Releases: dotMage/dotmage
Releases · dotMage/dotmage
Release list
v2.0.0
Added
- Team mode: invite colleagues with their own master passwords over a shared vault.
dmage user invite/list/role/rm,dmage auth --invite <token>,dmage whoami.
Invitations are one-time sealed tokens (the server cannot open them); roles
(owner/editor/viewer) are enforced server-side. Requires dotmage-server with
DOTMAGE_MODE=team. - Offboarding chain:
dmage user rmdeletes the member's key wraps, revokes their
devices and offers a key rotation on the spot — the safe path is the default path.
Changed
- Solo setups are untouched: with a solo-mode server (the default) nothing about team
mode is visible, and existing accounts migrate to a "team of one" automatically.
Security
- A removed member's cached key stops decrypting anything pushed after the chained
rotation. Rotate the secret values they saw and destroy pre-rotation backups — the
docs offboarding runbook covers both.
v1.4.0
Added
dmage rotate-key— re-encrypt every revision with a fresh Account Key (spec Appendix L).
Client-driven, resumable after interruption, key generations tracked per blob. Requires
dotmage-server with therotationfeature.
Security
- Closes the documented v1 gap "a leaked Account Key decrypts all history forever":
rotation makes old cached keys useless for anything pushed after it. Note: backups
taken before a rotation remain decryptable by the old key — destroy or re-encrypt them
when rotating after a device compromise.
v1.3.0
Added
- Store any file, not just
.env— DataGrip XML, kubeconfig, JSON (dmage init dbconf --file dataSources.xml). The file name/format travel inside the encrypted payload
(server never sees them);pull/pushuse the stored name automatically;diff
adapts to the format;execclearly refuses non-env apps. Non-env apps require this
version on all devices; existing.envapps are untouched. - Multiple servers (work/personal):
dmage server add/map/list/rm/use/rename, global
--server <name>,DOTMAGE_SERVERenv var. Project directories map to servers in the
global config (like gitincludeIf) — commands pick the right server from your CWD.
Single-server setups are unaffected; legacy configs migrate automatically. - App name defaults to the current directory name:
dmage pushwith no arguments. dmage lock --all/dmage logout --all— act on every configured server.dmage upgrade— self-update from GitHub releases: verifiesSHA256SUMS, sanity-checks
the new binary, replaces itself atomically.--check,--version,--force,-y.
Homebrew/cargo installs get a hint to use their package manager instead.
Changed
- Pushing an empty
.env(0 keys, including comments-only files) now fails with an error.
Pass--allow-emptytodmage push/dmage initif intentional.
Security
- Release binaries ship with a
SHA256SUMSasset;dmage upgraderefuses releases
without it.
v1.2.1
v1.2.0
v1.1.0
v1.0.4
v1.0.3
v1.0.2
Latest build
Автоматическая сборка из main. Скачай бинарник для своей платформы.