stklcode/jvaultconnector
stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 33 Wiki Activity
jvaultconnector/CHANGELOG.md
Stefan Kalscheuer d329af2c67
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 1m3s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 1m4s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 1m2s
Details
deprecate default methods to read specific database credentials (#92) 
The interface has some methods to read database credentials from
specific mountpoints like "mysql". While ann database mounts share
the same credential endpoints, the mount point itself can have any
name. Let's clean up some methods of low benefit and deprecate the
convenience methods.

Trivial replacement is `getDbCredentials()` with explicit mount point,
if it's actually mounted on that path.
2025-03-09 11:43:15 +01:00

11 KiB
Raw Blame History

unreleased

Deprecations

  • read...Credentials() methods for specific database mounts (#92)

Dependencies

  • Updated Jackson to 2.18.3 (#90)

Test

  • Tested against Vault 1.2 to 1.19

1.4.0 (2024-12-07)

Removal

  • Remove deprecated get...TimeString() on model classes (#77)
  • Drop support for deprecated App-ID auth backend (#61) (#78)

Fix

  • Add jackson-annotations requirement to module-info (#84)

Dependencies

  • Updated Jackson to 2.18.2 (#85)

Test

  • Tested against Vault 1.2 to 1.18

1.3.1 (2024-10-03)

Dependencies

  • Updated Jackson to 2.18.0 (#80)

Fix

  • Remove Automatic-Module-Name from JAR manifest (#79)

1.3.0 (2024-06-29)

Improvements

  • Simplify JSON parsing in error handler
  • Add new fields from Vault 1.16 and 1.17 to HealthResponse
    • echo_duration_ms
    • clock_skew_ms
    • replication_primary_canary_age_ms
    • enterprise
  • Add missing num_uses field to AuthData
  • Add mount_type attribute to common response model
  • Add auth attribute to common response model
  • Add custom_metadata, cas_required and delete_version_after fields for KVv2 metadata
  • Generate and attach CycloneDX SBOM

Fix

  • Rename enable_local_secret_id to local_secret_ids in AppRole model

Dependencies

  • Updated Jackson to 2.17.1

Test

  • Tested against Vault 1.2 to 1.17

1.2.0 (2023-12-11)

Deprecations

  • get...TimeString() methods on various model classes are now deprecated

Improvements

  • Parse timestamps as ZonedDateTime instead of String representation
  • Remove redundant java.base requirement from module-info.java (#69)
  • Close Java HTTP Client when running on Java 21 or later (#70)
  • Add MFA requirements tu AuthResponse (#71)
  • Extend AuthMethod data model (#72)

Dependencies

  • Updated Jackson to 2.16.0

1.1.5 (2023-08-19)

Fix

  • Fixed JSON type conversion in SecretResponse#get(String, Class) (#67)

Test

  • Tested against Vault 1.2 to 1.15

1.1.4 (2023-06-15)

Fix

  • Use [+-]XX:XX notation for timezone in date/time parsing

Improvements

  • Use explicit UTF-8 encoding for parsing responses

Dependencies

  • Updated Jackson to 2.15.2

Test

  • Tested against Vault 1.2.0 to 1.13.3

1.1.3 (2023-01-31)

Deprecations

  • AppID components (deprecated since 0.4) are marked for removal with the next major release

Dependencies

  • Updated Jackson to 2.14.2

Improvements

  • Minor internal refactoring

Test

  • Tested against Vault 1.2.0 to 1.12.2

1.1.2 (2022-10-26)

Dependencies

  • Updated Jackson to 2.13.4.2

Test

  • Tested against Vault 1.2.0 to 1.12.0
  • Disable AppID tests for Vault 1.12 and above (auth method removed)
  • Tested with Java 19

1.1.1 (2022-08-29)

Dependencies

  • Updated Jackson to 2.13.3

Test

  • Tested against Vault 1.11.2
  • Tested with Java 18

1.1.0 (2022-04-24)

Fix

  • Use replication_performance_mode instead of replication_perf_mode in health response.

