Spring Vault Changelog ============================= Changes in version 2.2.0.M1 ----------------------------------------- * Deprecated path cubbyhole/response #163 * Add @VaultPropertySource support for versioned Key-Value backend #245 * Fix aws -> kubernetes typo #317 * Rename threadPoolTaskScheduler bean to vaultThreadPoolTaskScheduler #318 * Expired leases do are not rotated on secret renewal #319 * Upgrade to Spring Framework 5.1.2.RELEASE #323 * Upgrade to Reactor Californium SR2 #324 * Upgrade to Vault 1.0.0-beta1 #325 * Upgrade to Spring Data Lovelace SR2 #326 * Upgrade to netty 4.1.31.Final #331 * Upgrade to Vault 1.0.0-beta2 #335 * Upgrade to Vault 1.0.0-rc1 #336 * Let AwsIamAuthentication implement AuthenticationStepsFactory #338 * Use Spring documentation resources for a uniform documentation style #343 * Replace own Base64 class with Spring's Base64Utils #344 * Remove code duplicates from VaultWrappingTemplate #345 * Add interceptors for Vault's namespace support #346 * Update copyright years to 2019 #348 * Upgrade to Vault 1.0.1 #349 * Update dependencies #351 * Upgrade to Spring Framework 5.1.4.RELEASE #352 * Upgrade to Spring Data Lovelace SR4 #353 * Upgrade to Project Reactor Californium SR4 #354 * Upgrade to Spring Security 5.1.3.RELEASE #355 * Upgrade to assetj-core 3.11.1 #356 * Upgrade to mockito-core 2.23.4 #357 * Upgrade to maven-jar-plugin 3.1.1 #358 * Upgrade to maven-surefire-plugin 3.0.0-M3 #359 * Upgrade to maven-deploy-plugin 3.0.0-M1 #360 * Upgrade to asciidoctor-maven-plugin 1.5.7.1 #361 * Upgrade to maven-assembly-plugin 3.1.1 #362 * Upgrade springNext version to 5.1.5.BUILD-SNAPSHOT #363 * Upgrade spring-doc-resources version to 0.1.1.BUILD-SNAPSHOT #364 * Upgrade to Vault 1.0.2 #366 * Upgrade to Jackson 2.9.8 #368 * Improve documentation on Token authentication, renewal and SessionManager use #369 * Upgrade to Vault 1.0.3 #371 * Upgrade to AssertJ 3.12.0 #373 * Upgrade to Spring Framework 5.1.5 #374 * Upgrade to Spring Data Lovelace SR5 #375 * Upgrade to Reactor Californium SR5 #376 * PrefixAwareUriBuilderFactory injects Vault port into absolute URL's #377 * Consistently use https for linkable resources #381 * Upgrade to Spring Security 5.1.4 #382 * Upgrade to Apache HttpClient 4.5.7 #383 * Upgrade to Apache HttpCore 4.4.11 #384 * Upgrade to AWS SDK 1.11.507 #385 * Upgrade to Lombok 1.18.6 #386 * Release Spring Vault 2.1.2.RELEASE #387 * URL Cleanup #394 * Upgrade to Vault 1.1.0 #400 * VaultClients does not consider path prefix #413 * Make LifecycleAwareSessionManager more extensible #415 * Support key password and key alias #416 * Upgrade to Vault 1.1.1. #418 * Upgrade to Vault 1.1.2. #419 * SpEL expression in @VaultPropertySource annotation not expanded with enabled renewal #420 * @VaultPropertySource annotations in more than one @Configuration class #421 * Add RestTemplateBuilder, RestTemplateCustomizer and WebClientBuilder #423 * Upgrade to Jackson 2.9.9 #424 * Upgrade to netty 4.1.36.Final #425 * Add configuration to retain a Lease in LifecycleAwareSessionManager after Vault server failures #426 * Upgrade to OkHttp 3.14.2 #427 * Upgrade to Reactor Dysprosium M1 #428 * Upgrade to Spring Framework 5.2 M2 #429 * Upgrade to Spring Data Moore M4 #430 * Add listener/events support to LifecycleAwareSessionManager #431 * Upgrade to Vault 1.1.3 #434 * Add options to VaultMount #435 * Add SpEL support for @Secret annotation #436 * Upgrade dependencies #437 * Add support for JettyClientHttpConnector #438 * Upgrade to Spring Framework 5.2 M3 #439 * Support PCF Login Method #440 * Create security policy readme #441 * Add Kotlin extensions #442 * Migrate tests to use JUnit 5 #443 * Remove Lombok usage #444 * Upgrade to Spring Security 5.1.5 #447 * Allow re-reading