Release Notes
Added
- Proton Pass provider that stores secrets in a Proton Pass vault via the
proton-pass CLI. Configured as protonpass://<vault>; items are
organized per project / profile and read / write both go through the
CLI.
Fixed
- OnePassword provider: the auth preflight now probes
op vault list instead
of op whoami. Under the 1Password desktop app's delegated-session
integration, op whoami reports account is not signed in even when
op item get / op vault list work fine — so every secret read or write
failed at preflight with a misleading "not signed in" error. op vault list exercises the actual access path and succeeds when the desktop app
can serve secrets. Additionally, OP_SESSION_* environment variables
(left over from eval $(op signin)) are now stripped before spawning
op so a stale shell session can't shadow the desktop integration. Auth
failure and install hints now point users at desktop integration as the
primary local-dev path. Fixes
#80.
- Vault / OpenBao provider: HTTPS requests now trust certificates from the
operating system trust store (and honor SSL_CERT_FILE / SSL_CERT_DIR),
so servers fronted by a private / internal CA work without modification.
Previously the bundled webpki-roots set was the only trust anchor and any
non-public CA produced Failed to connect to Vault ... error sending request. Switches the reqwest workspace dependency from rustls-tls to
rustls-tls-native-roots. Fixes
#85.
Install secretspec 0.10.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/cachix/secretspec/releases/download/v0.10.0/secretspec-installer.sh | sh
Download secretspec 0.10.0
