Version 0.12.0

Changelog

b6c9678 add server metrics API
a75c6ec cli: rework audit log trace and add error log trace
a206149 feat: add gcp secret manager support
a918c44 fix docker file for edge image
bc67cf9 fix the docker CI build by adding Dockerfile.release
0ada76e fix: misspelling words and remove tailing space
477b32b remove legacy docker image
8de99b0 sdk: fix incorrect policy name concatenation
945afb7 stabilize client API and improve endpoint URL generation
558854a update Go versions in CI and README

Docker images

• docker pull minio/kes:v0.12.0
• docker pull minio/kes:latest

Version 0.11.0

Changelog

859e6e9 add integration tests
1bd93ff aws: unify errors returned to client
b0826ba fix build version in goreleaser
29c602b fix docker build issues, add ca-certificates for containers
1b64284 gemalto: add support for Gemalto KeySecure
47a2ff0 server: add server startup message
b8727d4 update to v0.11.0
4a60cd5 vault: unify errors returned to client

Docker images

• docker pull minio/kes:v0.11.0
• docker pull minio/kes:latest

Version 0.10.1

Changelog

2eb33a9 Update README.md
c5c1d49 client: use io.LimitReader instead of io.CopyN for raw error messages
bb67968 delete assigned identities when deleting policy
378d417 fix main instead of dir
324a9bc read minisign passphrase from a file

Docker images

• docker pull minio/kes:v0.10.1
• docker pull minio/kes:latest

Version 0.10.0

Added

• New /v1/key/encrypt server API (5de0d19)
• Code of Conduct (6f6ae7c)
• CodeQL static analysis

Fixed

• Custom Vault K/V and AppRole authentication engine paths can be specified (9a6264c)
• Certificate validation for TLS proxies enabled by default (d583669)

Version 0.9.0

Changed

• The CLI client expects the private key now as KES_CLIENT_KEY and the certificate as
  KES_CLIENT_CERT env. variable (c3a1a11)

Version 0.8.3

Changed

• The KES client (including the CLI) now retries when a request fails due to an error that is considered temporary (75b5932)
• An identity in the yaml config can now be replaced by a env. variable. Therefore, an identity as to be a placeholder for an env. variable - e.g. ${MY_IDENTITY} (a7cc78e)

Version 0.8.2

Added

• Private key and certificate for root identity of play instance (c325864)

Changed

• Require HTTP/2 for all server APIs (6e7a319)

Version 0.8.1

Changed

• Removed the restriction of only supporting HTTP/2 (43d9d58)

Version 0.8.0

This release makes some major breaking changes affecting the server configuration and derived data encryption keys.

Changed

• The KES server supports only HTTP/2. Support for HTTP/1.1 and HTTP/1.0 has been removed. (b74bb38)
• The KES SDK stabilizes the API for creating a new client (326d8a4)
• The log configuration does not support log files anymore. Error and Audit logging can only be enabled or disabled (8f259c0)
• The Vault K/V prefix configuration field has been renamed from name to prefix (8f259c0)
• Some KES server CLI options have been renamed from --tls-key to --key, --tls-cert to --cert and --mtls-auth to --auth. (8f259c0)

Removed

• Support for toml configuration files. (8f259c0)
• Support for toml policy files (3cd0009)
• Direct support for encrypted secrets via an external KMS configuration (650af34)
• Support for the insecure AES key derivation based on RFC 8452 (650af34)

Version 0.7.2

Fixed

The kes binary built during a docker build now contains the correct release version info. (e6e9e9e)
The docker build process will first build the release command binary which then fetches the correct version
information from the $GOPROXY. This change only affects the build process and does not change any binary functionality.