Skip to content

tuck v1.36.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 Jun 20:17
· 1 commit to main since this release
v1.36.0
3bd4737

Changelog

  • 472081c: Milestone 20: LDAP/AD Auth + Azure Key Vault Seal (@NAGenaev)
  • fd3203c: Milestone 21: AWS Dynamic Secrets Engine (@NAGenaev)
  • e19b5f2: Milestone 22: GCP Dynamic Secrets Engine (@NAGenaev)
  • e0d0b1b: Milestone 23: Azure Dynamic Secrets Engine (@NAGenaev)
  • 0beb04c: Milestone 24: Response Wrapping (@NAGenaev)
  • 798f1be: Milestone 25: Cubbyhole Engine (@NAGenaev)
  • ca5dc73: Milestone 26: Token Accessor (@NAGenaev)
  • 01d71aa: Milestone 27: Policy Deny Rules (@NAGenaev)
  • 333097a: Milestone 28: Renewable Tokens with MaxTTL (@NAGenaev)
  • 152367c: Milestone 29: Token MaxUses + Global Analysis + ROADMAP v1.0 Plan (@NAGenaev)
  • 00ed638: Milestone 30 (SEC/QA): security audit → v1.0-rc gate (@NAGenaev)
  • 2718271: Milestone 30: External Group Aliases (@NAGenaev)
  • af8d3bf: Milestone 30: UI Auth Methods + Dynamic Secrets + Leases (@NAGenaev)
  • 7b501fa: Milestone 31+32: UI Crypto Engines + CLI completeness (@NAGenaev)
  • 7c7bea7: Milestone 33: OPS-6 config file + Getting Started guide (@NAGenaev)
  • aa5084c: Milestone 34: QA-2 load testing (Go benchmarks + k6 script) (@NAGenaev)
  • a58edda: SEC-1: hash token IDs in bbolt storage keys (@NAGenaev)
  • 2a9e4d0: feat(api): full OpenAPI 3.0.3 specification (v1.31.0) (@NAGenaev)
  • 2953edf: feat(approle): v1.10.0 — bound CIDRs, secret-ID metadata, options API (@NAGenaev)
  • d1faf58: feat(audit): Audit Log Streaming - v1.3.0 (@NAGenaev)
  • ce04de5: feat(audit): file audit sink with rotation (v1.23.0) (@NAGenaev)
  • a1e00b0: feat(auth): GitHub Actions OIDC auth UI tab (v1.7.0) (@NAGenaev)
  • 2f5e845: feat(cli): audit enable-file command + usage section (v1.27.0) (@NAGenaev)
  • 82f3420: feat(cli): tuckcli identity commands (@NAGenaev)
  • 0dd9fdd: feat(cli): vault-to-tuck migration commands (v1.25.0) (@NAGenaev)
  • 69aa51c: feat(csi): complete CSI provider packaging for v1.6.0 (@NAGenaev)
  • c0e3743: feat(csi): key expansion, configurable mode, NodeGetVolumeStats (v1.28.0) (@NAGenaev)
  • 38f3692: feat(hardening): v1.9.0 — rate limiting, MaxBody middleware, GET/PUT /v1/sys/config (@NAGenaev)
  • 4feb6e3: feat(kv): KV v1 secret TTL & metadata (v1.13.0) (@NAGenaev)
  • 49b59ee: feat(lease): lease renewal — extend dynamic credential TTLs (v1.21.0) (@NAGenaev)
  • 8f2df21: feat(lease): unified dynamic-credential lease manager (v1.14.0) (@NAGenaev)
  • dab4611: feat(mount): per-mount tuning configuration (v1.18.0) (@NAGenaev)
  • 9c4f43c: feat(mount): secret engine mount table (v1.15.0) (@NAGenaev)
  • a13be9a: feat(namespace): Namespace isolation — v1.2.0 (@NAGenaev)
  • 2bf32ae: feat(observability): v1.8.0 — version package, enriched health, richer metrics (@NAGenaev)
  • cd09419: feat(plugin): plugin catalog (v1.16.0) (@NAGenaev)
  • e839e8a: feat(policy): sentinel policies & fine-grained ACL (v1.20.0) (@NAGenaev)
  • 0fe30e8: feat(policy): v1.12.0 — namespace-scoped policies with root inheritance (@NAGenaev)
  • 738093a: feat(ratelimit): wire rate limiter middleware into HTTP server (v1.22.0) (@NAGenaev)
  • d42f373: feat(replication): WAL-based replication foundation (v1.17.0) (@NAGenaev)
  • ce51327: feat(sdk): v1.7.0 — complete SDK client coverage (@NAGenaev)
  • e52af20: feat(sdk+terraform): complete Go SDK and Terraform provider (v1.35.0) (@NAGenaev)
  • 46aed2c: feat(seal): M19 — AWS KMS + GCP Cloud KMS seal backends (v0.19.0) (@NAGenaev)
  • ee42760: feat(terraform): Terraform provider for Tuck (v1.29.0) (@NAGenaev)
