Releases: Azure/notation-azure-kv
Releases · Azure/notation-azure-kv
v1.2.1
Changes
- Upgraded release pipeline runner to use
ubuntu-24.04forLinuxandmacOSbinaries (#232) - Improved E2E testing security and reliability (#232, #213)
Other Changes
- Updated dependencies with highlights below
- Azure.identity v1.13.2
- Azure.Security.KeyVault.Keys v4.7.0
- Azure.Security.KeyVault.Secrets v4.7.0
- Azure.Security.KeyVault.Certificates v4.7.0
- System.Security.Cryptography.Pkcs v9.0.1
Detailed Commits
- doc: update readme for v1.2.0 by @JeyJeyGao in #185
- build(deps): bump Azure.Identity from 1.11.3 to 1.11.4 in /Notation.Plugin.AzureKeyVault by @dependabot in #187
- build(deps): bump xunit from 2.8.1 to 2.9.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #191
- build(deps): bump xunit.runner.visualstudio from 2.8.1 to 2.8.2 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #190
- bump: Azure.Identity 1.12.0 by @JeyJeyGao in #193
- build(deps): bump super-linter/super-linter from 6 to 7 by @dependabot in #194
- build(deps): bump Microsoft.NET.Test.Sdk from 17.10.0 to 17.11.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #195
- build(deps): bump Microsoft.NET.Test.Sdk from 17.11.0 to 17.11.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #197
- build(deps): bump Moq from 4.20.70 to 4.20.72 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #198
- ci(test): replace the service principal with federated managed identity to access AKV by @JeyJeyGao in #213
- build(deps): bump actions/github-script from 6 to 7 by @dependabot in #216
- build(deps): bump Azure.Identity from 1.12.0 to 1.13.1 in /Notation.Plugin.AzureKeyVault by @dependabot in #215
- build(deps): bump Azure.Security.KeyVault.Secrets from 4.6.0 to 4.7.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #211
- build(deps): bump Azure.Security.KeyVault.Keys from 4.6.0 to 4.7.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #210
- build(deps): bump xunit from 2.9.0 to 2.9.2 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #202
- build(deps): bump Azure.Security.KeyVault.Certificates from 4.6.0 to 4.7.0 in /Notation.Plugin.AzureKeyVault by @dependabot in #207
- build(deps): bump System.Security.Cryptography.Pkcs from 8.0.0 to 8.0.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #203
- build(deps): bump System.Security.Cryptography.Pkcs from 8.0.1 to 9.0.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #218
- build(deps): bump codecov/codecov-action from 4 to 5 by @dependabot in #219
- build(deps): bump Microsoft.NET.Test.Sdk from 17.11.1 to 17.12.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #220
- build(deps): bump xunit.runner.visualstudio from 2.8.2 to 3.0.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #221
- build(deps): bump coverlet.collector from 6.0.2 to 6.0.3 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #222
- build(deps): bump Azure.Identity from 1.13.1 to 1.13.2 in /Notation.Plugin.AzureKeyVault by @dependabot in #227
- build(deps): bump xunit.runner.visualstudio from 3.0.0 to 3.0.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #224
- build(deps): bump xunit from 2.9.2 to 2.9.3 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #223
- build(deps): bump System.Security.Cryptography.Pkcs from 9.0.0 to 9.0.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #225
- build(deps): bump coverlet.collector from 6.0.3 to 6.0.4 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #229
- ci: improve reliability by @JeyJeyGao in #232
Full Changelog: v1.2.0...v1.2.1
Contributors
dependabot and JeyJeyGao
Assets 8
v1.2.0
Features
-
Added support for version-less key/certificate identifiers (#181).
Previously, a versioned key ID was required (when signing):
notation sign $IMAGE --plugin azure-kv --id https://x.vault.azure.net/certificates/self-signed-pem/a2c329545a934f0aaf434afe64bb392dCurrently, a version-less key ID is also accepted, and it will automatically choose the latest one.
notation sign $IMAGE --plugin azure-kv --id https://x.vault.azure.net/certificates/self-signed-pem
Other Changes
- Improved error messages (#181)
- Bumped up dependencies
Detailed Commits
- doc: update README for v1.1.0 by @JeyJeyGao in #174
- build(deps): bump xunit from 2.7.1 to 2.8.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #176
- build(deps): bump xunit.runner.visualstudio from 2.5.8 to 2.8.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #175
- build(deps): bump Azure.Identity from 1.11.2 to 1.11.3 in /Notation.Plugin.AzureKeyVault by @dependabot in #177
- build(deps): bump Microsoft.NET.Test.Sdk from 17.9.0 to 17.10.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #179
- feat: add versionless key identifier support by @JeyJeyGao in #181
- build(deps): bump xunit from 2.8.0 to 2.8.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #183
- build(deps): bump xunit.runner.visualstudio from 2.8.0 to 2.8.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #182
Full Changelog: v1.1.0...v1.2.0
Contributors
dependabot and JeyJeyGao
Assets 8
v1.1.0
Features
- Added support for selecting credential types through plugin configuration. (#157)
Other Changes
- Updated the
Azure.Identitylibrary to 1.11.2 (#171, #173) - Enabled .NET AOT feature to optimize the size and execution time of the binary (#156)
- Enabled GitHub Dependabot to automatically update dependencies. (#159)
- Updated dependencies for .NET and GitHub workflow actions.
