Releases · martinbaillie/vault-plugin-secrets-github

21 Mar 10:38

v2.1.0

b27482c

v2.1.0 Latest

Latest

Summary

A release focused on optimizations for using the plugin at significant scale based on feedback from large enterprise deployments.

New features

The config endpoint gets a option for significantly reducing the memory footprint of the plugin with exclude_repository_metadata.
The plugin is now multiplexed to avoid spawning multiple plugin processes for mounts of the same type.

Hygiene

Go 1.22 and codebase modernized.
All dependencies upgraded.
Project infrastructure simplified (Nix; no more Make and Docker) and modernized (goreleaser).
SBOMs added to the release collateral.

Changelog

b27482c Disable proxy
06444ef Fix CI
4704d2b Fix new hide metadata contribution
9adcf63 Handle Prom/OpenMetrics upgrade
4f09214 Support existence checks
db002ca Support multiplexed plugins
537597d Ditch Docker and Make for pure Nix
ef9e7ba Run github.com/martinbaillie/copiedloopvarfixer over code
03f158b Replace dated usage of interface{} with any
52200f6 Fix disable metadata feature
9bfbd38 feat: added a configuration key [hide_repository_metadata] that, if set to true, will minimize the [token.data.repositories] to [token.data.repositories.names] to avoid high memory consumption (#114)
8fd5e5a Update the releases link (#108)
072ee83 Update documentation for v2.0.0

Assets 48

SHA256SUMS

5.11 KB 2024-03-21T10:24:16Z
SHA256SUMS.sig

566 Bytes 2024-03-21T10:24:16Z
vault-plugin-secrets-github-darwin-amd64

15.5 MB 2024-03-21T10:23:12Z
vault-plugin-secrets-github-darwin-amd64_2.1.0_darwin_amd64.sbom

105 KB 2024-03-21T10:24:13Z
vault-plugin-secrets-github-darwin-arm64

15 MB 2024-03-21T10:23:12Z
vault-plugin-secrets-github-darwin-arm64_2.1.0_darwin_arm64.sbom

105 KB 2024-03-21T10:24:15Z
vault-plugin-secrets-github-freebsd-386

14.2 MB 2024-03-21T10:23:46Z
vault-plugin-secrets-github-freebsd-386_2.1.0_freebsd_386.sbom

103 KB 2024-03-21T10:24:16Z
vault-plugin-secrets-github-freebsd-amd64

15 MB 2024-03-21T10:23:44Z
vault-plugin-secrets-github-freebsd-amd64_2.1.0_freebsd_amd64.sbom

104 KB 2024-03-21T10:24:15Z
Source code (zip)

2024-03-21T10:20:45Z
Source code (tar.gz)

2024-03-21T10:20:45Z

12 Oct 09:25

martinbaillie

v2.0.0

8d0472f

v2.0.0

With this release, the plugin is moving to a model where it can support multiple GitHub App installations from the one mount. It does this in v2 by moving the configuration of GitHub App installation IDs (installation_id) to request time rather than configuration time.

Users can provide the installation_id as part of ad-hoc requests to the /token endpoint but are encouraged instead to utilise the powerful Permission Sets feature to persist and abstract away the installation_id parameter from the user entirely. By creating a permission set you only need to enter the installation_id once.

For convenience and to support another use case, the token and permission set endpoints can alternatively take an org_name value instead of an installation_id. In this case, the plugin will perform an additional lookup (roundtrip to your GitHub instance) against org_name to discover the current installation_id first during token creation flows. Note that there is no caching of the discovered installation_id so this extra lookup occurs every time. For high traffic mounts or permission sets you may wish to continue setting installation_id instead of org_name.

Breaking Changes:

Installation ID configuration is moved to request time. Permission Sets strongly encouraged.

Assets 16

06 Feb 10:22

martinbaillie

v2.0.0-rc.1

27c7403

Release v2.0.0-rc.1

v2.0.0-rc.1

The plugin is moving to a model where it can support multiple GitHub App installations from the one mount. It does this in v2 by moving the configuration of GitHub App installation IDs (ins_id) to request time rather than configuration time.

Users can provide the ins_id as part of ad-hoc requests to the /token endpoint but are encouraged instead to utilise the powerful Permission Sets feature to abstract away the ins_id parameter entirely.

Breaking Changes:

Installation ID configuration is moved to request time. Permission Sets strongly encouraged.
Installation ID lookup using Organisation name. This may be reintroduced in some form before v2.0.0.

Assets 16

14 Dec 10:44

martinbaillie

v1.3.0

5933094

Release v1.3.0

v1.3.0

New features:

A new org_name config value that can be used to discover the GitHub App installation ID from the organisation instead of providing it explicitly.

Assets 15

23 May 06:31

martinbaillie

v1.2.0

a7cf937

Release v1.2.0

v1.2.0

New features:

A new repositories parameter that allows you to specify token repository constraints by name instead of ID!

Assets 15

26 Apr 11:13

martinbaillie

v1.1.1

a37501e

Release v1.1.1

v1.1.1

Bug fixes:

A 401 Bad credentials from GitHub during a Vault lease revocation operation is now considered a success because the token has already been revoked by GitHub before Vault could.

Assets 15