v3.0.0

IMPORTANT NOTES

• The AWS Secrets Manager Agent is now the AWS Workload Credentials Provider. The provider now supports automated retrieval and deployment of certificates from AWS Certificate Manager (only supported on Amazon EC2 and on-premises hosts) in addition to retrieval of secrets from AWS Secrets Manager.
• AWS Secrets Manager HTTP behavior remains identical. Starting up the Secrets Manager provider now requires calling aws_workload_credentials_provider asm start instead of aws_secretsmanager_agent. All other ASM functionality remains the same. Refer to the README for more information and setup instructions.

Changes

• Add harden-runner to all workflows. by @simonmarty in #208
• Update dependencies by @simonmarty in #210
• Add ACM (AWS Certificate Manager) test environment variables to CI workflow by @i-am-SR in #214
• Add ACM provider and update crate names by @robertgodfrey in #215
• fix: Shorten Linux user/group names by @i-am-SR in #218

New Contributors

• @robertgodfrey made their first contribution in #215

Full Changelog: v2.1.0...v3.0.0

v2.1.0

What's Changed

• docs: update README.md by @ThirdEyeSqueegee in #102
• Fix Permissions reference link in README file by @FavourAdekola in #104
• chore: add cargo-deny action by @ThirdEyeSqueegee in #107
• fix(cache-metrics): increment/reset logic, use relaxed ordering by @ThirdEyeSqueegee in #109
• Improve code coverage accuracy by @simonmarty in #114
• Update len() to take an immutable reference. by @simonmarty in #111
• chore: add 0BSD to cargo-deny, update deps by @ThirdEyeSqueegee in #120
• fix: use OIDC for Codecov by @ThirdEyeSqueegee in #124
• feat: add integration test foundation with basic secret retrieval tests by @reyhankoyun in #125
• Revert "feat: add integration test foundation with basic secret retrieval" by @reyhankoyun in #128
• Revert the revert: bring back integration test foundation by @reyhankoyun in #130
• Create codeql.yml by @reyhankoyun in #133
• Optimize Docker builds with native ARM64 runners by @reyhankoyun in #132
• Add integration tests workflow by @reyhankoyun in #136
• Update README guidance to depend on git tags when building from source. by @simonmarty in #134
• Fix integration test region mismatch by @reyhankoyun in #142
• Fix code formatting with cargo fmt by @reyhankoyun in #143
• Add integration tests for cache behavior, version management, and cross-account access by @reyhankoyun in #145
• Finalize integ test suite by @reyhankoyun in #148
• Bump the dependencies group across 1 directory with 14 updates by @dependabot[bot] in #151
• Add benchmark workflow by @reyhankoyun in #153
• Bump time from 0.3.46 to 0.3.47 by @dependabot[bot] in #161
• Fix TTL error message to reflect valid range 0-3600 by @vaibhav61 in #167
• chore: improve PR template by @i-am-SR in #171
• Bump aws-lc-fips-sys from 0.13.11 to 0.13.13 by @dependabot[bot] in #177
• Update dependencies by @simonmarty in #178
• Bundle GitHub action major version updates by @simonmarty in #180
• Bump the dependencies group with 7 updates by @dependabot[bot] in #182
• Remove actions-rs/toolchain, cache dependencies by @simonmarty in #187
• Drop the fips feature by @simonmarty in #179
• Add permissions to the docker workflow by @simonmarty in #188
• Add file-based credential support by @reyhankoyun in #192
• Add benchmark regression detection with github-action-benchmark by @reyhankoyun in #191
• Bump aws-smithy-mocks from 0.1.3 to 0.2.6 by @dependabot[bot] in #186
• Bring back the FIPS feature at compile time by @derik01 in #198
• Revert file-based credential support by @reyhankoyun in #201
• Add role-chaining support for accessing secrets via IAM role assumption by @derik01 in #203
• Add pre-fetching support for warming the secret cache at startup by @derik01 in #204
• Bump minor version for release by @derik01 in #205