Detailed Commits
- docs: update README for v1.0.2 by @JeyJeyGao in #152
- bump,ci,fix: bump up dependencies and enable AOT by @JeyJeyGao in #156
- bump(ci): update ci actions by @JeyJeyGao in #158
- ci: add dependabot by @JeyJeyGao in #159
- build(deps): bump super-linter/super-linter from 5 to 6 by @dependabot in #161
- build(deps): bump actions/setup-dotnet from 3 to 4 by @dependabot in #160
- feat: add credential_type plugin config by @JeyJeyGao in #157
- fix(ci): test and release pipeline by @JeyJeyGao in #163
- fix: dependabot exception when parsing .csproj by @JeyJeyGao in #165
- fix: update credential type logic by @JeyJeyGao in #164
- build(deps): bump Azure.Identity from 1.10.4 to 1.11.0 in /Notation.Plugin.AzureKeyVault by @dependabot in #171
- build(deps): bump xunit.runner.visualstudio from 2.5.4 to 2.5.8 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #168
- build(deps): bump xunit from 2.6.2 to 2.7.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #166
- build(deps): bump Moq from 4.20.69 to 4.20.70 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #170
- build(deps): bump Microsoft.NET.Test.Sdk from 17.8.0 to 17.9.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #167
- build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #169
- build(deps): bump Azure.Identity from 1.11.0 to 1.11.2 in /Notation.Plugin.AzureKeyVault by @dependabot in #173
Full Changelog: v1.0.2...v1.1.0
Contributors
dependabot and JeyJeyGao
Assets 8
v1.0.2
Changes
- Updated Azure.identity to v1.10.4 (#145 )
- Updated to dotnet 8.0 (#145 )
- E2E test on Linux, Windows, macOS and Mariner container (#143, #149)
- Support for Azure CBL Mariner container images
Bug Fixes
- Improved error messages (#150 )
Detailed Commits
- doc: update readme for v1.0.1 by @JeyJeyGao in #138
- test: e2e test by @JeyJeyGao in #143
- build: bump up donet 8 by @JeyJeyGao in #145
- fix&test(e2e): mariner containerized e2e test by @JeyJeyGao in #149
- fix: improve RequestFailedException error message by @JeyJeyGao in #150
- test: add unit test for RequestFailedException by @JeyJeyGao in #153
Full Changelog: v1.0.1...v1.0.2
Contributors
JeyJeyGao
Assets 8
v1.0.1
Bug Fixes
- The tarball structure is not consistent between Linux and macOS. (#127)
- Azure Key Vault imported PKCS12 certificate doesn't work on macOS (#133)
- Azure Key Vault imported PKCS12 certificate chain with leaf-to-root certificate order doesn't work (#136)
Detailed Commits
- fix: update help doc by @JeyJeyGao in #130
- ci: update tarball structure by @JeyJeyGao in #129
- doc: update set policy by @JeyJeyGao in #131
- fix: macOS PKCS12 confidential mode = None & Integrity mode = Password(null) by @JeyJeyGao in #134
- ci: add windows and macos test pipeline by @JeyJeyGao in #137
- fix: certificate path construction by @JeyJeyGao in #135
Full Changelog: v1.0.0...v1.0.1
Contributors
JeyJeyGao
Assets 8
v1.0.0
Azure Key Vault plugin v1.0.0 for Notation
notation-azure-kv is a Notation signing plugin using Azure Key Vault managed certificates and keys, implementing the plugin contract of Notary Project Specifications v1.0.0.
