File aws-vault.changes of Package aws-vault
------------------------------------------------------------------- Sun Apr 02 00:27:34 UTC 2023 - pousaduarte@gmail.com - Update to version 7.2.0: * Fix ini output to match credentials file * Add a few more tests for TempCredentialsProvider * Prioritise source_profile over sso config * Update golangci-lint * Check session identity when creds are static ------------------------------------------------------------------- Sun Mar 26 00:27:36 UTC 2023 - pousaduarte@gmail.com - Update to version 7.1.2: * ------------------------------------------------------------------- Sat Mar 25 11:30:52 UTC 2023 - pousaduarte@gmail.com - Update to version 7.1.2: * ------------------------------------------------------------------- Sat Mar 25 11:25:44 UTC 2023 - pousaduarte@gmail.com - Update to version 7.2.0-beta2: * Prioritise source_profile over sso config * Update golangci-lint * Check session identity when creds are static ------------------------------------------------------------------- Sun Mar 19 00:26:30 UTC 2023 - pousaduarte@gmail.com - Update to version 7.1.2: * Update help message * Add explicit removal notice + instructions for --prompt=pass * Remove reference to pointer * Update USAGE.md * Add typical use-cases to USAGE * Fix go linter complaint of unnecessary conversion * Fix hang on invisible tty when using 2FA where prompt=terminal in some edge cases ------------------------------------------------------------------- Sun Mar 12 00:26:37 UTC 2023 - pousaduarte@gmail.com - Update to version 7.0.2: * Elevate stored credentials above source_profile * Remove config validtion. Debug logs show which credential source is used * Check if profile has stored credentials before calling credential_process * Bump kingpin dep * Clarify that server is local * Fix DI for cache disable * Fix export help message * Web identity profiles with role ARNs are valid * Use DI for useSessionCache * Refactor for clarity * Refactor for clarity * Use DI for UseSession * Return error when browser can't be opened ------------------------------------------------------------------- Sun Mar 05 00:26:31 UTC 2023 - pousaduarte@gmail.com - Update to version 7.0.0-rc7: * Fix config validation * Fix config validation * Validate that configs don't have more than one source * Don't require master credentials for federation token * Fix typo * Shut down ec2 proxy automatically * Support execve syscall on all architectures that can * Add an env var to disable subshell help messages * Bump deps * Remove dependabot, its annoying * Use go 1.20 ------------------------------------------------------------------- Sun Feb 26 00:26:16 UTC 2023 - pousaduarte@gmail.com - Update to version 7.0.0-rc1: * Improve subshell error message * Bump deps * Don't attempt to load sso-session sections without a name * Check for a session token * Allow login with master creds in environment * Fix prompts required in non-tty processes ------------------------------------------------------------------- Mon Feb 20 14:33:30 UTC 2023 - pousaduarte@gmail.com - Update to version 7.0.0-beta2: * Revert removal of AWS_DEFAULT_REGION. boto3 uses it * Fix stale in CI * Add region to export output * Use ini lib to create ini output * Fix export ini format * Update USAGE.md ------------------------------------------------------------------- Sun Feb 19 00:19:46 UTC 2023 - pousaduarte@gmail.com - Update to version 7.0.0-beta1: * Continue to refine help message to improve devex * Remove use of old env vars * Update docs to reflect current metadata server behaviour * Fix default shell on windows * Make help output more consistent * Update docs * Automatically select the best prompt driver * Make --ecs-server the default server implementation * Add aws-vault export command to output creds in a variety of formats * Bump deps * Provide feedback to user when prudent * Remove support for parent_profile, deprecated in v5 ------------------------------------------------------------------- Sun Feb 12 00:18:16 UTC 2023 - pousaduarte@gmail.com - Update to version 7.0.0-alpha1: * Add new expiration env var * Add usage instructions * Only show available prompt commands * Remove passotp * Add support for mfa_process * Don't use sessions or roles with credentials_process * Add support for consuming credential_process in 'aws-vault exec'. * Make linting happy * Remove superfluous changes * Don't create default sso-session section * Handle [sso-session] section * Bump deps * Update module to v7 * Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 * Simplify tempCredsCreator * Remove specification for v4 from mfa_serial source profile setting * Correct `MFA_NAME` -> `MFA_DEVICE_NAME` * Flag Yubikey Create/Resync scripts requiring `$MFA_DEVICE_NAME` == `$IAM_USERNAME` * Update USAGE with new Yubikey instructions * Update USAGE with new multiple MFA instructions ------------------------------------------------------------------- Sun Jan 22 00:17:54 UTC 2023 - pousaduarte@gmail.com - Update to version 6.6.2: * Revert "With login, `SSOUseStdout` should follow `--stdout`" ------------------------------------------------------------------- Sun Dec 25 00:04:48 UTC 2022 - pousaduarte@gmail.com - Update to version 6.6.1: * Bump keyring to 1.2.2 * Bump golangci-lint * Remove default and abandoned linters * Another ioutil * Remove ioutil * Shift all context.TODOs to the top-level cli * Update USAGE.md * Remove golang.org/x/sys/execabs * Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 * Update deps * Update deps * Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 * Bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 * Improve signposting of IAM api call restrictions * Recreate oidc token when 401 error is returned * Update deps * Update comments for new name of AWS IAM Identity Center * Update name of AWS IAM Identity Center * Add YKMAN_OATH_DEVICE_SERIAL to USAGE.md * Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 * README.md: #Installing: add Gentoo * chore: Set permissions for GitHub actions * Bump github.com/aws/aws-sdk-go-v2/service/ssooidc from 1.12.0 to 1.12.3 * Bump github.com/aws/aws-sdk-go-v2/service/iam from 1.18.0 to 1.18.3 * Bump github.com/aws/aws-sdk-go-v2/config from 1.15.0 to 1.15.3 * allow Host header with :80 * Bump github.com/aws/aws-sdk-go-v2/service/sso from 1.11.0 to 1.11.3 * With login, `SSOUseStdout` should follow `--stdout` * Bump github.com/aws/aws-sdk-go-v2/config from 1.14.0 to 1.15.0 * Bump github.com/aws/aws-sdk-go-v2/service/iam from 1.17.0 to 1.18.0 * Bump github.com/aws/aws-sdk-go-v2/service/ssooidc from 1.11.0 to 1.12.0 * Bump github.com/aws/aws-sdk-go-v2/service/sso from 1.10.0 to 1.11.0 * Bump golangci/golangci-lint-action from 2 to 3.1.0 ------------------------------------------------------------------- Sun Mar 13 00:08:42 UTC 2022 - pousaduarte@gmail.com - Update to version 6.6.0: * Fix error message when profile nor env vars found * Add golangci-lint and fix linting issues * Add usage examples * Add a /role-arn route to ECS server * Bump github.com/99designs/keyring from 1.2.0 to 1.2.1 (#877) * [login] allow sourcing STS credentials from environment (closes #861) (#864) * Bump actions/checkout from 2.4.0 to 3 * Bump github.com/aws/aws-sdk-go-v2/service/sts from 1.14.0 to 1.15.0 * Bump github.com/aws/aws-sdk-go-v2/service/ssooidc from 1.10.0 to 1.11.0 * Bump github.com/aws/aws-sdk-go-v2/service/iam from 1.16.0 to 1.17.0 * Bump actions/setup-go from 2.2.0 to 3 * Bump github.com/aws/aws-sdk-go-v2/service/sso from 1.9.0 to 1.10.0 * Update README.md * Bump gopkg.in/ini.v1 from 1.66.3 to 1.66.4 * Bump actions/setup-go from 2.1.5 to 2.2.0 ------------------------------------------------------------------- Mon Mar 07 14:04:39 UTC 2022 - pousaduarte@gmail.com - Update to version 6.6.0-pre-standalone-ecs-server-for-roles-2: * Add a lazy option so that there are no prompts up front * Separate creation and starting of the ecs server * Cache a session when starting server * Add env var for auth-token * Add standalone ECS role server ------------------------------------------------------------------- Sun Mar 06 00:10:15 UTC 2022 - pousaduarte@gmail.com - Update to version 6.6.0-pre-standalone-ecs-server-for-roles-1: * Bump actions/checkout from 2.4.0 to 3 * Bump github.com/aws/aws-sdk-go-v2/service/sts from 1.14.0 to 1.15.0 * Bump github.com/aws/aws-sdk-go-v2/service/ssooidc from 1.10.0 to 1.11.0 * Bump github.com/aws/aws-sdk-go-v2/service/iam from 1.16.0 to 1.17.0 * Bump actions/setup-go from 2.2.0 to 3 * Bump github.com/aws/aws-sdk-go-v2/service/sso