What's new in SecretHub 0.44.0
Feb 18, 2022
- Added support for using 1Password CLI 2 when using the migration tools.
New in SecretHub 0.43.000 (Aug 27, 2021)
- Added:
- Added commands that allows you to migrate secrethub.env files, configuration files that include secret references and template files (used with inject) to 1Password. See https://secrethub.io/docs/1password/migration/ for detailed instructions on how to use these new commands. (#386, #389, #390)
- Changed:
- The command to migrate your secrets from SecretHub to 1Password is now idempotent, so it supports running them again to apply any new changes without changing the already migrated secrets. (#379)
- When migrating your secrets to 1Password, the API Credential item type is now used instead of the Login item type (#387)
New in SecretHub 0.42.1 (May 4, 2021)
- Fixed:
- Fixed a bug that causes testcases to sometimes fail on some systems. This is relevant for AUR, since the tests are run as part of the installation process. (#382)
- Added support for more 1Password CLI configuration directories for the migration commands. (#378)
- In the migration commands, handle the case were a user is a member of a repository, but does not have read access on any directories in the repo (#380)
New in SecretHub 0.42.0 (Apr 22, 2021)
- Added:
- Added commands to plan and execute a migration of secrets to 1Passsword and a command to assist in using those secrets with the 1Password Kubernetes operator. Check out https://secrethub.io/blog/secrethub-joins-1password/ for the announcement of the acquisition and https://secrethub.io/docs/1password/migration/ for detailed instructions on migrating to 1Password Secrets Automation. (37521a4)
- Added auto-completion (#333)
- Improved error message for missing credentials of machine accounts (#370)
- Added support to use secrethub account inspect for service accounts (#359)
- Improved help-text for --secrets-dir flag of run command (#350)
- Fixed:
- Corrected help-text message for AWS service account default descriptions (#356)
- Removed:
- Removed the previously deprecated signup command. Use https://signup.secrethub.io instead.
New in SecretHub 0.42.0 Pre-release (Apr 14, 2021)
- Added:
- Added commands to plan and execute a migration of secrets to 1Passsword and a command to assist in using those secrets with the 1Password Kubernetes operator. Check out https://secrethub.io/blog/secrethub-joins-1password/ for the announcement of the acquisition and https://secrethub.io/docs/1password/migration/ for detailed instructions on migrating to 1Password Secrets Automation. (37521a4)
- Added auto-completion (#333)
- Improved error message for missing credentials of machine accounts (#370)
- Added support to use secrethub account inspect for service accounts (#359)
- Improved help-text for --secrets-dir flag of run command (#350)
- Fixed:
- Corrected help-text message for AWS service account default descriptions (#356)
- Removed:
- Removed the previously deprecated signup command. Use https://signup.secrethub.io instead.
New in SecretHub 0.41.2 (Oct 1, 2020)
- Merge pull request #352 from secrethub/fix/valid-envar-conversion
- Update --secrets-dir flag helper text
- Add missing replacements for valid envar generation
- Merge pull request #346 from secrethub/update-contributors
- Update "Teddy" to "Eduard"
- Update CONTRIBUTORS.md
New in SecretHub 0.41.1 (Sep 22, 2020)
- Fixed:
- CLI test that failed randomly based on the order in which a range statement was executed. (#348)
New in SecretHub 0.41.0 (Sep 9, 2020)
- Added:
- --secrets-dir flag that maps all secrets in a directory to environment variables (#299)
- -f, -i and --noreport flags to tree command (#319)
- Changed:
- New signup flow using https://signup.secrethub.io/ (#332, #340, #341, #342)
- Demo init doesn't error when demo repo already exists (#321)
- Fixed:
- Masker race condition (#320)
New in SecretHub 0.40.0 (Jul 8, 2020)
- Added:
- Introducing keyless apps for Google Cloud Platform: applications running on Google's compute services (GCE, GKE, etc.) can now natively authenticate to SecretHub to fetch their secrets, without needing to manage another key.