New Contributors

• @FavourAdekola made their first contribution in #104
• @reyhankoyun made their first contribution in #125
• @vaibhav61 made their first contribution in #167
• @i-am-SR made their first contribution in #171
• @derik01 made their first contribution in #198

Full Changelog: v2.0.0...v2.1.0

v2.0.0

What's Changed

• feat: debug logging for cache metrics by @ThirdEyeSqueegee in #98
• chore: remove prefer-post-quantum flag, bump project version by @ThirdEyeSqueegee in #97

Full Changelog: v1.2.1...v2.0.0

v1.2.1

What's Changed

• Bump docker/build-push-action from 3 to 6 by @dependabot in #45
• Pin to rustls version 0 by @simonmarty in #93

Full Changelog: v1.2.0...v1.2.1

v1.2.0

NOTE: This release includes a minor update for a versioning error in the previous release (v1.1.0) which caused the agent to report its current version as v1.0.1 instead of v1.1.0.

• NEW: The agent can now be built with two new feature flags that improve security posture:
  • prefer-post-quantum: enables post-quantum key exchange by making X25519MLKEM768 the highest-priority key exchange algorithm.
  • fips: restricts the cipher suites used by the agent to only FIPS-approved ciphers.
• NEW: A new config option, log_to_file, can be used to control whether the agent writes logs to a file (default) or to stdout/stderr. Setting this option tofalse allows the agent to work correctly with journald when running the agent as a systemd service.

What's Changed

• Group GH actions & Docker dependabot updates by @simonmarty in #71
• Update Cargo.lock by @simonmarty in #76
• Added Config Parameter to control STS check on startup by @gnaikrah in #70
• Provide a feature to prefer post quantum key exchange. by @simonmarty in #78
• feat: FIPS support by @ThirdEyeSqueegee in #83
• chore: bump project version by @ThirdEyeSqueegee in #90
• feat: add console logging support by @ThirdEyeSqueegee in #87

New Contributors

• @gnaikrah made their first contribution in #70
• @ThirdEyeSqueegee made their first contribution in #83

Full Changelog: v1.1.0...v1.2.0

v1.1.0

NOTE: We recommend upgrading to the latest release (v1.2.0) as this release includes a versioning error which causes the agent to report its current version as v1.0.1 instead of v1.1.0

What's Changed

• Group minor version updates by @simonmarty in #39
• Add Dockerfile by @simonmarty in #19
• Add build instructions for Windows by @simonmarty in #49
• make lambda section more clear by @rstevens011 in #59
• fix typo by @rstevens011 in #62
• Correct cache_size and ttl_seconds in README to match actual behavior by @simonmarty in #60
• Adding cache refresh logic with new URL RefreshNow parameter by @crus-umich in #65

New Contributors

• @rstevens011 made their first contribution in #59
• @crus-umich made their first contribution in #65

Full Changelog: v1.0.1...v1.1.0

v1.0.1

What's Changed

• Documentation update by @ecraw-amzn in #10
• Fix Cargo.toml metadata by @simonmarty in #14
• Add code owners and test coverage by @simonmarty in #15
• Lambda extension example script instructions by @ecraw-amzn in #21
• Add caching library README and associated constructors by @simonmarty in #13
• Minor fixes to agent installation by @StevenEmelander in #24
• Follow on-screen instructions by @simonmarty in #27
• Add AWS_CONTAINER_AUTHORIZATION_TOKEN as default value for SSRF_ENV_VARIABLES by @dhinakk in #28
• Serve cache on transient errors by @benjaminkz in #34
• Fixed typo in README : aws-secrets-manager-agent to aws_secretsmanager_agent by @dhinakk in #35
• Fix deprecated command line argument by @simonmarty in #37

New Contributors

• @ecraw-amzn made their first contribution in #10
• @StevenEmelander made their first contribution in #24
• @dhinakk made their first contribution in #28
• @benjaminkz made their first contribution in #34

Full Changelog: https://github.com/aws/aws-secretsmanager-agent/commits/v1.0.1

v1.0.0

Full Changelog: https://github.com/aws/aws-secretsmanager-agent/commits/v1.0.0