Kubernetes service token for each authentication #449 * Update docs reflecting Apache HttpClient's wire logging #451 * Deprecate App ID authentication mechanism #453 * Upgrade TravisCI to use Java 12 #454 * Upgrade to Mockito 3.0 #455 * Fix incorrect assert fail message in KubernetesAuthentication #459 * Update Vault version to 1.2.1 #460 * GoogleApacheHttpTransport fails with newer Apache HttpClient versions #463 * Add integration tests for Vault's namespace support #465 * Upgrade to Spring Framework 5.2 RC2 #466 * Upgrade to Spring Data Moore RC3 #467 * Upgrade to Reactor Dysprosium RC1 #468 * Upgrade to Kotlin 1.3.50 #469 * Remove repository declarations from pom file #470 * Fail with @VaultPropertySource if secret not found #471 * Add Kotlin Coroutines extensions for ReactiveVaultOperations #472 Changes in version 2.1.0.RELEASE ----------------------------------------- * Upgrade to Reactor Californium GA #309 * Upgrade to Spring Framework 5.1 GA #310 * Upgrade to Spring Data Lovelace GA #311 * Upgrade to netty 4.1.30.Final #312 * Upgrade to Jackson 2.9.7 #313 Changes in version 2.1.0.RC1 ----------------------------------------- * Adapt to rewritten Reactor Netty #281 * Use request body to pass lease id for renewal calls #282 * Add support for Azure Auth Method #284 * Configure service account id and project id explicitly #287 * Pretty-print JSON for policy creation #288 * Upgrade to Spring Framework 5.0 RC2 #290 * Fix reference documentation links #291 * Upgrade to Vault 0.11 #292 * Upgrade to netty 4.1.29.Final #293 * Upgrade to Google IAM v1-rev259-1.25.0 #294 * Upgrade to AWS SDK 1.11.404 #295 * Upgrade to Vault 0.11.1 #296 * Upgrade to Reactor Californium RC1 #297 * Upgrade to Spring Data Lovelace RC2 #298 * Upgrade to Spring Framework 5.1 RC3 #300 * Assert Java 11 compatibility #301 * Upgrade Maven plugins to enable builds on Java 11 #302 Changes in version 2.1.0.M1 ----------------------------------------- * Support for Google IAM Authentication #126 * Introduce template methods to customize RestTemplate #200 * Provide a richer subclass strata of VaultException #203 * Mark VaultEndpointProvider as functional interface #204 * PrefixAwareUriTemplateHandler adds leading slash to absolute URIs #206 * Introduce VaultWrappingTemplate to abstract wrapping operations #208 * Fix Javadoc example code in SecretLeaseContainer #209 * Upgrade to Vault 0.9.5 #212 * Upgrade to Spring Data Kay SR5 #213 * Upgrade to Reactor Bismuth SR7 #214 * Rotate non-renewable secrets #215 * Client sending Vault an expired token resulting in failures of all Vault calls #222 * Batch decryption fails if plaintext is empty #223 * Upgrade to Spring Framework 5.0.5.RELEASE #227 * Upgrade to Jackson 2.9.5 #234 * Upgrade to Spring Data Kay SR6 #235 * Upgrade to Spring Security 5.0.3 #236 * Upgrade to AWS Java SDK 1.11.308 #237 * Upgrade to Google IAM v1-rev241-1.23.0 #238 * Add support for versioned Key-Value secrets #239 * Upgrade to Vault 0.10.0 #240 * VaultTokenRequest noParent field serializes incorrectly in JSON #243 * Key/Value backend not usable with Vault 0.10.0 (versioning enabled) and @VaultPropertySource #245 * Provide Key-Value backend API #246 * Extend VaultVersionedKeyValueOperations with typed read #247 * ClientHttpRequestFactoryFactory checks for wrong Netty class on path (Spring Data Redis conflict) #249 * Upgrade to Vault 0.10.1 #250 * Upgrade to Spring Framework 5.0.6 #251 * Upgrade to netty 4.1.25.Final #254 * Increase log level on token renewing errors when using CubbyHoleAuthentication #257 * Upgrade to Vault 0.10.3 #258 * Support full pull mode in AppRoleAuthentication through AuthenticationSteps #259 * Allow customization of Vault path prefixes #260 * Issuing PKI certificate with TTL