From 60f93a7562b6e19fe643a83e95ed4e1ef6f46b8d Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 15 Sep 2017 01:41:38 -0400 Subject: [PATCH] changelog++ --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 888e811ba4..9f22edff27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,12 @@ CHANGES: stacks were unhappy validating paths containing such certs. As a result, `sign-self-issued` now encodes the signing CA's Subject DN into the Issuer DN of the generated certificate. + * `sys/raw` requires enabling: While the `sys/raw` endpoint can be extremely + useful in break-glass or support scenarios, it is also extremely dangerous. + As of now, a configuration file option `raw_storage_endpoint` must be set in + order to enable this API endpoint. Once set, the available functionality has + been enhanced slightly; it now supports listing and decrypting most of + Vault's core data structures, except for the encryption keyring itself. IMPROVEMENTS: