Release 2024-01-11T13-09-29Z

Release Notes

Release 2024-01-11T13-09-29Z contains changes for the Hashicorp Vault backend.

Added

• Now, a KES server configuration accepts authentication specific Hashicorp Vault namespaces. This may be useful when KES should
  authenticate within the root namespace but use secret engines within sub namespaces.

  approle:    # AppRole credentials. See: https://www.vaultproject.io/docs/auth/approle.html
     namespace: "" # Optional Vault namespace used just for authentication. A single "/" is an alias for the Vault root namespace.
     engine: ""    # The path of the AppRole engine - e.g. authenticate. If empty, defaults to: approle. (Vault default)
     id: ""        # Your AppRole Role ID
     secret: ""    # Your AppRole Secret ID
  

  Note that KES can also not send any namespace header for authentication methods, even if a namespace for its secret engines has been configured, by setting namespace: "/".

Changed

• The Hashicorp Vault backend now uses a new authentication token renewal implementation. The previous one got removed by 13cee22.
  Since then, the KES server uses its authentication credentials to obtain a new token instead of renewing its current one. Now, the KES
  server refreshes its authentication token before it expires and only re-authenticates using its credentials when the token renewal fails.
  Details can be found in 877a8ae.

What's Changed

• upgrade deps and fix ci by @harshavardhana in #426
• vault: implement authentication token renewal by @aead in #428
• Add workflow to add issues to tracker by @dvaldivia in #429
• vault: support authentication in different namespaces by @aead in #431
• remove unused code by @aead in #432

New Contributors

• @dvaldivia made their first contribution in #429

Full Changelog: 2023-11-10T10-44-28Z...2024-01-11T13-09-29Z