- Functions to create and manage links to GCP projects: secrethub service gcp link, secrethub service gcp list-links and secrethub service gcp delete-link. These links are needed to create a service account that makes use of the SecretHub Identity Provider. The GCP project of every GCP Service Account that is used for the Identity Provider first has to be linked to a SecretHub namespace. (#298)
- Changed:
- secrethub service init now returns an error if it is passed the path to a directory instead of a repository as the argument. (#311)
New in SecretHub 0.40.0 Pre-release (Jul 8, 2020)
- Merge pull request #315 from secrethub/release/v0.40.0
- Merge pull request #314 from secrethub/feature/update-secrethub-go
- Update secrethub-go to v0.30.0
- Merge pull request #311 from secrethub/feature/remove-service-init-dir-arg
- Merge pull request #313 from secrethub/feature/user-managed-sa-only
- Clarify filtering behaviour
- Merge pull request #310 from secrethub/feature/link-check-ns
- Add comment to exists check
- Preallocate slice with capacitiy
- Merge pull request #312 from secrethub/feature/gcp-init-validation
- Fix build issue
- Verify components in GCP keyring and key are at least one char long
- Only list user-managed Service Accounts
- Validate crypto key input on gcp init
- Validate keyring input on gcp init
- Merge pull request #309 from secrethub/feature/server-side-taken-service-error
- Directly check if repo exists
- Move taken service account error to server
- Do not accept a directory as argument to service init
- Merge pull request #307 from secrethub/feature/update-secrethub-go
- Update secrethub-go
- Merge pull request #306 from secrethub/feature/typo
- Merge pull request #305 from secrethub/feature/gcp-delete-link-long-help
- Fix typo "an" > "a" GCP service account
- Explain impact of service gcp delete-link in long help text
- Merge pull request #304 from secrethub/feature/unhide-gcp-idp
- Unhide GCP IdP functionality
- Merge pull request #298 from secrethub/feature/gcp-linking
- Update secrethub-go to latest develop
- Merge pull request #301 from secrethub/feature/lint-in-docker
- Run linter with the current user
- Remove unused error argument from authorization callback
- Merge pull request #302 from secrethub/feature/cli-model-public
- Expose CLI app model
- Order imports
- Fix typo "succeeed" => "succeeded"
- Run linter in Docker
- Use identity provider link iterator
- Use new WithAuthorizationCode instead of WaitFor..
- Remove Exists() function and no longer prompt when not existing
- Merge pull request #300 from secrethub/feature/app-constructor
- Move all app construction to secrethub.NewApp function
- Fix typo
- Better explain to the user what the process of linking looks like
- Add long help text to link command
- Replace Get() with Exists() where applicable
- Validate org names and project ID
- Fix already exists check
- Make listing behaviour equal to other ls commands
- Clarify consequence of deleting link
- Suggest to create IDP link during service init when it does not yet exist
- Add commands to create/list/delete IDP Links
- 1Merge pull request #296 from secrethub/release/v0.39.0
New in SecretHub 0.39.0 (Jun 9, 2020)
- Added:
- Proxy to use for connecting to the SecretHub API can now be set with the --proxy-address flag or by setting the SECRETHUB_PROXY_ADDRESS environment variable. (#293)
- Secrethub mkdir now accepts multiple arguments for directories to create. (#290)
- Secrethub audit now supports --output-format=json to output the audit log entries in JSON format. (#269)
- [private beta] Functionality for creating and using the GCP Identity Provider to use keyless authentication on GCP was introduced.
