6.6.0-alpha.1

What's Changed

• Py3 requirements file header by @jmphilli in #185
• Upgrade coverage to 4.x by @asottile in #189
• Convert confidant to python3 by @asottile in #190
• Fix email retrieval from session by @asottile in #192
• 2->3 email roll forward part 2 by @asottile in #193
• Have generate_value return text by @asottile in #194
• Switch to kmsauth library for kmsauth support by @ryan-lane in #191
• Remove kmsauth int tests by @ryan-lane in #195
• Bump kmsauth and pass in stats by @ryan-lane in #196
• Update requirements by @ryan-lane in #197
• Fix references to flask script for updates reqs by @ryan-lane in #198
• Fix USE_ENCRYPTION=false in python3 by @asottile in #201
• Open pem file as binary by @ryan-lane in #203
• Refactor non-route code into services, and move root services by @ryan-lane in #208
• Use revert endpoint for reverting service and add metadata only fetch by @ryan-lane in #211
• Cache iam role list using a background gevent thread by @ryan-lane in #212
• Add a credential revert endpoint for credential history by @ryan-lane in #213
• Revert to revision for blind credentials by @ryan-lane in #214
• Remove bower and update grunt build to use npm by @ryan-lane in #215
• Temporarily lower coverage - will followup by @ryan-lane in #219
• Drop coverage a bit more by @ryan-lane in #221
• Begin unittests for credentialmanager by @skiptomyliu in #222
• Add credential_keys field to credential endpoint returns by @ryan-lane in #216
• Remove references to docs controllers by @ryan-lane in #224
• Remove unused npm modules by @ryan-lane in #223
• Support ACLs for get_credential in the UI by @ryan-lane in #225
• Upgrade angular, lodash, and bootstrap by @ryan-lane in #227
• Check that user has access to metadata and credentialpair by @skiptomyliu in #228
• Use github actions, rather than travis by @ryan-lane in #229
• Fix for create credential UI by @ryan-lane in #230
• Non-sensitive diff support for credential history by @ryan-lane in #231
• Fix for properly displaying strings, booleans, and lists in credentia… by @ryan-lane in #232
• Add function to hook into external ACL function by @skiptomyliu in #210
• Paging for history view by @ryan-lane in #233
• Refactor resources view to match history view for resource toggling by @ryan-lane in #234
• Log users and the credentials they obtain by @skiptomyliu in #206
• Split v1.py into smaller, more-specific route files by @ryan-lane in #236
• Refactor diff view for services to match credentials diff by @ryan-lane in #237
• Fix mapping credentials by @skiptomyliu in #239
• Use marshmallow for serializing responses by @ryan-lane in #238
• Remove webargs and FlaskParser for now by @ryan-lane in #242
• Use pre_dump, rather than post_load for responses by @ryan-lane in #243
• Check that credential keys are empty in if statement by @skiptomyliu in #244
• Switch to a blueprint/create_app pattern by @ryan-lane in #245
• Switch from nose to pytest by @ryan-lane in #246
• Add unit test coverage for authnz init module by @ryan-lane in #247
• Add permission hints to responses and update UI to use them by @ryan-lane in #248
• Separate create service rbac check into its own call by @skiptomyliu in #249
• Fix permission lookup in credentials in view by @ryan-lane in #250
• Include coverage for a few routes, service model and servicemanager by @ryan-lane in #251
• Update permissions, global permissions, and fix clientconfig race condition by @ryan-lane in #252
• Fix update credential not returning credential_response by @skiptomyliu in #253
• Coverage for list, get, and diff credential by @ryan-lane in #254
• Add acl checks for the rest of the resource endpoints in credentials and services by @ryan-lane in #255
• Upgrade kmsauth and use lru-dict by @ryan-lane in #257
