| htvault-config-1.15-1.osg36.el8.src
[787.5 MiB] |
Changelog
by Dave Dykstra (2023-03-02):
- Update vault-plugin-secrets-oauthapp to 3.1.1 which adds support for token
exchange at a /sts path instead of /creds. Keep applying the PR patch
that also adds it under /creds for a transition period until htgettoken
is updated everywhere to use the new path.
- Update vault-plugin-auth-jwt to 0.15.2.
- Update vault-plugin-auth-ssh to 0.3.0.
- Require vault >= 1.13.
- Require diffutils.
- Fix bug where the kerberos policydomain option was ignored.
|
| htvault-config-1.14-1.osg36.el8.src
[561.6 MiB] |
Changelog
by Dave Dykstra (2023-01-17):
- Add auditlog configuration option. As part of that, disable the
vault systemd ProtectFull and ProtectHome options.
- Require vault >= 1.12.1.
- Update the vault-plugin-auth-jwt to the latest upstream commit.
- Include gox in the source tarball.
|
| htvault-config-1.13-1.osg36.el8.src
[485.7 MiB] |
Changelog
by Dave Dykstra (2022-05-23):
- Remove support for old-style per issuer/role secret plugins. Requires
htgettoken >= 1.7.
- Add ability to delete a previously defined configuration by using
a keyword "delete:" under the configuration name and setting it to
any value.
- Update vault-plugin-auth-jwt to the latest commit (because the patches
had been rebased on it).
|
| htvault-config-1.12-1.osg36.el8.src
[485.7 MiB] |
Changelog
by Dave Dykstra (2022-03-23):
- Require vault-1.10.0 and update vault-plugin-auth-jwt to version 0.12.1
and vault-plugin-auth-ssh to version 0.1.1.
|
| htvault-config-1.11-1.osg36.el8.src
[456.5 MiB] |
Changelog
by Dave Dykstra (2021-12-01):
- Add support for ssh-agent authentication, including self-registering of
ssh public keys.
|
| htvault-config-1.10-1.osg36.el8.src
[504.8 MiB] |
Changelog
by Dave Dykstra (2021-11-15):
- Fix problem that /etc/krb5-<name>.keytab was preferred for first service
only when the kerbservice was explicitly defined for an issuer. Now it
also works for default first kerberos service.
|
| htvault-config-1.6-1.osg36.el8.src
[447.4 MiB] |
Changelog
by Dave Dykstra (2021-09-15):
- Update to vault-plugin-secrets-oauthapp 3.0.0-beta.4 which includes a
replacement for PR #64.
|
| htvault-config-1.4-1.osg36.el8.src
[242.7 MiB] |
Changelog
by Dave Dykstra (2021-07-20):
- Updated the token exchange PR for vault-plugin-secrets-oauthapp to
send the client secret in the initial authorization request in the
device flow
- Updated to vault-plugin-secrets-oauthapp-2.2.0
|
| htvault-config-1.2-1.osg36.el8.src
[201.2 MiB] |
Changelog
by Dave Dykstra (2021-06-17):
- Update to vault-plugin-auth-jwt-0.9.4 and require vault-1.7.3
|
| htvault-config-1.1-1.osg36.el8.src
[195.7 MiB] |
Changelog
by Dave Dykstra (2021-05-10):
- Correctly disable secret oauth module instead of incorrect auth module
when something changes requiring clearing out of old secrets.
- Allow dashes in names by converting them in bash variables to
underscores, and reject any other non-alphanumeric or underscore in
names.
- Fix bug in RFC8693 token exchange pull request to puppetlabs plugin
which caused comma-separated scopes to get sent to the token issuer
instead of space-separated scopes.
|
| htvault-config-0.5-1.osg36.el8.src
[139.9 MiB] |
Changelog
by Dave Dykstra (2021-02-19):
- Always reconfigure everything when systemd service is started, just don't
disable/reenable oauthapp because that wipes out stored secrets.
- Support multiple roles per issuer.
|