Skip to content

@mtibben mtibben released this Sep 25, 2020 · 7 commits to master since this release

Fixed

  • AWS User ARN parsing in the Yubikey create script #660
  • broken file backend returned aes.KeyUnwrap(): integrity check failed #663

Added

  • Support for sts_regional_endpoints in the aws config file or via the AWS_STS_REGIONAL_ENDPOINTS env var #662
Assets 11

@mtibben mtibben released this Sep 14, 2020 · 15 commits to master since this release

Added

  • release binaries for ppc64le arm7 and android

Fixed

  • DNS resolution on android #647
Assets 11

@mtibben mtibben released this Sep 11, 2020 · 22 commits to master since this release

Fixed

  • an issue where ISO-8601 datetime formats were not compatible with the Java SDK #657
  • formatting of a depreciation message #653
Assets 8

@mtibben mtibben released this Sep 2, 2020 · 27 commits to master since this release

See the full changelog

Added

  • Support for AWS SSO #549 docs
  • Support for Yubikey TOTP #558 docs
  • A shell script for adding a Yubikey to IAM #559
  • aws-vault exec --ecs-server starts an ECS credential server offering many advantages over the EC2 metadata server #556 #375 docs
  • Debug http logging for the server #330
  • Support for setting the secret service collection with --secret-service-collection #539
  • Support for assume roles using OpenID Connect tokens #587
  • A native windows prompt wincredui #613
  • A pass MFA provider that reads from pass otp #640
  • aws-vault proxy --stop will stop the ec2 server proxy and remove the network alias. Fixes #548, #360
  • A new command aws-vault clear [<profile>] to remove short-term session credentials and OIDC tokens #644 #591 #412
  • The environment variable AWS_MIN_TTL will enforce a minimum expiry time on credentials #646

Fixed

  • Ensure all error messages go to stderr #565
  • Using a key with a slash with the file backend 99designs/keyring#69
  • Login hang when using an unknown profile #575 #545
  • Shell completion issues #408, #576
  • Parse Windows netsh error messages in German #610
  • The aws-vault executable location should now be detected correctly in more instances. Fixes #596
  • Use the expiry window when retrieving credentials from the key store to enforce a minimum expiry time #608

Changed

  • Config variable parent_profile renamed to include_profile. The old parent_profile still works for backwards compatibility #520 #560 docs
  • Credentials created with AssumeRole and MFA are now cached #569 (Fixes #552, #532, #525)
  • Profile names are now case-sensitive #570 #528 7262236
  • The proxy command is now aws-vault proxy. This command is not user facing, but the old server subcommand still works just in case for backwards compatibility #627
  • When secret keys are added with aws-vault add, the secret is no longer echoed back into the terminal #625
  • The --sessions-only flag has been deprecated from the remove command in favour of aws-vault clear. The old flag still works for backwards compatibility
Assets 8
You can’t perform that action at this time.