• Python3 compatibility fixes for flask-session by @apakulov-stripe in #258
• Bump gevent and greenlet dependencies for Python 3.7 compatibility by @apakulov-stripe in #259
• Add python 3.8 to test matrix by @ryan-lane in #260
• Bump authomatic version to 1.0.0 by @ryan-lane in #263
• Small tidying: remove unreachable code by @skiptomyliu in #264
• Use ACL for both user and service checks by @ryan-lane in #261
• Switch docs build to sphinx by @ryan-lane in #266
• Add changelog and docs for 6.0.0 release by @ryan-lane in #265
• AWS ACM Private CA support by @ryan-lane in #256
• Bump version to 6.1.0 by @ryan-lane in #267
• Decode private key when loaded from file as base64 by @ryan-lane in #268
• Api docs by @ryan-lane in #269
• Add credential rotation support by @irhkang in #270
• Use module local logger consistently across codebase by @ryan-lane in #273
• Add maintenance script and pynamodb model for archiving and restoring credentials by @ryan-lane in #271
• Add metadata_only flag to GET /v1/credentials/ by @irhkang in #274
• Save archived credential when updating last_decrypted_date by @irhkang in #275
• Update docker-compose to make a full environment, with kms and auth by @ryan-lane in #276
• Update last_rotation_date field when a credential is changed by @irhkang in #272
• Populate a credential's tag attribute by @irhkang in #278
• Make local testing easier, and enable integration tests for ci by @ryan-lane in #277
• Only load credential pairs in UI if user asks to unmask or edits by @ryan-lane in #279
• Python 3 bytes vs string fixes for bootstrap script by @ryan-lane in #281
• Fixes for make docker_test by @ryan-lane in #282
• Send back last rotated date to client by @irhkang in #283
• Fix links between documents in the docs by @ryan-lane in #284
• Don't force people to register bootstrapped secrets by @irhkang in #285
• Add tags to the edit/new credential UI by @ryan-lane in #286
• Show next rotation time in credential UI by @ryan-lane in #287
• Minor bugfix to prevent duplicate tags by @skiptomyliu in #288
• Fix timezone comparison issue by @irhkang in #290
• mapping .:/srv/confidant seems like debugging leftover by @f0rk in #291
• Set history limit to None, if unset by @ryan-lane in #297
• Use new logo and favicon, and update CSS to match color scheme by @ryan-lane in #299
• Fix doc generation by removing duplicate requirement by @ryan-lane in #298
• Bump pyyaml to 5.3.1 by @skiptomyliu in #303
• Switch logo over to an svg logo by @ryan-lane in #300
• Only show add tags button if there are defined tags available by @ryan-lane in #301
• Add images to dist copy step in grunt by @ryan-lane in #302
• Upgrading libraries by @surbhishah in #309
• Bump lxml from 4.4.1 to 4.6.2 by @dependabot in #310
• Add requirements.in to MANIFEST.in for pip install by @ryan-lane in #312
• Bump angular from 1.7.9 to 1.8.0 by @dependabot in #294
• Add our logo by @skiptomyliu in #313
• Noop - Adding purple logo by @skiptomyliu in #315
• Bump urllib3 from 1.25.3 to 1.25.8 by @dependabot in #321
• Bump jinja2 from 2.10.1 to 2.11.3 in /docs by @dependabot in #317
• Bump jinja2 from 2.10.1 to 2.11.3 by @dependabot in #316
• Bump pygments from 2.2.0 to 2.7.4 in /docs by @dependabot in #318
• Bump lxml from 4.6.2 to 4.6.3 by @dependabot in #319
• Bump pip from 9.0.3 to 19.2 by @dependabot in #324
• Bump py from 1.8.1 to 1.10.0 by @dependabot in #322
• Bump urllib3 from 1.25.3 to 1.26.5 by @dependabot in #323
• Bump pyyaml from 5.3.1 to 5.4 by @dependabot in #325
• Don't allow whitespace in credential keys by @skiptomyliu in #327
• Clean up requirements by @aneeshusa in #329
• Bump babel from 2.4.0 to 2.9.1 in /docs by @dependabot in #326
• Bug fix in logic that allows checking if a user is allowed to decrypt a credential by @skiptomyliu in #332
• bump cryptography version to 36.0.1 by @skiptomyliu in #333