Improvements

  • Add migration, recovery_seal and storage_type fields to SealReponse model
  • Add support for wrap_info in data response models
  • Dependency updates
  • Model and response classes implement Serializable (#57)
  • Split SercretResponse into PlainSecretResponse and MetaSecretResponse subclasses (common API unchanged)
  • Add missing fields to AuthMethod model
  • Add support for (dis)allowed policy glob patterns in TokenRole
  • Add request ID to data response models

Test

  • Tested against Vault 1.10.1

1.0.1 (2021-11-21)

Fix

  • Make HTTPVaultConnectorBuilder#withPort(Integer) null-safe (#56)
  • Make system-lambda dependency test-only (#58)

Test

  • Tested against Vault 1.9.0

1.0.0 (2021-10-02)

Breaking

  • Requires Java 11 or later
  • Builder invocation has changed, use HTTPVaultConnector.builder()....build()

Removal

  • Remove deprecated VaultConnectorFactory in favor of VaultConnectorBuilder with identical API
  • Remove deprecated AppRoleBuilder and TokenBuilder in favor of AppRole.Builder and Token.Builder
  • Remove deprecated Period, Policy and Policies methods from AppRole in favor of Token-prefixed versions
  • Remove deprecated SecretResponse#getValue() method, use get("value") instead
  • Remove deprecated convenience methods for interaction with "secret" mount

Improvements

  • Use pre-sized map objects for fixed-size payloads
  • Remove Apache HTTP Client dependency in favor of Java 11 HTTP
  • Introduce Java module descriptor

Test

  • Tested against Vault 1.8.3

0.9.5 (2021-07-28)

Deprecations

  • Deprecate {read,write,delete}Secret() convenience methods. Use {read,write,delete}("secret/...") instead (#52)
  • Deprecated builder invocation VaultConnectorBuilder.http() in favor of HTTPVaultConnector.builder() (#51)
  • Deprecated de.stklcode.jvault.connector.builder.HTTPVaultConnectorBuilder in favor of de.stklcode.jvault.connector.HTTPVaultConnectorBuilder (only package changed) (#51)

Old builders will be removed in 1.0

Improvements

  • Minor dependency updates

Test

  • Tested against Vault 1.8.0

0.9.4 (2021-06-06)

Deprecations

  • AppRole.Builder#wit0hTokenPeriod() is deprecated in favor of #withTokenPeriod() (#49)

Improvements

  • Minor dependency updates

Test

  • Tested against Vault 1.7.2

0.9.3 (2021-04-02)

Improvements

  • Use pre-sized map objects for fixed-size payloads
  • Minor dependency updates
  • Unit test adjustments for JDK 16 build environments

Test

  • Tested against Vault 1.7.0

0.9.2 (2021-01-24)

Fixes

  • Only initialize custom trust managers, if CA certificate is actually provided (#43)

Improvements

  • Minor dependency updates

0.9.1 (2021-01-03)

Improvements

  • Dependency updates

Test

  • Tested against Vault 1.6.1

0.9.0 (2020-04-29)

Fixes

  • Correctly parse Map field for token metadata (#34)
  • Correctly map token policies on token lookup (#35)

Features

  • Support for token types (#26)
  • Support for token role handling (#27) (#37)

Improvements

  • Added entity_id, token_policies, token_type and orphan flags to auth response
  • Added entity_id, expire_time, explicit_max_ttl, issue_time, renewable and type flags to token data
  • Added explicit_max_ttl, period and entity_alias flags to Token model (#41)
  • Added enable_local_secret_ids, token_bound_cidrs, token_explicit_max_ttl, token_no_default_policy, token_num_uses, token_period and token_type flags to AppRole model
  • Minor dependency updates

Deprecations

  • AppRole#getPolicies() and #setPolicies() are deprecated in favor of #getTokenPolicies() and #setTokenPolicies()
  • AppRole#getPeriod() is deprecated in favor of #getTokenPeriod()
  • AppRoleBuilder and TokenBuilder in favor of AppRole.Builder and Token.Builder
  • All-arg constructors of AppRole and Token in favor of .builder()....build() introduced in 0.8

Removals

  • Deprecated methods AppRole#getBoundCidrList(), #setBoundCidrList() and getBoundCidrListString() have been removed.

