stklcode/jvaultconnector
stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 33 Wiki Activity
jvaultconnector/CHANGELOG.md
Stefan Kalscheuer 43da0f5109
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 59s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 49s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
Details
prepare release v1.5.0
2025-04-13 11:25:49 +02:00

11 KiB
Raw Blame History

1.5.0 (2025-04-13)

Deprecations

  • read...Credentials() methods for specific database mounts (#92)

Features

  • Support Vault transit API (#89)
  • Support PEM certificate string from VAULT_CACERT environment variable (#93)

Improvements

  • Replace deprecated java.net.URL usage with java.net.URI (#94)

Fix

  • Fix initialization from environment without explicit port

Dependencies

  • Updated Jackson to 2.18.3 (#90)

Test

  • Tested against Vault 1.2 to 1.19

1.4.0 (2024-12-07)

Removal

  • Remove deprecated get...TimeString() on model classes (#77)
  • Drop support for deprecated App-ID auth backend (#61) (#78)

Fix

  • Add jackson-annotations requirement to module-info (#84)

Dependencies

  • Updated Jackson to 2.18.2 (#85)

Test

  • Tested against Vault 1.2 to 1.18

1.3.1 (2024-10-03)

Dependencies

  • Updated Jackson to 2.18.0 (#80)

Fix

  • Remove Automatic-Module-Name from JAR manifest (#79)

1.3.0 (2024-06-29)

Improvements

  • Simplify JSON parsing in error handler
  • Add new fields from Vault 1.16 and 1.17 to HealthResponse
    • echo_duration_ms
    • clock_skew_ms
    • replication_primary_canary_age_ms
    • enterprise
  • Add missing num_uses field to AuthData
  • Add mount_type attribute to common response model
  • Add auth attribute to common response model
  • Add custom_metadata, cas_required and delete_version_after fields for KVv2 metadata
  • Generate and attach CycloneDX SBOM

Fix

  • Rename enable_local_secret_id to local_secret_ids in AppRole model

Dependencies

  • Updated Jackson to 2.17.1

Test

  • Tested against Vault 1.2 to 1.17

1.2.0 (2023-12-11)

Deprecations

  • get...TimeString() methods on various model classes are now deprecated

Improvements

  • Parse timestamps as ZonedDateTime instead of String representation
  • Remove redundant java.base requirement from module-info.java (#69)
  • Close Java HTTP Client when running on Java 21 or later (#70)
  • Add MFA requirements tu AuthResponse (#71)
  • Extend AuthMethod data model (#72)

Dependencies

  • Updated Jackson to 2.16.0

1.1.5 (2023-08-19)

Fix

  • Fixed JSON type conversion in SecretResponse#get(String, Class) (#67)

Test

  • Tested against Vault 1.2 to 1.15

1.1.4 (2023-06-15)

Fix

  • Use [+-]XX:XX notation for timezone in date/time parsing

Improvements

  • Use explicit UTF-8 encoding for parsing responses

Dependencies

  • Updated Jackson to 2.15.2

Test

  • Tested against Vault 1.2.0 to 1.13.3

1.1.3 (2023-01-31)

Deprecations

  • AppID components (deprecated since 0.4) are marked for removal with the next major release

Dependencies

  • Updated Jackson to 2.14.2

Improvements

  • Minor internal refactoring

Test

  • Tested against Vault 1.2.0 to 1.12.2

1.1.2 (2022-10-26)

Dependencies

  • Updated Jackson to 2.13.4.2

Test

  • Tested against Vault 1.2.0 to 1.12.0
  • Disable AppID tests for Vault 1.12 and above (auth method removed)
  • Tested with Java 19

1.1.1 (2022-08-29)

Dependencies

  • Updated Jackson to 2.13.3

Test

  • Tested against Vault 1.11.2
  • Tested with Java 18

1.1.0 (2022-04-24)

Fix

  • Use replication_performance_mode instead of replication_perf_mode in health response.