- Changed:
- Secrethub audit uses the OS's default pager ($PAGER) to paginate its output. If no default is set, less or else more is used if it's available. If no pager is available, the output is limited to 100 lines. (#269)
New in SecretHub 0.38.0 (May 13, 2020)
- Added:
- Add --no-newline, -n flag to read command to not print newline (#263)
- Fixed:
- Rewrite masker to fix #196 and reduce data-dependency on timing (#267)
- Improve various help texts (#264, #271, #273)
- Fix error when autocompleting secrethub run command (#268)
New in SecretHub 0.38.0 Pre-release (May 7, 2020)
- Added:
- Add --no-newline, -n flag to read command to not print newline (#263)
- Fixed:
- Rewrite masker to fix #196 and reduce data-dependency on timing (#267)
- Improve various help texts (#264, #271, #273)
- Fix error when autocompleting secrethub run command (#268)
New in SecretHub 0.37.0 (Mar 11, 2020)
- Added:
- Support generating secrets with complex requirements (#177) :
- Select the set of characters from which characters are randomly drawn using --charset.
- Set requirements for including a minimum amount of characters from a given set of characters, for services that require you to always include a special character for example.
- Deprecated:
- Deprecated generate --symbols flag. Use --charset alphanumeric,symbols instead. (#177)
New in SecretHub 0.36.0 (Mar 2, 2020)
- Added:
- [BETA] env ls and env read subcommands to work with secret environment variables in the same way that the run command does.
- The commands are hidden because they are still in beta. Future versions may break.
New in SecretHub 0.35.1 (Feb 28, 2020)
- Fixed:
- Make environment variables set via command line flags precede environment variables set using reference syntax (#253)
New in SecretHub 0.35.0 (Feb 24, 2020)
- Added:
- New secrethub:// syntax: secrethub run will look for environment variables with this prefix and replace the reference with the secret in the subprocess. (#243)
- Fixed:
- Fixed bug that kept secrethub run command running until user hits enter.
- Deprecated:
- Snapcraft: No more new builds will get uploaded to Snapcraft anymore. (#247)
New in SecretHub 0.34.0 (Jan 27, 2020)
- Added:
- Detect AWS authentication using web identity token files. This enables the use of AWS native authentication on AWS EKS. (#241)
- Prompt for missing template variables in run and inject (#235)
- Accept secret paths on acl check (#232)
- Add aliases for commands (#228, #229)
- Print service id when creating an AWS service account (#231)
- Add --out-file flag to service init (#230)
- Add internal CheckStrictEnv function to check that only recognized app environment variables are set (#237)
- Accept invalid template variable values to be configured if no template file is used (#235)
- Accept template variables to be configured although v1 templates are used (#235)
- Deprecated:
- Deprecated service init --file flag; use --out-file instead (#230)
- Fixed:
- Rephrase template processing error (#238)
New in SecretHub 0.33.0 Pre (Dec 2, 2019)
- Added:
- credential backup
- credential disable
- credential ls
- parents flag for mkdir, to recursively create all directories in the given path
- Deprecated:
- p shorthand for --credential-passphrase. Use the full --credential-passphrase flag instead.
New in SecretHub 0.32.0 (Nov 27, 2019)
- Iteratively browse pages of the audit log (#215)
- Ask to create an organization on signup (#164)
New in SecretHub 0.31.0 (Nov 1, 2019)
- Added:
- Add --multiline flag to secrethub write to prompt for multiple lines of input.
- Changed:
- Improve help text for commands that take paths as arguments.
- Improve help text for secrethub account verify-email.
- Return an explanatory error when the server response cannot be parsed.
- Fixed:
- Fix minor problems with .deb and .rpm install.
New in SecretHub 0.30.0 (Oct 11, 2019)
- Added
- Add a demo application to be served to demonstrate SecretHub.
- Read a secret directly to a file by using the --out-file flag.
- Write a secret directly from a file by using the --in-file` flag.
New in SecretHub 0.29.2 (Oct 11, 2019)
- Fixed:
- Fix bug MaskedWriter is not flushed before timeout
- Fix run and inject when env contains invalid value
New in SecretHub 0.29.1 (Sep 27, 2019)
- Fix goreleaser build for brew
New in SecretHub 0.29.0 (Sep 27, 2019)
- Added:
- Add deb and rpm packages to releases
- Add generate --clip flag to copy the generated value
- Rename generate rand to generate and add generate --length flag
- Make generate command less verbose
- Rephrase service init --permission helptext
- Deprecated:
- Deprecated generate rand <path> [<length>], use generate [--length <length>] <path> instead.
