v0.33.0

Added

• You can now delete your account through the SDK. Added for secrethub/secrethub-cli#375 (#237)
• Access rules are now created a lot faster (#236)

v0.32.1

Fixed

• Fixes error message when no passphrase is provided for a credential that requires a passphrase to be unlocked (#234)

v0.32.0

Added

• You can now pass a credentials passphrase with SECRETHUB_CREDENTIAL_PASSPHRASE environment variable. (#223, #225)
• Add WithDefaultPassphraseReader client option which can be used to configure passphrase loading for auto-detected credentials (for example credentials detected from SECRETHUB_CREDENTIAL environment variable or ~/.secrethub/credential file). If this option is not passed, SECRETHUB_CREDENTIAL_PASSPHRASE environment variable is used for passphrase-encrypted auto-detected credentials.
  For credentials passed in the application code, keep using secrethub.WithCredentials(credentials.UseKey(credential).Passphrase(passphraseReader)). (#225)
• You can now configure the remote API URL with SECRETHUB_API_REMOTE environment variable. (#227)
• Add more information to error messages shown when credential cannot be loaded. (#223)
• Allow unexpected errors to be unwrapped, to reveal the original error message. (#226)
• Automatically retry creating access rules, directories, secrets and secret keys if creation fails due to a simultaneous conflicting operation. (#229)

Removed

• Drop client.Users().Create function. To sign up for an account on SecretHub, use https://signup.secrethub.io instead. (#231)

Internal

• Use new API format for service account creation. (#191)

v0.31.0

Added

• Allow account key creation with setup code (#216, #217, #218)
• Export function to get authenticated account (#214)

Changed

• Improve mocks for secrets, IdP links and credentials (#207, #215)

v0.30.0

Added

• GCP Identity Provider is out of beta and generally available. (#198)
• Functions to create and manage links to GCP projects. These links are needed to create a service account that makes use of the SecretHub Identity Provider. The GCP project of every GCP Service Account that is used for the Identity Provider first has to be linked to a SecretHub namespace. (#195)
• Errors for creating a service account with an already taken AWS Role now resides in this package. (#200)

Changed

• The error message for providing an incorrect value when a namespace is expected now clearly states that a namespace can also be an organization. (#196)

v0.29.1

Fixed

• Fix a problem where if the client was used with the AWS Identity Provider and the time between two calls to the API was more than 5 minutes and 30 seconds, the client's session would not be correctly refreshed. This resulted in an api.session_not_found error.

v0.29.0

Added

• [private beta] Adds GCP Identity Provider for keyless authentication and decryption on GCP. Introduces credentials.CreateGCPServiceAccount() and credentials.UseGCPServiceAccount() for creating and using credentials for a GCP Service Account.

Changed

• Error message for malformed credential files is now more descriptive (#182)
• Error message for when no credential is supplied is more explanatory (#188)

Please note that the GCP Identity Provider is released as a private beta. This means that the API will not accept the creation of a service account using this Identity Provider if you're not admitted to the private beta. Furthermore, the signature of this functionality might change in the future.

If you want to test this functionality, please reach out to us at [email protected].

v0.28.0

Changed

• Add AWS credential not found error (#177)
• Add secret path to all secret not found errors (#183)
• Make setting app info more extensible (#184)

v0.27.0

Added

• Add iterator functions to iterate over lists of resources (#163)
• Add human-readable charset, which is a set of alphanumeric characters that are not similar to each other. (#174)

Changed

• Upgraded minimum Go version to 1.13 (#178)
• Include the path of the secret/repo in a secret/repo not found error (#172, #179)
• Change fake client to use functions instead of structs (#176)

Deprecated

• Deprecated list functions, use the new iterator functions instead (#163)

v0.26.0

Added

• Detect AWS authentication using web identity token files. This enables the use of AWS native authentication on AWS EKS. (#158)
• Various documentation improvements (#160, #164)
• Add functionality to get a charset by its name (#168)
• Improve error messages (#165)

Fixed

• Switch UUID package. The previous package had a critical bug in entropy gathering for generation of new UUID's. However, this functionality is not used client-side outside of tests and migration is mainly performed to not use a deprecated package. (#166)