SECURITY:
- Critical Golang vulnerability in v0.13.2 [GH-366
BUG FIXES:
- Add LICENSE file to compiled linux distribution and docker image [GH-365
SECURITY:
- Update dependencies to address CVE-2022-41723.
BUG FIXES:
- Fix not passing through configuration setting properly to underlying consul-template config [GH-312, GH-310]
- Fix issue with vault agent token file reading [GH-314, GH-275]
BUG FIXES:
- Fix using an interactive shell as the command [GH-306, GH-305]
- Fix command argument parsing GH-304, GH-297]
- Version and help output to STDOUT [GH-289, GH-279]
IMPROVEMENTS:
- Support Vault K8s authorization [GH-281, GH-274]
- Allow multiple secrets with same name [GH-296]
- Don't log Go scheduler signals [GH-288, GH-285]
- Build darwin-arm64 binaries [GH-276]
BUG FIXES:
IMPROVEMENTS:
- New docker image [GH-265, GH-258, GH-229]
- Add support for Vault Namespaces [GH-262, GH-184]
- New feature to allow only fetching a subset of keys from Vault Secret [GH-259, GH-235]
- Ability to customize environment variable names [GH-236, GH-234]
- Supports fetching service information [GH-220]
IMPROVEMENTS:
- Add support for Vault Agent token files [GH-249]
- Update whitelist/blacklist config options to allowlist/denylist with backward compatibility [GH-246]
- Update Consul Template dependency to v0.25.1 [GH-245]
BUG FIXES:
- Remove code/logic for working with (long deprecated) Vault grace [GH-245]
IMPROVEMENTS:
- Allow users to use ENV vars in prefix paths using Go templates [GH-167]
BUG FIXES:
-
Fix renewing wrapped tokens, renew using unwrapped token [GH-239, GH-222]
-
Fix issue with secret/prefix entries with no path [GH-240, GH-165]
DOCUMENTATION:
SECURITY:
- Don't log values/secrets pulled from vault [GH-226]
BUG FIXES:
SECURITY:
- curl and musl vulnerabilities in latest alpine docker image [GH-223]
IMPROVEMENTS:
BREAKING CHANGES:
- When passing unevaluated, 'single quoted text' to -exec or as the command the shell variable interpolation and backtick evaluation will no longer be done. This was an undocumented 'feature' and was responsible for GH-180.
IMPROVEMENTS:
- Added support for Vault KV v2 [GH-186 GH-211]
- Respect no_prefix for consul keys [GH-190]
- Respect exec.env config block [GH-155]
BUG FIXES:
- Fix issue with shell interpolation [GH-180]
- Fix issue with PID file not being created [GH-194]
- Fix issue with Vault renew [GH-196]
- Don't panic if secret value isn't a string [GH-166]
SECURITY:
- Fixed an issue where the parent's environment could get supplied to the child
process if
envconsulis given an empty prefix, even when using-pristine[GH-159]
IMPROVEMENTS:
- Compile using Go 1.9.2 [GH-158]
BUG FIXES:
- Fixed Makefile to use Go version from the environment [GH-157]
IMPROVEMENTS:
- Compile using Go 1.9.0
BUG FIXES:
- Remove dynamic linking due to a missing underscore in CGO_ENABLED during compilation [GH-147]
BREAKING CHANGES:
kill_signal(configuration) and-kill-signal(CLI) now refer to the signal that Envconsul should listen to for termination, not the signal that Envconsul should send to the child process. Useexec.kill_signalor-exec-kill-signalto specify the command to send to the child process.
DEPRECATIONS:
-
(configuration)
consulis nowconsul { address = "..." }. -
(configuration)
authis nowconsul { auth { ... } }. -
(configuration)
pathis deprecated and there is no configuration file replacement. Use the CLI option instead. -
(configuration)
splay = "..."is nowexec { splay = "..." }. -
(configuration)
retry = "..."is now separately controlled via both theconsulandvaultstanzas to allow for additional configuration. -
(configuration)
ssl {}is now separately controlled via both theconsulandvaultstanzas to allow for additional configuration. -
(configuration)
timeout = "..."is nowexec { kill_timeout = "..." }. -
(configuration)
token = "..."is nowconsul { token = "..." }. -
(cli)
-authis now-consul-auth. -
(cli)
-addris now-consul-addr. -
(cli)
-splayis now-exec-splay. -
(cli)
-retryis now-consul-retry-*and-vault-retry-*. -
(cli)
-ssl-*is now-consul-ssl-*and-vault-ssl-*. -
(cli)
-timeoutis now-exec-kill-timeout. -
(cli)
-tokenis now-consul-token.