Improvements

  • Add migration, recovery_seal and storage_type fields to SealReponse model
  • Add support for wrap_info in data response models
  • Dependency updates
  • Model and response classes implement Serializable (#57)
  • Split SercretResponse into PlainSecretResponse and MetaSecretResponse subclasses (common API unchanged)
  • Add missing fields to AuthMethod model
  • Add support for (dis)allowed policy glob patterns in TokenRole
  • Add request ID to data response models

Test

  • Tested against Vault 1.10.1

1.0.1 (2021-11-21)

Fix

  • Make HTTPVaultConnectorBuilder#withPort(Integer) null-safe (#56)
  • Make system-lambda dependency test-only (#58)

Test

  • Tested against Vault 1.9.0

1.0.0 (2021-10-02)

Breaking

  • Requires Java 11 or later
  • Builder invocation has changed, use HTTPVaultConnector.builder()....build()

Removal

  • Remove deprecated VaultConnectorFactory in favor of VaultConnectorBuilder with identical API
  • Remove deprecated AppRoleBuilder and TokenBuilder in favor of AppRole.Builder and Token.Builder
  • Remove deprecated Period, Policy and Policies methods from AppRole in favor of Token-prefixed versions
  • Remove deprecated SecretResponse#getValue() method, use get("value") instead
  • Remove deprecated convenience methods for interaction with "secret" mount

Improvements

  • Use pre-sized map objects for fixed-size payloads
  • Remove Apache HTTP Client dependency in favor of Java 11 HTTP
  • Introduce Java module descriptor

Test

  • Tested against Vault 1.8.3

0.9.5 (2021-07-28)

Deprecations

  • Deprecate {read,write,delete}Secret() convenience methods. Use {read,write,delete}("secret/...") instead (#52)
  • Deprecated builder invocation VaultConnectorBuilder.http() in favor of HTTPVaultConnector.builder() (#51)
  • Deprecated de.stklcode.jvault.connector.builder.HTTPVaultConnectorBuilder in favor of de.stklcode.jvault.connector.HTTPVaultConnectorBuilder (only package changed) (#51)

Old builders will be removed in 1.0

Improvements

  • Minor dependency updates

Test

  • Tested against Vault 1.8.0

0.9.4 (2021-06-06)

Deprecations

  • AppRole.Builder#wit0hTokenPeriod() is deprecated in favor of #withTokenPeriod() (#49)

Improvements

  • Minor dependency updates

Test

  • Tested against Vault 1.7.2

0.9.3 (2021-04-02)

Improvements

  • Use pre-sized map objects for fixed-size payloads
  • Minor dependency updates
  • Unit test adjustments for JDK 16 build environments

Test

  • Tested against Vault 1.7.0

0.9.2 (2021-01-24)

Fixes

  • Only initialize custom trust managers, if CA certificate is actually provided (#43)

Improvements

  • Minor dependency updates

0.9.1 (2021-01-03)

Improvements

  • Dependency updates

Test

  • Tested against Vault 1.6.1

0.9.0 (2020-04-29)

Fixes

  • Correctly parse Map field for token metadata (#34)
  • Correctly map token policies on token lookup (#35)

Features

  • Support for token types (#26)
  • Support for token role handling (#27) (#37)

Improvements

  • Added entity_id, token_policies, token_type and orphan flags to auth response
  • Added entity_id, expire_time, explicit_max_ttl, issue_time, renewable and type flags to token data
  • Added explicit_max_ttl, period and entity_alias flags to Token model (#41)
  • Added enable_local_secret_ids, token_bound_cidrs, token_explicit_max_ttl, token_no_default_policy, token_num_uses, token_period and token_type flags to AppRole model
  • Minor dependency updates

Deprecations

  • AppRole#getPolicies() and #setPolicies() are deprecated in favor of #getTokenPolicies() and #setTokenPolicies()
  • AppRole#getPeriod() is deprecated in favor of #getTokenPeriod()
  • AppRoleBuilder and TokenBuilder in favor of AppRole.Builder and Token.Builder
  • All-arg constructors of AppRole and Token in favor of .builder()....build() introduced in 0.8

Removals

  • Deprecated methods AppRole#getBoundCidrList(), #setBoundCidrList() and getBoundCidrListString() have been removed.

