v0.19.0 - "The path less traveled"

This release makes it possible to connect to a Vault backend that doesn't have the default path name. The default mount name can be overriden passing --auth-backend or setting the AUTH_BACKEND environment variable. It is now also possible to pass --secret-file instead of --secrets-file, which is a common misspelling.

What's Changed

• Add an alias for '--secrets-file' by @rlycx in #149
• Make auth backend name configurable by @koikonom in #151

New Contributors

• @rlycx made their first contribution in #149
• @koikonom made their first contribution in #151

Full Changelog: v0.18.0...v0.19.0

v0.18.0 - "Nothing to hide"

This release contains a single functional change: It is now possible to use a .secrets file with no secrets, or specify a mount without any secrets.

What's Changed

• Allow empty secrets files and empty secrets blocks by @isomorpheme in #145
• Upgrade Semaphore CI image to 22.04 in #146
• Use newer Nix version in CI by @tijmendj in #147

New Contributors

• @isomorpheme made their first contribution in #145
• @nishit-ndgr made their first contribution in #147

Full Changelog: v0.17.0...v0.18.0

v0.17.0 - "Is it secret? Is it safe?"

This release contains some small fixes and dependency changes:

What's Changed

• Fix typo in Forbidden error message by @ruuda in #136
• Use http-client-openssl instead of http-client-tls by @jfroche in #137
• Change ci machine type from e1 to f1 by @d-goncalves in #138
• Nixpkgs update, and crypton-connection upgrade by @ErnestKz in #140

New Contributors

• @jfroche made their first contribution in #137
• @ErnestKz made their first contribution in #140

Full Changelog: v0.16.0...v0.17.0

v0.16.0 - "I am always right"

This release contains some fixes and minor enhancements, in addition to a new feature.

What's Changed

• Update Nix to 2.10.3 on CI by @adrianotm in #128
• Remove cachix from default.nix by @d-goncalves in #132
• Replace references to nix run with nix shell by @Riscky in #133
• Add a bit more logging at info level by @ruuda in #130
• Allow overwriting over environment variables by @joris-burgers in #135

New Contributors

• @adrianotm made their first contribution in #128
• @d-goncalves made their first contribution in #132

Full Changelog: v0.15.1...v0.16.0

v0.15.1 - "Sharing is caring"

This is a bugfix release to v0.15.0 with one minor change:

• Github- and Kubernetes authentication will now inject the VAULT_TOKEN, unless blacklisted. This allows both authentication methods to be used as a complete replacement for the token auth.

v0.15.0 - "A token of my appreciation"

This release adds two new authentication methods to Vaultenv:

• GitHub authentication
• Kubernetes authentication (thanks @ruuda!)

The former is meant to be used in a development environment, and works
with a personal access token. The latter is meant to be used in a
Kubernetes cluster.

This release also updates some dependencies.

v0.14.0 - "It's the little things"

This release fixes some minor issues in Vaultenv:

• Vaultenv will now enable "line buffering" mode for its output, which prevents issues with log messages getting mixed up or delayed if e.g. running under Systemd or Kubernetes.
  This was fixed by @ruuda in #115.

• When printing the configuration with --log-level info Vaultenv will now correctly specify the unit for the base delay (milliseconds), where it previously printed an ambiguous plain number.
  This was added by @ruuda in #113.

This release also contains fixes to make running the integration tests more reliable / work in more Linux environments.
This was contributed by @ruuda in #114.

v0.13.3 - "Staying Alive"

This release reduces server load while loading large secrets files.

This release should enable connection reuse on the requests to vault. The support for this was technically already in place, but because all requests were sent simultaneously, no actual reuse was done. The new release limits the number of concurrent requests to 8 by default, which can be overridden using the --max-concurrent-requests option VAULTENV_MAX_CONCURRENT_REQUESTS environment variable. Setting this value to 0 restores the old behaviour.

In addition, minor improvements were made to the Vault response parser.

v0.13.2 - "Secret Agent"

This release should allow Vaultenv to be used in conjunction with Vault agent.

Requests to vault now have the X-Vault-Request header set, and the vault token has become an optional parameter. If the parameter is not set, the vault requests are sent without and Vault Agent is expected to add a token using auto auth.

As a result, a misconfiguration regarding missing tokens that would previously be detected locally are now detected by the Vault server instead. Vaultenv should still exit once it receives such a response.

In addition, VAULT_ADDR is now allowed without port. The port defaults to 80 when the scheme is http:// and 443 when the scheme is https://.

v0.13.1 - "Owned by me and not by thee"

This release fixes a bug in the provided Debian package.

The packages of 0.13.0 and earlier versions were not built with the fakeroot
utility, which caused the installed package files (/usr/bin/vaultenv and
/etc/secrets.d/) to be owned by the local user with uid 1000 instead of by root.
We've now adjusted the build script to correctly use fakeroot, the package will
also automatically correct this issue by changing the owner and mode of
/usr/bin/vaultenv and /etc/secrets.d when upgrading from an earlier version.

There are no changes to the code of the Vaultenv binary, except for an increase in
the version number.