Features
- Enable the
notationCLI to generate signatures using Azure Key Vault managed certificates and keys - Support self-signed certificates as well as Certificate Authority (CA) issued certificates
What's Changed Since RC.3
Bug Fixes
- Fix #126: PKCS12 ephemeral key and non-encrypted MAC are not supported on macOS
Other Changes
- Update quote format for documents
Detailed Commits
- doc: update quote note by @JeyJeyGao in #122
- doc: update README for v1.0.0 by @JeyJeyGao in #123
- fix: PKCS12 ephemeral key and non-encrypted MAC are not supported macOS by @JeyJeyGao in #124
Full Changelog: v1.0.0-rc.3...v1.0.0
Contributors
JeyJeyGao
Assets 8
v1.0.0-rc.3
New Features
- Added
self_signedargument in plugin configuration to get self-signed certificate withCertificates Getpermission (#119)
Deprecations
- BREAKING CHANGE: removed
as_secretargument (#119)
Bug Fixes
- Eliminated OpenSSL dependency for enhanced compatibility (#117)
Detailed Commits
- doc: update for v1.0.0-rc.2 by @JeyJeyGao in #115
- fix: remove X509Chain.Build to avoid compatibility issue by @JeyJeyGao in #117
- doc: update ca signed workflow by @JeyJeyGao in #118
- feat: add self_signed pluginConfig by @JeyJeyGao in #119
- doc: update docs for new features by @JeyJeyGao in #120
- doc: release v1.0.0-rc.3 by @JeyJeyGao in #121
Full Changelog: v1.0.0-rc.2...v1.0.0-rc.3
Contributors
JeyJeyGao
Assets 8
v1.0.0-rc.2
Bug Fixes
- Fixed the input reading issue (#112)
- Optimized the error message for incorrect certificate bundle (#113)
Other Changes
- Built-in codesign for macOS binary
- Optimized the JSON serializer to avoid runtime reflection to reduce binary load time and improve the performance (#111)
Detailed Commits
- doc: update artifact version in readme by @JeyJeyGao in #106
- doc: update version for README by @JeyJeyGao in #107
- doc: add macOS codesign by @JeyJeyGao in #108
- feat: optimize JSON serializer by @JeyJeyGao in #111
- ci: update release ci to use macOS by @JeyJeyGao in #110
- fix: check command before read input by @JeyJeyGao in #112
- fix: optimize the error message for unmatchable certificate bundle by @JeyJeyGao in #113
Full Changelog: v1.0.0-rc.1...v1.0.0-rc.2
Contributors
JeyJeyGao
Assets 8
v1.0.0-rc.1
New Features
- Support PKCS12 format for Azure Key Vault Certificate
- Support several new credential method for Azure Key Vault
Other Changes
- BREAKING CHANGE: Removed environment variable
AKV_AUTH_FROM_MI. The managed identity credential will be used automatically - BREAKING CHANGE: The entire plugin is re-written in dotnet
Detailed Commits
- doc: update scripts by @shizhMSFT in #88
- feat: implement get-plugin-metadata & describe-key command in dotnet by @JeyJeyGao in #89
- feat: add .NET verion generate-signature command by @JeyJeyGao in #91
- feat: add as_secret feature by @JeyJeyGao in #92
- test&ci: add test for get-plugin-metadata command & add test CI by @JeyJeyGao in #96
- ci: add .NET release CI by @JeyJeyGao in #94
- chore: remove files for go version by @JeyJeyGao in #99
- doc: add openssl generated certificate by @JeyJeyGao in #100
- refactor: refactor for unit test by @JeyJeyGao in #97
- fix: update Notation brand name by @JeyJeyGao in #101
- ci: set codecov target by @JeyJeyGao in #103
- doc: update readme by @JeyJeyGao in #102
- fix: update readme by @JeyJeyGao in #104
- ci: update release ci runtime name & add release checklist by @JeyJeyGao in #105
Full Changelog: v0.6.0...v1.0.0-rc.1
Contributors
shizhMSFT and JeyJeyGao
Assets 8
v0.6.0
What's Changed
- fix: pem cert chain parsing issue by @JeyJeyGao in #57
- feat: complete cert chain by
certbundleplugin config by @JeyJeyGao in #59 - fix: update error message by @JeyJeyGao in #61
- build: update go version 1.20 by @JeyJeyGao in #69
- build(deps): bump github.com/notaryproject/notation-go from 1.0.0-rc.1 to 1.0.0-rc.3 by @dependabot in #68
- fix: add self-signed cert validation by @JeyJeyGao in #71
- feat: remove autorest package dependency by @JeyJeyGao in #70
- build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 by @dependabot in #75
- feat: remove urfave cli framework by @JeyJeyGao in #74
- feat: align release assets by @JeyJeyGao in #77
- feat: update to use GetCertificate instead of GetSecret by @JeyJeyGao in #76
- test: add keyvault & get metadata unit test by @JeyJeyGao in #79
- test: add code coverage by @JeyJeyGao in #81
- ci: update workflow to trigger when pushing commit to main by @JeyJeyGao in #82
- test: add unit test for crypto package by @JeyJeyGao in #80
- feat: refactor describe-key command & add unit test by @JeyJeyGao in #83
- fix: update Makefile test by @JeyJeyGao in #86
- doc: update README by @JeyJeyGao in #84
New Contributors
- @JeyJeyGao made their first contribution in #57
- @dependabot made their first contribution in #68
Full Changelog: v0.5.0-rc.1...v0.6.0
Contributors
dependabot and JeyJeyGao