Boundary enables identity-based access management for dynamic infrastructure.
boundary aliases create target -value example.boundary -destination-id ttcp_1234567890
and connect to a target using an alias using boundary connect example.boundary
netbsd operating system. Please refer to the following documentation to learn how to create a storage bucket.citext dependency added to enable aliases to be globally unique in
a case insensitive way.coalesce can be used to match a
template against multiple possible values, returning the first non-empty
value. As an example, this can be used in a credential library to allow a
username value that might be comprised of a name or login name depending on
the auth method, e.g. {{ coalesce .Account.Name .Account.LoginName}}
(PR))/v1/billing:monthly-active-users and new cli command,
boundary billing monthly-active-users that can be used to view the monthly
active user counts.kms worker method has been
removed. Since 0.13.0, unless the use_deprecated_kms_auth_method value was
set on the worker config, the new kms mechanism was already being used; this
is simply no longer an available option.grant_scope_id field on roles is now deprecated in favor of the multiple
grant scope support.id field in grants has changed to ids
which allows multiple ids to be included; existing grants submitted to
Boundary will continue to work, but grants using "id" can no longer be added
to or set on a role.max_page_size.
The Admin UI, CLI and api package automatically paginate results.this, children (global/org only) to apply to all
direct children of a scope, and descendants (global only) to apply to all
descendants of a scope. These use the new actions add-grant-scopes,
set-grant-scopes, and remove-grant-scopes on roles. For now the
grant_scope_id field on roles will continue to be able to be set, which will
set a single grant scope, but this capability is now deprecated.read, update, and delete have been added. These
allow operating on resources by directly specifying the ID of the resource as
the next parameter (e.g. boundary update ttcp_1234567890). Subtypes do not
need to be specified (e.g. that command is equivalent to boundary targets update tcp -id ttcp_1234567890), and any flags given after the ID are passed
through to the type-specific subcommand. Once the ID has been entered,
autocomplete is also supported.
(PR)key_id parameter within SSH Certificate Credential Libraries now accepts
the use of templated parameters
(PR)max_page_size for controlling the default and max size
of pages when paginating through results.search has been added allowing quick searching of targets or
sessions. It utilizes a client side cache also added in this release. The
client side cache starts itself automatically in the background when successfully
executing any command that communicates with a Boundary controller. To disable
the client cache from starting automatically set the
BOUNDARY_SKIP_CACHE_DAEMON environment variable or pass the
-skip-cache-daemon flag when running a command that may start it.
Commands daemon start, daemon stop, daemon status, and daemon add-token
were added to help manage the cache. The cache does not currently work with
Boundary instances that require the use of client side certs.Update go-kms-wrapping/extras/kms dependency to allow external wrappers without a key id to be used within a KMS config stanza. Note: this fix allows GCP KMS keys to be again with Boundary, which had stopped working in v0.13.0. (PR)
Two Vault client settings were not being properly used when constructing a Vault client. (PR)
The TLS Skip Verify setting was only being set if a CA Cert was also
configured. This fix sets the TLS Skip Verify when configured regardless of
other settings.
The TLS Server Name setting was never being set. Bad programmers. This fix
now sets it on the Vault client if the Vault Credential Store has been
configured to use a value for this setting.