Elastic Harp Versions Save

Secret management by contract toolchain

v0.2.11

9 months ago

What's Changed

Full Changelog: https://github.com/elastic/harp/compare/v0.2.10...v0.2.11

v0.2.10

2 years ago

v0.2.9

2 years ago

0.2.9

2022-03-13

BREAKING-CHANGES:

  • FIPS artifacts are disabled by default on GitHub Actions CI but still can be built locally.
  • harp-artifacts containing all harp binaries will not be produced anymore.

FEATURES:

  • cli/lint:

    • Provide command to Lint YAML/JSON content for Bundle, BundleTemplate, RuleSet and BundlePatch. #138

  • cli/render:

    • Generate a configuration file system from an archive. #149

  • cli/template:

    • Support archive as file loader.

  • sdk/api:

    • Bundle, BundleTemplate, RuleSet and BundlePatch JSON schema are published. #138
    • JSON Schema for all configuration files. #145

  • sdk/crate:

    • A crate is an OCI Compatible image which can be pushed to OCI compliant registries.
    • crate push is used to prepare a crate with a sealed container and optionally an archive - OCI Push #138
    • This is used to publish the sealed container and the templates used to render the final configuration.
    • crate copy is used to retrieve a remote crate from a registry. #147

DIST:

  • docker:
    • Multi-architecture docker images are produced.

What's Changed

Full Changelog: https://github.com/elastic/harp/compare/v0.2.8...v0.2.9

v0.2.8

2 years ago

FEATURES:

  • cli:
    • darwin-amd64 and darwin-arm64 are code signed and notarized using an Apple Developer ID certificate to allow harp execution on Silicon M1 based computers. #134
  • cli/transform:
    • compress/decompress commands for various algorithms. #117
    • hash/multihash command for various hashing algorithms. #117
    • encode/decode command for various encoding strategies #117
  • bundle/ruleset:
    • enable rego language for RuleSet constraint engine. #134
  • sdk/api:
    • support user_data for Bundle, Package, SecretChain to store custom arbitrary data during pipeline execution. #134
  • sdk/value:
    • encoding reader / writer factory. #117
    • compression reader/writer factory. #117
    • hash writer factory. #117

CHANGES:

  • go:
    • FIPS artifact build process is disabled.
  • git:
    • the tag cmd/harp/vX.XX will never be produced.
  • ci:
    • dependabot setup to monitor and automate dependency updates.
    • the release pipeline has been completely redesigned to use goreleaser.
    • SLSA provenance is temporary disabled due to a lack of the multiplatform support for the used action.

DIST:

  • build/ci:
    • SHA256 fingerprint is provided per artifact.
    • SBOM is embedded in the artifact archive.
  • build/gha:

Full Changelog: https://github.com/elastic/harp/compare/v0.2.7...v0.2.8

cmd/harp/v0.2.8

2 years ago

What's Changed

Full Changelog: https://github.com/elastic/harp/compare/v0.2.7...cmd/harp/v0.2.8

v0.2.7

2 years ago

FEATURES:

  • bundle/from:
    • read a HCL bundle descriptor to generate the binary bundle. #114
  • bundle/patch:
    • support --stop-at-rule-index=<int> and --stop-at-rule-id=<string> flags for bundle patch to stop patch evaluation before requested rule identifier or index. #112
    • --ignore-rule-id and --ignore-rule-index flags to ignore matching rules during bundle patch evaluation. #112
  • bundle/selector:
    • support regoFile to load a Rego filter policy from a file. #111
    • cel query language #111
      • p.match_label(globstring, globstring) can be used to match label key and value
      • p.match_annotation(globstring, globstring) can be used to match annotation key and value

DIST:

  • go: Build with Golang 1.17.7.
  • go-boring: Build with Golang 1.17.7b7.

cmd/harp/v0.2.7

2 years ago

What's Changed

Full Changelog: https://github.com/elastic/harp/compare/v0.2.6...cmd/harp/v0.2.7

v0.2.6

2 years ago

What's Changed

Full Changelog: https://github.com/elastic/harp/compare/v0.2.5...v0.2.6

cmd/harp/v0.2.6

2 years ago

2022-02-07

FEATURES:

  • template/engine:
    • isodate time formatter to RFC3389 date format.
  • bundle/pipeline:
    • Support custom input reader and output writer. #105
  • bundle/selector:
    • support glob for package path and secret key matcher. #110
    • support rego policy for bunde filter command and BundlePatch selector. #106
    • support cel expressions used in BundleRuleSet for package matchers in bundle filter command and BundlePatch selector. #109
  • sdk/value:
    • support age encryption as value transformer. #102
    • support deterministic authenticated encryption value transformers. #103
    • support additional data for AEAD/DAE transformers. #104
    • DAE transformers can be initialized using an optional salt to derive different keys from the transformer key. #104

DIST

  • go: Build with Golang 1.17.6.
  • build/ci
    • Add SLSA Level 1 - Provenance generation step for binaries.
    • Add Snyk as code / dependencies scanner via SARIF.
    • Add Trivy dependencies scanner via SARIF.

Full Changelog: https://github.com/elastic/harp/compare/v0.2.5...cmd/harp/v0.2.6

v0.2.5

2 years ago

What's Changed

Full Changelog: https://github.com/elastic/harp/compare/v0.2.4...v0.2.5