mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-27 09:31:10 +02:00
Code Issues Projects Releases Wiki Activity

changelog++

Browse Source
This commit is contained in:
Jeff Mitchell 2016-03-14 14:50:05 -04:00
parent b07c9ca252
commit adcf5a6e98
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CHANGELOG.md
View File

@ -6,10 +6,11 @@ FEATURES:
on configured roles [GH-998] on configured roles [GH-998]
* **Token Accessors**: Vault now provides an accessor with each issued token. * **Token Accessors**: Vault now provides an accessor with each issued token.
This accessor is an identifier that can be used for a limited set of This accessor is an identifier that can be used for a limited set of
actions, notably for token revocation. This value is logged in plaintext to actions, notably for token revocation. This value is by default logged in
audit logs, and in combination with the plaintext metadata logged to audit plaintext to audit logs, and in combination with the plaintext metadata
logs, provides a searchable and straightforward way to revoke particular logged to audit logs, provides a searchable and straightforward way to
users' or services' tokens in many cases. revoke particular users' or services' tokens in many cases. At enable time,
audit backends can be configured to HMAC the accessor instead.
* **Token Credential Backend Roles**: Roles can now be created in the `token` * **Token Credential Backend Roles**: Roles can now be created in the `token`
credential backend that allow modifying token behavior in ways that are not credential backend that allow modifying token behavior in ways that are not
otherwise exposed or easily delegated. This allows creating tokens with a otherwise exposed or easily delegated. This allows creating tokens with a
@ -25,6 +26,9 @@ IMPROVEMENTS:
token [GH-1188] token [GH-1188]
* core: Ignore leading `/` in policy paths [GH-1170] * core: Ignore leading `/` in policy paths [GH-1170]
* core: Ignore leading `/` in mount paths [GH-1172] * core: Ignore leading `/` in mount paths [GH-1172]
* command/policy-write: Provided HCL is now validated for format violations
and provides helpful information around where the violation occurred
[GH-1200]
* command/server: The initial root token ID when running in `-dev` mode can * command/server: The initial root token ID when running in `-dev` mode can
now be specified via `-dev-root-token-id` or the environment variable now be specified via `-dev-root-token-id` or the environment variable
`VAULT_DEV_ROOT_TOKEN_ID` [GH-1162] `VAULT_DEV_ROOT_TOKEN_ID` [GH-1162]
@ -33,7 +37,7 @@ IMPROVEMENTS:
`VAULT_DEV_LISTEN_ADDRESS` [GH-1169] `VAULT_DEV_LISTEN_ADDRESS` [GH-1169]
* command/step-down: New `vault step-down` command and API endpoint to force * command/step-down: New `vault step-down` command and API endpoint to force
the targeted node to give up active status, but without sealing. The node the targeted node to give up active status, but without sealing. The node
will wait ten seconds before attempting too grab the lock again. [GH-1146] will wait ten seconds before attempting to grab the lock again. [GH-1146]
* command/token-renew: Allow no token to be passed in; use `renew-self` in * command/token-renew: Allow no token to be passed in; use `renew-self` in
this case. Change the behavior for any token being passed in to use `renew`. this case. Change the behavior for any token being passed in to use `renew`.
[GH-1150] [GH-1150]