from 1.9.0 to 1.10.0 * Update README.md * Bump gopkg.in/ini.v1 from 1.66.3 to 1.66.4 * Bump actions/setup-go from 2.1.5 to 2.2.0 * Windows arm64 build target * Fix release instructions ------------------------------------------------------------------- Sun Feb 06 22:47:00 UTC 2022 - pousaduarte@gmail.com - Update to version 6.5.0: * Use os.UserHomeDir instead of library * Update README.md * Update deps * Add `--stdout` option to `aws-vault exec` * Fix release instructions * Update create-dmg to use notarytool ------------------------------------------------------------------- Sun Jan 23 15:29:44 UTC 2022 - pousaduarte@gmail.com - Update to version 6.4.0: * Remove android release build * go fmt * Use buffered channel for signals to fix go vet * Update deps * Bump github.com/aws/aws-sdk-go-v2/service/iam from 1.5.0 to 1.16.0 * Bump github.com/aws/aws-sdk-go-v2/service/sso from 1.2.1 to 1.9.0 * Bump github.com/aws/aws-sdk-go-v2/service/ssooidc from 1.2.1 to 1.10.0 * Bump gopkg.in/ini.v1 from 1.62.0 to 1.66.2 * Bump github.com/aws/aws-sdk-go-v2 from 1.6.0 to 1.13.0 * Bump actions/setup-go from 1 to 2.1.5 * Bump actions/checkout from 1 to 2.4.0 * Update the linf for Homebrew on Linux * Update USAGE.md * Add documentation on source identity * Add support for source identity on sessions * Fix hint message for unsetting env variable * Enable dependabot to get security updates and if needed version updat… * Update README.md * Update README.md * Add an example Dockerfile * Update MFA prompt message, fixes #799 * Make file backend directory configurable * add asdf install readme * Update commands to setup MFA * feature: eagerly fetch credentials when the ECS server starts * Fix incorrect environment variable name to override STS session tags * Fix Makefile to codesign more reliably on Darwin * rename + add executable bit * Add script to configure tha aws cli with env vars * Update ykman.go * Simplify if statement * prevent windows exec unintentional relative pathing * Prevent osascript prompt code injection * Check for existing dmg when creating ------------------------------------------------------------------- Sun May 30 00:05:06 UTC 2021 - pousaduarte@gmail.com - Update to version 6.4.0beta1: * Use Go 1.16 in CI * Allow to force-remove a profile without a prompt * Use the request context * Fix deprecated dep * Improve error messages when rotating * Remove empty errors from function * Add docs for new env var * Fix ykman prompt for v4. Resolves #741, resolves #742, resolves #743 * Update aws deps * Add OpenSUSE update instructions * Simplify yubikey scripts * Use LookupEnv rather than Getenv for AWS_VAULT_FILE_PASSPHRASE * Clean up use of CredentialsCache * Fix legacy STS endpoint resolver * Update AWS SDK to v2 * Update release step instructions ------------------------------------------------------------------- Sun May 16 16:58:40 UTC 2021 - pousaduarte@gmail.com - Update to version 6.3.1: * Set flags to cross-compile darwin/arm64 on darwin/amd64 and vice versa * Use bump-cask-pr * Update dmg script to report errors when encountered * Remove -s and -w flags from go build * Update deps * Remove broken CodeQL * Update TOC * Added darwin osx arm binaries for M1 (#751) * More openbsd support * Set YKMAN_OATH_DEVICE_SERIAL to select Yubikey * build for openbsd * added back `-u` (nounset) along with var default * aws helper scripts fixed to work on more platforms * wrapped time generation logic into function * changed shell to `/bin/sh` * updated USAGE * added timed wait between code generations, added resync script * Change brew syntax to avoid a deprecation warning * Update README.md * Update arch linux install instructions * Using separate functions to parse session tags and session transitive tags; Added tests for the functions * Adding tests for STS Session Tags configuration * Adding support for STS Session Tags * Add spanish language to error message checking * Create codeql-analysis.yml ------------------------------------------------------------------- Sun Oct 18 22:47:32 UTC 2020 - pousaduarte@gmail.com - Update to version 6.2.0: * Update keyring dep * Fix description * Support sts_regional_endpoints configuration * Handle additional username formats * Fixup shell-check error in Yubikey create