Test

  • Tested against Vault 1.4.0

0.8.2 (2019-10-20)

Fixes

  • Fixed token lookup (#31)

Improvements

  • Updated dependencies

0.8.1 (2019-08-16)

Fixes

  • Removed compile dependency to JUnit library (#30)

Improvements

  • Updated dependencies

Test

  • Tested against Vault 1.2.2

0.8.0 (2019-03-24)

Breaking

  • Moved Maven artifact to de.stklcode.jvault:jvault-connector (#28)
  • Removed support for HTTPVaultConnectorFactory#withSslContext() in favor of #withTrustedCA() due to

Features

  • Support for KV version 2 secret engine (#16)
  • Ability to pass custom mount point to KV v2 read/write methods (#25)

Improvements

  • refactoring of the internal SSL handling (#17)
  • VaultConnector extends java.io.Serializable (#19)
  • Added missing flags to SealResponse (#20)
  • Added replication flags to HealthResponse (#21)
  • Enforce TLS 1.2 by default with option to override (#22)
  • Build environment and tests now compatible with Java 10
  • Updated dependencies to fix vulnerabilities (i.e. CVE-2018-7489)
  • New static method Token.builder() to get token builder instance
  • New static method AppRole.builder() to get AppRole builder instance

Deprecation

  • VaultConnectorFactory is deprecated in favor of VaultConnectorBuilder with identical API (#18)
  • AppRoleBuilder#withBoundCidrList(List) is deprecated in favor of AppRoleBuilder#withSecretIdBoundCidrs(List) (#24)

0.7.1 (2018-03-17)

Improvements

  • Added automatic module name for JPMS compatibility
  • Minor dependency updates

Test

  • Tested against Vault 0.9.5

0.7.0 (2017-10-03)

Features

  • Retrieval of health status via getHealth() (#15)

Improvements

  • seal(), unseal() are now void and throw Exception on error (#12)
  • Adaptation to Vault 0.8 endpoints for renew and revoke, breaking 0.7 compatibility (#11)

Removed

  • Removed deprecated listAppRoleSecretss() (use listAppRoleSecrets()) (#14)

Test

  • Tested against Vault 0.8.3

0.6.2 [2017-08-19]

Fixes

  • Prevent potential NPE on SecretResponse getter
  • Removed stack traces on PUT request and response deserialization (#13)

Improvements

  • Fields of InvalidResposneException made final

Deprecation

  • listAppRoleSecretss() in favor of listAppRoleSecrets() (#14)

Test

  • Tested against Vault 0.8.1, increased coverage

0.6.1 (2017-08-02)

Fixes

  • TokenModel.getPassword() returned username instead of password
  • TokenModel.getUsername() and getPassword() could produce NPE in multithreaded environments
  • TokenData.getCreatinTtl() renamed to getCreationTtl() (typo fix)

Test

  • Tested against Vault 0.7.3

0.6.0 (2017-05-12)

Features

  • Initialization from environment variables using fromEnv() in factory (#8)
  • Automatic authentication with buildAndAuth()
  • Custom timeout and number of retries (#9)
  • Connector implements AutoCloseable

Fixes

  • SecretResponse does not throw NPE on get(key) and getData()

Test

  • Tested against Vault 0.7.2

0.5.0 (2017-03-18)

Features

  • Convenience methods for DB credentials (#7)

Fixes

  • Minor bugfix in TokenBuilder

Deprecation

  • SecretResponse.getValue() deprecated

Test

  • Tested against Vault 0.7.0

0.4.1 [2016-12-24]

Fixes

  • Factory Null-tolerant for trusted certificate (#6)

Test

  • StackTraces tested for secret leaks
  • Tested against Vault 0.6.4

0.4.0 (2016-11-06)

Features

  • Option to provide a trusted CA certificate (#2)
  • Deletion, revocation and renewal of secrets (#3)
  • Token creation (#4)
  • AppRole auth backend supported (#5)

Improvements

  • Support for complex secrets

Deprecation

  • App-ID backend marked as deprecated

0.3.0 (2016-10-07)

Features

  • Retrieval of JSON objects (#1)

Test

  • Tested against Vault 0.6.2

0.2.0 (2016-09-01)

Improvements

  • Dependecies updated and CommonsIO removed

Fixes

  • Fixed auth backend detection for Vault 0.6.1

Test

  • Tested against Vault 0.6.1

0.1.1 (2016-06-20)

Fixes

  • Check for "permission denied" without status code 400 instead of 403

Test

  • Tested against Vault 0.6.0

0.1.0 (2016-03-29)

  • First release