results in Vault error due to number format #263 * Upgrade to Apache HttpClient 4.5.6 #266 * Upgrade to HttpCore 4.4.10 #267 * Upgrade to Netty 4.1.28.Final #268 * Upgrade to OkHttp 3.11.0 #269 * Upgrade to Jackson 2.9.6 #270 * Upgrade to AWS SDK 1.11.376 #271 * Upgrade to Google IAM v1-rev254-1.23.0 #272 * Upgrade to Google OAuth 0.10.0 #273 * Generate subject alt name in local certificate #274 * Add zipWith step to AuthenticationSteps #275 * Upgrade to Reactor Bismuth SR10 #277 * Upgrade to Spring Data Kay SR9 #278 * Upgrade to Spring Framework 5.0.8 #279 * Apply Spring CSS to reference documentation #280 Changes in version 2.0.1.RELEASE ----------------------------------------- * VaultSysTemplate.getPolicyName should not throw an exception for not found policies #202 * Mark VaultEndpointProvider as functional interface #204 * PrefixAwareUriTemplateHandler adds leading slash to absolute URIs #206 * Fix Javadoc example code in SecretLeaseContainer #209 * Upgrade to Vault 0.9.5 #212 * Upgrade to Spring Data Kay SR5 #213 * Upgrade to Reactor Bismuth SR7 #214 * Rotate non-renewable secrets #215 * Client sending Vault an expired token resulting in failures of all Vault calls #222 * Batch decryption fails if plaintext is empty #223 * Upgrade to Spring Framework 5.0.5.RELEASE #227 * Upgrade to netty 4.1.22.Final #232 * Upgrade to Jackson 2.9.5 #234 * Upgrade to Spring Data Kay SR6 #235 * Upgrade to Spring Security 5.0.3 #236 * Upgrade to AWS Java SDK 1.11.308 #237 Changes in version 2.0.0.RELEASE ----------------------------------------- * Consider renaming AwsIamAuthenticationOptions#serverName to serverId #191 * Upgrade to Vault 0.9.3 #192 * Add tests for profile based @VaultPropertySource #193 * Upgrade to Spring Framework 5.0.4 #194 * Upgrade to Reactor Bismuth SR6 #195 * Upgrade to Netty 4.1.21.Final #196 * Upgrade to AWS SDK 1.11.280 #197 * Upgrade to Spring Data Kay SR4 #199 Changes in version 2.0.0.RC2 ----------------------------------------- * Provide AuthenticationSteps for token authentication with self-lookup #158 * Investigate on a reactive integration with LifecycleAwareSessionManager #159 * Retain JSON datatypes in PropertySource #169 * LifecycleAwareSessionManager does not perform a re-login if token_max_ttl is reached #176 * Return Mono for ReactiveVaultOperations#write() #177 * RoleId and SecretID in AppRoleAuthenticationOptions not visible #179 * Support Vault HA with redirects #184 * Add VaultBytesEncryptor and VaultRandomBytesKeyGenerator #187 * Upgrade dependencies #189 Changes in version 2.0.0.RC1 ----------------------------------------- * Support CSR signing, certificate revocation and CRL retrieval #125 * Support Kubernetes authentication #143 * Extend Transit API to Support Hashing and Signing Operations #148 * Provide AuthenticationSteps for token authentication with self-lookup #158 * Perodic tokens are not refreshed #161 * Extend Transit API to support Hashing and Signing Operations #162 * CubbyholeAuthentication doesn't allow unwrapping of something else than a token #164 * Add the ability to use response wrapping for AppRole secretId responses #165 * Implementation of Auth Backend with Kubernetes Service Account Token #166 * Upgrade to Spring Framework 5.0.1 #167 * Fixing assert to verify the correct variable #170 * TravisCI build broken #171 * Upgrade to Vault 0.9.0 #172 Changes in version 2.0.0.M3 ----------------------------------------- * Add support to manage policies #10 * Adapt Vault API changes in transit key value/configuration objects #124 * Vault repository support #128 * Unconfigured keystore password considers keystore as tampered bug #131 * Support AppRole authentication pull mode #132 * Add explicit automatic module name for Java 9 #141 * Upgrade