- move away from sha1 since they are not supported anymore on all distributions
- fix tests on various platforms and newer ruby versions
- introduce hooks for set and delete actions
- support more moneta versions (#78) - Thank you jcharaoui
- Fix issue with passing down expires to vault (#79) - Thank you Steffy Fort
- Don't require openssl Gem and make sure we don't regress on JRuby
- moved from travis ci to github actions (#73) - Thank you Georg-g
- Support expire in vault (#71) - Thank you Steffy Fort
- Syntax improvements (#70) - Thank you Steffy Fort
- Add SCRAM-SHA-256 postgres support (#69) - Thank you Steffy Fort
- Support destroying and entry to properly clean up in vault (#68) - Thank you Steffy Fort
- Support search with vault backend (#67) - Thank you Steffy Fort
- Add wireguard format (#65) - Thank you Jonas Genannt
- Expand search path for sample config - Thank you Anarcat
- Add vault backend (#61) - Thank you Steffy Fort
- Add sshkey format similar to the OpenSSL - Thank you Raphaël Rondeau
- format/x509 allow to render 'publickeyonly' (#62) - Thank you Thomas Weißschuh
- Add a method to search for keys and list all formats of a key (#49) - Thank you - Steffy Fort
- Proper return code on cli (#57) - Thank you Steffy Fort
- expand search path for sample config file to fix autopkgtest (#64) - Thank you anarcat
- drop support for ruby < 2.7 & update dependencies
- skip self-signed cert verification test on newer openssl version (#63)
- Fix reseting passwords when using SSL encryption (#52)
- Add open method to be able to immediately close a trocla store after using it - thanks martinpfeiffer
- Add typesafe charset - thanks hggh
- Support cost option for bcrypt
- address concurrency corner cases, when 2 concurrent threads or even processes are currently calculating the same (expensive) format.
- parse additional options on cli (#39 & #46) - thanks fe80
- Add extended CA validity profiles
- Make it possible to define keyUsage
- Bugfix to render output correctly also on an already existing set
- Fix tests not working around midnight, due to timezone differences
- New Feature: Introduce a way to render specific formats, mainly this allows you to control the output of a specific format. See the x509 format for more information.
- New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
- New feature expiration: Make it possible that keys can have an expiration. See the expiration section for more information.
- Increase default password length to 16.
- Add a console safe password charset. It should provide a subset of chars that are easier to type on a physical keyboard.
- Fix a bug with encryptions while deleting all formats.
- Introduce pluggable stores, so in the future we are able to talk to different backends and not only moneta. For testing and inspiration a simple in memory storage backend was added.
- CHANGE: moneta's configuration for
adapter
&adapter_options
now live under store_options in the configuration file. Till 0.3.0 old configuration entries will still be accepted. - CHANGE: ssl_options is now known as encryption_options. Till 0.3.0 old configuration entries will still be accepted.
- Improve randomness when creating a serial number.
- Add a new charset: hexadecimal
- Add support for name constraints within the x509 format
- Clarify documentation of the set action, as well as introduce
--no-format
for the set action.
- CHANGE: Self signed certificates are no longer CAs by default, actually they have never been due to a bug. If you want that a certificate is also a CA, you must pass
become_ca: true
to the options hash. But this makes it actually possible, that you can even have certificate chains. Thanks for initial hint to Adrien Bréfort - Default keysize is now 4096
- SECURITY: Do not increment serial, rather choose a random one.
- Fixing setting of altnames, was not possible due to bug, till now.
- Add extended tests for the x509 format, that describe all the internal specialities and should give an idea how it can be used.
- Add cli option to list all formats
- fix storing data longer that public Keysize -11. Thanks Timo Goebel
- add a numeric only charset. Thanks Jonas Genannt
- fix reading key expire time. Thanks asquelt
- Supporting encryption of the backends. Many thanks to Thomas Gelf
- Adding a windows safe password charset
- change from sha1 signature for the x509 format to sha2
- Fix an issue where shellsafe characters might have already been initialized with shell-unsafe characters. Plz review any shell-safe character passwords regarding this problem. See the fix for more information. Thanks asquelt for the fix.
- be sure to update as well the moneta gem, trocla now uses the official moneta releases and supports current avaiable versions.
- Options for moneta's backends have changed. For example, if you are using the yaml-backend you will likely need to change the adapter option
:path:
to:file:
to match moneta's new API. - IMPORTANT: If you are using the yaml backend you need to migrate the current data before using the new trocla version! You can migrate the datastore by using the following two sed commands:
sed -i 's/^\s\{3\}/ /' /PATH/TO/trocla_data.yaml
&&sed -i '/^\s\{2\}value\:/d' /PATH/TO/trocla_data.yaml
. - SECURITY: Previous versions of trocla used quite a simple random generator. Especially in combination with the puppet
fqdn_rand
function, you likely have very predictable random passwords and I recommend you to regenerate all randomly generated passwords! Now!