  • 6f1bb74: feat(terraform): expand provider to KV v2, token roles, AppRole, namespaces (v1.34.0) (@NAGenaev)
  • cd64192: feat(token): v1.11.0 — period tokens, orphan tokens, tree revocation (@NAGenaev)
  • ce92fe7: feat(token-roles): Token Roles — v1.2.1 (@NAGenaev)
  • d73e879: feat(ui): KV path explorer, value masking, persistent login (v1.32.0) (@NAGenaev)
  • b5ee7f5: feat(ui): KV v2, Response Wrapping, Cluster pages — v1.2.2 (@NAGenaev)
  • 5d4fb4a: feat(ui): major UX improvements — auto-load, hints, templates, copy buttons (@NAGenaev)
  • eeac2af: feat(ui): mounts, plugins, replication pages + KV TTL/metadata (v1.19.0) (@NAGenaev)
  • 08bd56d: feat: Entity & Identity system (v1.1 foundation) (@NAGenaev)
  • 8298da4: feat: v1.4.0 - UI completeness, mlockall, audit rotation (@NAGenaev)
  • 299772e: feat: v1.5.0 - CSI Node Driver (secrets.tuck.io) (@NAGenaev)
  • 2307d15: feat: v1.6.0 - GitHub Actions OIDC Auth (@NAGenaev)
  • 1b6aaf0: fix(ci): GOTOOLCHAIN=local for golangci-lint go1.25 compat; copy-only Dockerfiles for goreleaser (@NAGenaev)
  • 0106500: fix(ci): golangci-lint v2.1.6 for go1.25 compat; exclude gosec G704,G706 false positives (@NAGenaev)
  • e159b40: fix(ci): install golangci-lint v2 via go install to use local go1.25 toolchain (@NAGenaev)
  • 0df1d26: fix(ci): upgrade to golangci-lint-action@v7 for golangci-lint v2 support (@NAGenaev)
  • 04822ac: fix(kv): hierarchical LIST — folders end with /, relative names only (@NAGenaev)
  • 62df7a8: fix(lint): add golangci.yml errcheck exclusions for test files and common patterns (@NAGenaev)
  • 7e2f599: fix(lint): correct golangci.yml v2 format with single-quoted regexes (@NAGenaev)
  • 83f2478: fix(lint): fix 3 more Body.Close in chaos_test.go and seal/transit.go (@NAGenaev)
  • 3bd4737: fix(lint): fix all remaining errcheck violations — Body.Close across test and prod files (@NAGenaev)
  • 43b2774: fix(lint): fix all remaining errcheck/unused violations in test and production code (@NAGenaev)
  • a528d09: fix(lint): fix final 8 errcheck violations (@NAGenaev)
  • 1628da7: fix(lint): fix last 3 defer resp.Body.Close() in jwt/jwks.go, csi/driver.go, azure.go (@NAGenaev)
  • 72249d3: fix(lint): fix remaining 24 errcheck/staticcheck violations (@NAGenaev)
  • e84adb2: fix(lint): suppress errcheck on Body.Close and test setup calls (@NAGenaev)
  • 86e3601: fix(lint): suppress errcheck on test setup calls across all test files (@NAGenaev)
  • c780f7e: fix(lint): switch to v1 config format, fix all production errcheck/unused violations (@NAGenaev)
  • 5525c8e: fix(lint): text-based exclusions in golangci.yml; fix S1005 and controller.go (@NAGenaev)
  • 1f643f7: fix(lint): try issues.exclude-rules for test files; fix ldap.go:410 (@NAGenaev)
  • e10ed74: fix(lint): v2 exclusions.rules for test files; fix ldap conn.Close errcheck (@NAGenaev)
  • 39fd9cf: fix(ui): promote kvListAt/kvShowSecret to global scope; add lab results (@NAGenaev)
  • 47b2912: fix(ui): redirect / to /ui/ so browser URL opens the dashboard (@NAGenaev)
  • 8159296: test(fuzz): fuzz tests for security-critical parsers (v1.24.0) (@NAGenaev)
  • 072c5b0: test(github-auth): store unit tests + API login edge case tests (@NAGenaev)
  • 5bbd8fe: test(soak,chaos): nightly soak and chaos CI tests (v1.26.0) (@NAGenaev)

Docker images

docker pull ghcr.io/nagenaev/tuck:1.36.0
docker pull ghcr.io/nagenaev/tuck-operator:1.36.0

Verify checksums

cosign verify-blob \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  checksums.txt

Contributors

NAGenaev
Assets 21
Loading