dependencies #144 * Adapt NonNullFields annotation #145 * Adapt to changed Spring Framework 5 documentation structure #147 * Support ecdsa and ed25519 transit key metadata #149 * Upgrade to Spring Framework 5 release versions #150 * Remove own code in favor of Spring Data KeyValue #151 * Upgrade dependencies #156 * Merge repository support into Spring Vault Core JAR #157 Changes in version 1.1.0.RELEASE ----------------------------------------- * Adapt Vault API changes in transit key value/configuration objects #124 * Add support for Batch Encryption/Decryption APIs #137 * Skip Javadoc validation in Javadoc plugin #140 * Add explicit automatic module name for Java 9 #141 * Upgrade dependencies #154 Changes in version 2.0.0.M2 ----------------------------------------- * Reactive Support #25 * Add support for AWS ECS/IAM authentication #91 * Add authentication flow DSL #107 * Introduce null-safety of Spring Vault API #112 * Introduce VaultEndpointProvider to allow usage of multiple endpoints within an application #113 * Upgrade dependencies #119 * Upgrade to Spring Framework 5.0 RC3 #120 * Upgrade to Reactor 3.1.0 M3 #121 Changes in version 1.1.0.M1 ----------------------------------------- * Add developer, SCM location and project URL to dependency POM #73 * Upgrade to Maven 3.5.0 #74 * SslConfiguration to support keystore type and keystore provider parameters #78 * VaultTokenRequestBuilder does not consider configured meta attributes #80 * Upgrade to Spring Framework 4.3.8 #81 * Store VaultToken as char[] #82 * Remove Maven settings.xml for TravisCI build and use Maven wrapper #83 * Cannot resolve LocalHost NetworkInterface in MacAddressUserId #84 * LifecycleAwareSessionManager renewal starts eventually #87 * Use remaining token TTL for Cubbyhole authentication #88 * Allow AWS-EC2 nonce configuration #89 * Upgrade to Vault 0.7.2 #90 * Support AWS IAM authentication #91 * Add central profiles #92 * Include notice and license in jar files #93 * Add LoginTokenAdapter for LoginToken TTL/renewability lookup #94 * Rotate generic secrets based on lease_duration/ttl #95 * Convert login token duration to milliseconds when calculating renewal time #96 * Add transit export operation #101 * Introduce equals/hashCode methods for RequestedSecret #103 * Upgrade to Vault 0.7.3 #105 * Introduce VaultEndpointProvider to allow usage of multiple endpoints within an application #113 * Upgrade to Spring Framework 4.3.10 #117 * Upgrade dependencies #118 Changes in version 2.0.0.M1 ----------------------------------------- * Setup 2.0 development #67 * Add automatic rotation of secrets stored in generic backend #68 * Add developer, SCM location and project URL to dependency POM #73 * Upgrade to Maven 3.5.0 #74 * SslConfiguration to support keystore type and keystore provider parameters #78 * VaultTokenRequestBuilder does not consider configured meta attributes #80 * Upgrade to Spring Framework 4.3.8 #81 * Store VaultToken as char[] #82 * Remove Maven settings.xml for TravisCI build and use Maven wrapper #83 * Cannot resolve LocalHost NetworkInterface in MacAddressUserId #84 * Remove support for OkHttp 2 #85 * LifecycleAwareSessionManager renewal starts eventually #87 * Use remaining token TTL for Cubbyhole authentication #88 * Allow AWS-EC2 nonce configuration #89 * Upgrade to Vault 0.7.2 #90 * Include notice and license in jar files #93 * Allow static token use with TTL #94 * Login Token Duration is assumed milliseconds instead of seconds #96 * VaultEndpoint uses -1 as port if initialized from URI without a port #99 * Transit Backend: Support for export operation added. #101 * Introduce equals/hashCode methods for RequestedSecret #103 * Upgrade to Vault 0.7.3 #105 * Introduce Duration instead of numeric