sec-eng-bot
1.9.4
7a5e6dc
Compare
Choose a tag to compare
1.9.4
  • Bumps Spring Boot to 1.5.14
  • Bumps Jackson Databind to 2.9.6
Assets 3
Loading

1.7.6

20 Jun 21:59
@pcf-sec-eng-bot pcf-sec-eng-bot
1.7.6
1c53f06
Compare
Choose a tag to compare
1.7.6
  • Bumps Spring Boot to 1.5.14
  • Bumps Jackson Databind to 2.9.6
Assets 3
Loading