New in SecretHub 0.28.0 (Sep 23, 2019)
- Added:
- Remove trial prompt when creating an org; Organizations now come with 3 free users and 50 secrets ?? (#168)
- Add list and remove aliases for ls and rm commands (#165)
- Fixed:
- Use full command in flag envvars for subcommands (#167)
- Fix whitespace of help output for commands with args but no flags (#166)
New in SecretHub 0.27.0 (Sep 12, 2019)
- Added:
- Create a start repository on signup (#161)
- Add ls <workspace> (#162)
- Add optional workspace argument to repo ls to limit results (#159)
- Make identity provider configuration case-insensitive (#160)
- Use region from KMS key ARN when creating AWS services (#157)
- Don't fetch user in repo invite when not using it (#150)
- Fixed:
- Fix run masking problem (#155)
- Fix acl check on a specific account (#158)
New in SecretHub 0.26.1 (Sep 3, 2019)
- Fixed:
- Version and commit are now correctly shown when using secrethub --version.
New in SecretHub 0.25.1 (Aug 13, 2019)
- Fixed:
- Fixed index out of range error on the run command
New in SecretHub 0.25.0 (Aug 13, 2019)
- Added:
- Add service ls command to list service accounts on a repository.
- Add --ignore-missing-secrets flag to the run command to suppress errors of secrets that do not exist
New in SecretHub 0.24.2 (Jul 5, 2019)
- Added:
- Add https://secrethub.io/support to the help output.
- Fixed:
- Don't indicate errors as unexpected when they are not.
- Don't prompt for the credentials passphrase when secrethub run does not use secrets.
- Remove race conditions that occurred in corner cases of secret masking.
- Don't block when masking timeout is set to 0.
- Clarify complex details of the run command in the help text.
New in SecretHub 0.24.1 (Jun 26, 2019)
- Added:
- Add variable support to inject templates and run environment files.
- Use .env syntax for run env files.
- Improved error messages for template parsing.
- Use the secrethub.env run env file when it exists and no other file is specified.
- Add an --in-file flag to the inject command.
- Add --out-file flag to the inject command (previously called --file).
- Add --env-file flag to the run command (previously called --template).
- Add -o and -i shorthands for specifying an output and/or input file in the inject command.
- Deprecated:
- The v1 secret template syntax. See the migration guide.
- .yml run environment files. See the migration guide.
- The --file flag of the inject command. Use --out-file instead.
- The --template flag of the run command. Use --env-file instead.
New in SecretHub 0.24.0 (Jun 25, 2019)
- Added:
- Use .env syntax for run env files.
- Add variable support to inject templates and run Environment Files.
- Improved error messages for template parsing.
- Use the secrethub.env run env file when it exists and no other file is specified.
- Add an --in-file flag to the inject command.
- Add --out-file flag to the inject command (previously called --file).
- Add --env-file flag to the run command (previously called --template).
- Add -o and -i shorthands for specifying an output and/or input file in the inject command.
- Changed:
- The inject command now uses the v2 template syntax (which has variable support) by default. Migrate to the v2 syntax or use the template version flag to get the old behavior: --template-version v1.
- Deprecated:
- The --file flag of the inject command. Use --out-file instead.
- The --template flag of the run command. Use --env-file instead.