Test

  • Tested against Vault 1.4.0

0.8.2 (2019-10-20)

Fixes

  • Fixed token lookup (#31)

Improvements

  • Updated dependencies

0.8.1 (2019-08-16)

Fixes

  • Removed compile dependency to JUnit library (#30)

Improvements

  • Updated dependencies

Test

  • Tested against Vault 1.2.2

0.8.0 (2019-03-24)

Breaking

  • Moved Maven artifact to de.stklcode.jvault:jvault-connector (#28)
  • Removed support for HTTPVaultConnectorFactory#withSslContext() in favor of #withTrustedCA() due to

Features

  • Support for KV version 2 secret engine (#16)
  • Ability to pass custom mount point to KV v2 read/write methods (#25)

Improvements

  • refactoring of the internal SSL handling (#17)
  • VaultConnector extends java.io.Serializable (#19)
  • Added missing flags to SealResponse (#20)
  • Added replication flags to HealthResponse (#21)
  • Enforce TLS 1.2 by default with option to override (#22)
  • Build environment and tests now compatible with Java 10
  • Updated dependencies to fix vulnerabilities (i.e. CVE-2018-7489)
  • New static method Token.builder() to get token builder instance
  • New static method AppRole.builder() to get AppRole builder instance

Deprecation

  • VaultConnectorFactory is deprecated in favor of VaultConnectorBuilder with identical API (#18)
  • AppRoleBuilder#withBoundCidrList(List) is deprecated in favor of AppRoleBuilder#withSecretIdBoundCidrs(List) (#24)

0.7.1 (2018-03-17)

Improvements

  • Added automatic module name for JPMS compatibility
  • Minor dependency updates

Test

  • Tested against Vault 0.9.5

0.7.0 (2017-10-03)

Features

  • Retrieval of health status via getHealth() (#15)

Improvements

  • seal(), unseal() are now void and throw Exception on error (#12)
  • Adaptation to Vault 0.8 endpoints for renew and revoke, breaking 0.7 compatibility (#11)

Removed

  • Removed deprecated listAppRoleSecretss() (use listAppRoleSecrets()) (#14)

Test

  • Tested against Vault 0.8.3

0.6.2 [2017-08-19]

Fixes

  • Prevent potential NPE on SecretResponse getter
  • Removed stack traces on PUT request and response deserialization (#13)

Improvements

  • Fields of InvalidResposneException made final

Deprecation

  • listAppRoleSecretss() in favor of listAppRoleSecrets() (#14)

Test

  • Tested against Vault 0.8.1, increased coverage

0.6.1 (2017-08-02)

Fixes

  • TokenModel.getPassword() returned username instead of password
  • TokenModel.getUsername() and getPassword() could produce NPE in multithreaded environments
  • TokenData.getCreatinTtl() renamed to getCreationTtl() (typo fix)

Test

  • Tested against Vault 0.7.3

0.6.0 (2017-05-12)

Features

  • Initialization from environment variables using fromEnv() in factory (#8)
  • Automatic authentication with buildAndAuth()
  • Custom timeout and number of retries (#9)
  • Connector implements AutoCloseable

Fixes

  • SecretResponse does not throw NPE on get(key) and getData()

Test

  • Tested against Vault 0.7.2

0.5.0 (2017-03-18)

Features

  • Convenience methods for DB credentials (#7)

Fixes

  • Minor bugfix in TokenBuilder

Deprecation

  • SecretResponse.getValue() deprecated

Test

  • Tested against Vault 0.7.0

0.4.1 [2016-12-24]

Fixes

  • Factory Null-tolerant for trusted certificate (#6)

Test

  • StackTraces tested for secret leaks
  • Tested against Vault 0.6.4

0.4.0 (2016-11-06)

Features

  • Option to provide a trusted CA certificate (#2)
  • Deletion, revocation and renewal of secrets (#3)
  • Token creation (#4)
  • AppRole auth backend supported (#5)

Improvements

  • Support for complex secrets

Deprecation

  • App-ID backend marked as deprecated

0.3.0 (2016-10-07)

Features

  • Retrieval of JSON objects (#1)

Test

  • Tested against Vault 0.6.2

0.2.0 (2016-09-01)

Improvements

  • Dependecies updated and CommonsIO removed

Fixes

  • Fixed auth backend detection for Vault 0.6.1

Test

  • Tested against Vault 0.6.1

0.1.1 (2016-06-20)

Fixes

  • Check for "permission denied" without status code 400 instead of 403

Test

  • Tested against Vault 0.6.0

0.1.0 (2016-03-29)

  • First release