• Don't show decrypt icon if user does not have get permissions by @skiptomyliu in #334
• Bump lxml from 4.4.1 to 4.6.5 by @dependabot in #330
• Python3.8 migration by @ruwaifaa in #331
• [SECHELP-13408] Bug fix for show/hide credentials pairs div by @meng-han in #336
• link to infradocs by @ramonpetgrave64 in #338
• Revert "link to infradocs (#338)" by @ramonpetgrave64 in #339
• Support generating signed JWTs by @erickduran in #343
• Require minimum pyjwt>=2.4.0 by @skiptomyliu in #345
• Remove py36. Require minimum pyjwt 2.6.0 by @skiptomyliu in #347
• Make expiration configurable via env vars by @erickduran in #349
• Add stats to jwtkmanager by @skiptomyliu in #352
• Add private key cache and remove unused code by @erickduran in #353
• Support multiple keys per environment by @erickduran in #354
• Bump version to 6.5.0 by @skiptomyliu in #355
• Remove excessive permission checks for get service by @meng-han in #357
• Adding pagination for services by @erickduran in #359
• Adding pagination for credentials by @erickduran in #358
• Adding JWT user mapping by @erickduran in #361
• Add kwargs to JWT fetch by @skiptomyliu in #362
• Making JWT resource ID optional by @erickduran in #363
• Pass in environment to jwt kwargs by @skiptomyliu in #364
• Remove duplicate markupsafe from docs/requirements.txt by @bwitt in #366
• Prefix JWT settings with JWT_ , add JWT_IS_CA_ENCRYPTED setting by @skiptomyliu in #373
• Implement archive route by @erickduran in #371
• Adding new credentials to ACL module check for services by @erickduran in #372
• Add stats for signing key used by @skiptomyliu in #379
• Bug fix - RBAC new credential check fails on new services by @skiptomyliu in #380
• Update ubuntu 18.04 -> 20.04 by @skiptomyliu in #391
• Add logging to confidant ingress by @alejandroroiz in #390
• Add typing to confidant unit tests by @alejandroroiz in #392
• Fix JWT cache by @skiptomyliu in #393
• Add redis as another option for JWT caching by @ruwaifaa in #394
• Update data_schema.md by @alejandroroiz in #395
• Fix Build Docs Action by @alejandroroiz in #396
• Update and rename docs/requirements.txt to docs/requirements3.txt by @alejandroroiz in #397
• Pin mistune dependency in docs/requirements3.txt by @alejandroroiz in #402
• Improve IAM Role cache by @skiptomyliu in #404
• use kmsauth performance parameters by @ramonpetgrave64 in #412
• Unpin kmsauth from v0.6.2 which was pulled due to problems by @leifrf in #415
• Pin kmsauth to v0.6.3 by @leifrf in #416
• Upgrade pynamodb alejandroroiz by @alejandroroiz in #417
• Sanitize User Input for Services and Credentials by @alejandroroiz in #419
• remove types-requests dependency by @alejandroroiz in #420
• change image deploy from docker to ghcr by @alejandroroiz in #421
• fix install docs by @alejandroroiz in #422
• Profiling credentials by @alejandroroiz in #424
• avoid empty credentials by @alejandroroiz in #423
• Further Sanitize User Input by @alejandroroiz in #425

New Contributors

• @jmphilli made their first contribution in #185
• @skiptomyliu made their first contribution in #222
• @apakulov-stripe made their first contribution in #258
• @irhkang made their first contribution in #270
• @f0rk made their first contribution in #291
• @surbhishah made their first contribution in #309
• @dependabot made their first contribution in #310
• @aneeshusa made their first contribution in #329
• @ruwaifaa made their first contribution in #331
• @meng-han made their first contribution in #336
• @ramonpetgrave64 made their first contribution in #338
• @erickduran made their first contribution in #343
• @bwitt made their first contribution in #366
• @alejandroroiz made their first contribution in #390
• @leifrf made their first contribution in #415

Full Changelog: 4.4.0...6.6.0-alpha.1