BREAKING CHANGES:
- Remove deprecated way of specifying
prefixesas an array in configuration.
IMPROVEMENTS:
- Allow stripping parts of a secret path [GH-84, GH-113]
BUG FIXES:
- Overwriting existing environment variables [GH-122]
- Update Consul API library to stop logging secret data [GH-120]
- Ensure returned value is not nil [GH-124]
IMPROVEMENTS:
- Accept
Keyoption in SSL config - Accept stdin - this allows the user to pipe and use interactively [GH-80, GH-75]
BUG FIXES:
- Use gatedio in tests to avoid races
- Document
pristineflag - Load
VAULT_TOKENfrom the environment into the config [GH-99, GH-100] - Add
timeoutCLI flag parsing [GH-73] - Do not overwrite previous process when no data is returned [GH-85, GH-107]
FEATURES:
- Add a configurable kill switch [GH-48]
- Add
pristineoption to completely replace the environment for the command [GH-58] - Add support for Vault configuration and prefixes
- Add support for custom key formatting
- Add
splayoption for sleeping a random amount of time before re-spawing the child process [GH-53]
IMPROVEMENTS:
- Improve documentation around command line vs configuration file parameters [GH-41]
- Update to new Consul Template APIs which are more efficient
- Match Makefile and semantics for other HashiCorp projects
- Set a default max-stale value of 1s
- Support reloading configuration on SIGHUP (but the signal will also be sent to the child process!)
BUG FIXES:
- Fix config merging [GH-49]
- Trim leading and trailing slashes from prefixes [GH-59]
- Fix ignored
-sslflag [GH-51] - Remove noisy debug line [GH-55]
- Properly handle the case where a command is missing [GH-61]
DEPRECATIONS:
- Specifying the prefix before the command is deprecated, please use the
-prefixkey instead
FEATURES:
- Add support for logging to syslog
- Add
log_levelas a configuration file option and CLI option - Add support for basic HTTP authentication when connecting to Consul
- Add support for connecting to Consul via SSL
- Add support for specifying a custom retry interval when Consul is not available
- Add support for specifying multiple prefixes using the new
-prefixcommand line and configuration option (GH-27) - Add support for propagating select signals to the child process (GH-31)
IMPROVEMENTS:
- Improve test coverage, specifically around command-line flag parsing
- Use Consul Template's logging library for consistency (and get syslog logging for free)
BUG FIXES:
- Fix a bug in the documentation where the environment would be reset
- Raise an error when specifying a non-existent option in the configuration file
IMPROVEMENTS:
- Allow
envconsulto run when Consul is unavailable (GH-28) - Add
-max-staleto specify envconsul may talk to non-leader Consul nodes if they are less than the maximum stale value (GH-36)
BUG FIXES:
- Remove deprecated CLI and config options
FEATURES:
- Watch and reload by default - previously you needed to specify the
-reloadflag for envconsul to poll, but this is now the default behavior - you can restore the old behavior using the new-onceflag - Leverage watching libraries from Consul Template
- Unified command interface with Consul Template
- Added support for quiescene using the new
-waitoption - Added support for Consul ACLs using the new
-tokenoption - Added support for reading configuration from file using the new
-configoption - the config file is HCL
IMPROVEMENTS:
- Added
-timeoutparameter for specifying the interval to wait for SIGTERM to return before sending SIGKILL - Added
-versionflag to print the current version of envconsul - Added a full debug log tracer which can be set using
ENV_CONSUL_LOG=debug - Drastically improved documentation with usage examples and feature documentation
- Add significantly more test coverage (still not 100%, but more more thoroughly tested)
DEPRECATIONS:
-addris deprecated in favor of-consuland will be removed in the next major release-dcis deprecated in favor of using the inline@dcsyntax and will be removed in the next major release-errExit,-terminate, and-reloadare all deprecated in favor of-once. envconsul now intelligently exits where appropriate
FEATURES:
- Sanitize and upcase by default
- If
-reloadis not set, don't watch keys - Preserve the original process environment
BUG FIXES:
- Fixed issue with prefix listing missing final forward slash
- Fixed panic condition on error
- Initial release