durations #109 * Upgrade to Spring 5 RC2 #111 Changes in version 1.0.2.RELEASE ----------------------------------------- * Login Token Duration is assumed milliseconds instead of seconds #96 * Convert login token duration to milliseconds when calculating renewal… #97 * VaultEndpoint uses -1 as port if initialized from URI without a port #99 * Release 1.0.2 #106 Changes in version 1.0.1.RELEASE ----------------------------------------- * Add developer, SCM location and project URL to dependency POM #73 * Upgrade to Maven 3.5.0 #73 * VaultTokenRequestBuilder does not consider configured meta attributes #80 * Upgrade to Spring Framework 4.3.8 #81 * Remove Maven settings.xml for TravisCI build and use Maven wrapper #83 * Cannot resolve LocalHost NetworkInterface in MacAddressUserId #84 * LifecycleAwareSessionManager renewal starts eventually #87 * Use remaining token TTL for Cubbyhole authentication #88 * Release 1.0.1 #92 * Include notice and license in jar files #93 Changes in version 1.0.0 GA ----------------------------------------- * keystore file not created when $JAVA_HOME is not found #62 * Allow to create requested secret from mode and path #64 * Update to Spring-Next build profile to 4.3.8 #65 * Upgrade to Vault 0.7 #66 * Null-properties cause NullPointerException #69 * Vault seal operation fails #70 * Release 1.0.0 GA #72 Changes in version 1.0.0 RC1 ----------------------------------------- * Consider adding a EnvironmentVaultConfiguration #30 * Upgrade to Spring Framework 4.3.6 #46 * Request sent in XML instead of JSON when com.fasterxml.jackson.dataformat.xml.XmlMapper exists in the classpath #47 * @VaultPropertySource should support custom prefixes #48 * Reshape APIs #49 * VaultPropertySource should renew leases #50 * Apache HttpComponents should support proxy configuration via system properties #52 * Allow listing transit keys #53 * Provide default, empty VaultTransitContext #54 * Upgrade to Vault 0.6.5 #55 * Upgrade LibSSL on TravisCI #56 * Upgrade to Spring Framework 4.3.7 #58 * Replace Thread.sleep in LifecycleAwareSessionManager with TaskScheduler #59 * Release 1.0 RC1 #60 * Upgrade dependencies #61 Changes in version 1.0.0 M2 ----------------------------------------- * Review documentation #12 * Documentation "Registering a Vault instance using Java based metadata" vs "Instantiating VaultTemplate" #22 * Fix missing plugin versions #32 * User Guide and JavaDocs 404 #34 * Upgrade to Spring 4.3.4 #35 * VaultResponse is incompatible with Vault 0.6.2 (missing warnings in VaultResponseSupport) #36 * Upgrade to Vault 0.6.3 #38 * Add support for OkHttp3 #39 * Flatten hierarchical JSON objects into property paths #40 * Upgrade to Spring 4.3.5 #41 * Upgrade to Vault 0.6.4 #42 * Upgrade to OkHttp 3.5.0 #43 * Upgrade test dependencies #44 Changes in version 1.0.0 M1 ----------------------------------------- * Provide transit backend support #1 * Assert compatibility with Vault 0.5.2 to 0.6.1 #2 * Support Cubbyhole authentication #3 * Add documentation for supported clients #4 * Provide documentation as zip file #5 * Support AppRole Authentication #7 * Cannot use Vault with Netty4ClientHttpRequestFactory #8 * Add PropertySource support #9 * Add support to generate certificates using the PKI backend #11 * Revoke token on session disposal #13 * Upgrade to Vault 0.6.2 #14 * Task execution does not consider timeout #15 * Apply Spring Boot (Spring Cloud) code formatter #16 * Replace Codehaus Nexus with OSS Sonatype in TravisCI build #17 * Replace {version} in documentation with the actual version #19 * Getting Started and Dependencies #20 * SLF4J vs commons-logging? #24 * Document How to Externalize Vault's Token w/ VaultPropertySoure #26 * Fix String format in VaultEndpoint.toString #27