New in SecretHub 0.23.0 (May 29, 2019)
- Merge pull request #89 from secrethub/release/v0.23.0
- Merge pull request #86 from secrethub/release/v0.22.0
- Merge pull request #88 from secrethub/feature/arm
- Add linux arm build
- Add linux arm64 build
New in SecretHub 0.22.0 (May 28, 2019)
- Aaf4ede Merge pull request #85 from secrethub/release/v0.22.0
- F46fa03 Revert using a default run template
- A3a18e6 Merge pull request #83 from secrethub/feature/verify-email-problem-persists
- 582c50d Merge pull request #84 from secrethub/feature/account-init-dashboard-url
- Dfff1ff Merge pull request #82 from secrethub/feature/org-purchase
- 3b6e1c6 Refer to account-init instead of settings dashboard page from account-init command
- B236ddb Add contact support if the problem persists to verify email command
- 987c207 Add org purchase command
- 716defe Merge pull request #81 from secrethub/feature/update-secrethub-go
- 06ec4d9 Merge pull request #80 from secrethub/feature/remove-unused-error-logging
- 06543a4 Update secrethub-go to v0.20.0
- 311d29b Remove remaining CaptureErrorAndWait
- 846c5c8 Merge pull request #78 from secrethub/feature/run-mask-output
- 0a4fdb3 Restructured for improved godocs listing
- 311456f Removed obsolete statement
- 79b6d34 More typo fix
- B5532b6 Only reset timer on a buffer flush
- 983a7f6 Minor fixes
- D56093a Return found shift instead of applying it directly
- 5d768e5 Add missing comments and fix typos
- D1f1389 Add flags for configuring masking
- 6779994 Fix incorrect slice assignments
- 4c55fe5 Fix typo
- 7fd716e Mask all secrets from output in secrethub run
- 9a06cd2 Implement MaskedWriter
- 4628f2e Fix "process already finished" bug
- 474fa61 Merge pull request #74 from secrethub/feature/help
- Ccfec68 Merge remote-tracking branch 'origin/develop' into feature/help
- D8e9b58 Merge pull request #75 from secrethub/feature/kingpin
- 6590c80 Merge pull request #76 from secrethub/feature/plain-secrethub-command
- 2053e4d Merge pull request #73 from secrethub/feature/default-run-template
- B004980 Don't make audit the default command
- 3ca9015 Use alecthomas/kingpin instead of a fork
- 516804c Only use secrethub-env.yml as run template when it can be stat
- 62de8ae Change the intro of the help text
- 08a00ce Change the order of commands in the help text
- 8cd3e1f Hide env flag of run command
- 6fdc1f5 Simplify help text messages
- F4a4f22 Hide clear and set commands
- Dff7a70 Simplify help text of write command
- D3045a7 Show the acl command in the help text
- Cc09d5f Add a default to secrethub run --template
- 888bac2 Merge pull request #72 from secrethub/feature/make-audit-a-root-command
- 3d5b3ef Merge pull request #71 from secrethub/feature/help
- A1f102c Format imports
- 9ec1ae8 Refer to the getting started guide in the help text
- 984b958 Add a newline before the flags in the help text
- 0cf43c9 Add a note on how to get help for a subcommand
- 747cd62 Make audit a root command
- 9e0c32f Remove hidden audit repo and audit secret commands
- E84cd7f Improve --help output
- 060defa Merge pull request #70 from secrethub/feature/godoc-status
- Eb367b6 Use godoc status badge in the readme
New in SecretHub 0.21.3 (Apr 30, 2019)
- Merge pull request #69 from secrethub/release/v0.21.3
- Merge pull request #66 from secrethub/feature/golint
- Merge pull request #67 from secrethub/feature/misspell
- Merge pull request #68 from secrethub/feature/readme-improvements
- Make call to action in README clearer
- Fix typo priviliges => privileges
- Do not use golangci default excludes
- Add comment to Logger interface
- Update fake clipboard constructor godoc to use correct funcnames
- Merge pull request #65 from secrethub/feature/snapcraft-desc-update
- Rephrase snapcraft description
- Update snapcraft description
- Merge pull request #64 from secrethub/feature/start-trial-prompt
- Update trial start prompt
- Always prompt trial start on org init
- Replace 'I' with 'we' in org init prompt
- Add prompt on org init whether free user wants to start trial [WIP]