script * Fix target * Build a static version of the android binary * Hack around DNS resolution issues on Android * Update README.md * Add new compile targets * Improve docs around usage of mfa_serial * Use iso8601 helper * Add a function to format times compatible with aws sdks * newline added to end of parent_profile deprecation warning * Report number of cleared sessions more accurately * Bump deps * Add AWS_MIN_TTL to set expiry window * The expiry window determines whether stored creds should be used * Refresh cached credentials if expired * Update clear help message * Update exec --json help * Fix extra session appearing in list * Update USAGE.md * Create new sessions the same way * Fix error returned by OIDCTokenKeyring * Fix gc strategy to ensure we don't return expired credentials * Fix clearing oidc tokens from a profile * Update other commands to work consistently * Rename subcommand * Implement clear-cache command * Get full stack traces from dev builds * Return key not found for expired OIDC tokens * Add pass-otp as an otp prompt * Update USAGE.md * When the `--json` flag is missing the process hangs * Fix check for cache * Handle OIDC caching for new keyring entries * Handle shutdown via kill properly * Fix pattern to match all paths * Update USAGE.md * Add logging for #624 * Make cli options order consistent * Clarify credential_process * Add OIDC token caching * Fix missing return * Move validation to its own function * Use go 1.15 in CI * Update deps * Update go-ini dep * Proxy fixes * Rename function * Remove globals, rename prompt to credui * Read Secret Access Key with ReadPassword * Add a prompt that is native to Windows * Add possibility to check for localised error messages, add localised German messages * Use RFC3339 consistently for expiration times * Update docs * Refactor configloader instantiation * Update deps * Remove unused constants * Simplify exec code * Use Region, not SSORegion * Clarify that web_identity_token_process is a non-standard option * No sourceCredProvider is needed when assuming via web identity * Add USAGE documentation * Add AssumeRoleWithWebIdentityProvider * Improve fish shell completions * Make session duration format clear in usage docs * Add --secret-service-collection (#539) * Check the host header to mitigate a DNS rebinding attack * Update USAGE.md * Update README.md * Update makefile * Revert back to storing the expiry in the keyname :( * Fix shell completion issues * Add docs for shell tricks * Update makefile * Remove old docker config * Update docs * Fix infinite recursion issue for missing/invalid profile * Make make install more useable for those without a cert * Document shell completions * Update USAGE.md * Update USAGE.md * Organise contrib * Update USAGE.md * Update import paths to v6 * Revert "Make the exec command default to a login shell. Fixes #546" * Update USAGE.md * Update USAGE.md * Naming consistency * Restore key case insensitivity * Revert "Ignore case of section and key names when parsing config." * Update USAGE.md * Update docs * Add caching to AssumeRole * Simplify SSORoleCredentialsProvider * Fix typo * Generalise CachedSessionProvider * Refactor sessions * Update USAGE.md * Fix go mod import paths * Update USAGE.md * Update USAGE.md * Update USAGE.md * Update USAGE.md * Remove incorrect error message * Update keyring dependency. Fixes #562 * Rename parent_profile to include_profile * Refactor cli global flags initialisation * Stream errors to stderr * Add unit tests for SSO provider * Update USAGE.md * Update README.md * Add contrib script to enable a mfa device via ykman * Add to TOC * Make expires time easier to read * Keep the message short and sweet * Add logging * Output all stderr * Use YKMAN_OATH_CREDENTIAL_NAME to override ykman credential * Add ykman prompt * Update USAGE.md TOC * feat: pipe instructions to stderr * Fix retry interval for device authorization * Add support for AWS SSO profiles ------------------------------------------------------------------- Sun May 10 14:29:03 UTC 2020 - pousaduarte@gmail.com - Update to version 5.4.4: * Check the host header to mitigate a DNS rebinding attack * Revert changes to the ec2 metadata server since v5.3.2 * Revert "Make the exec command default to a login shell. Fixes #546"
