Skip to content

v0.46.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 25 Jun 15:15
· 5 commits to main since this release
v0.46.0
93258da
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Terrapod is a free, open-source platform replacement for Terraform Enterprise. This release extends passwordless cloud-IAM authentication to the Redis/Valkey connection.

Highlights

  • Cloud-IAM Redis/Valkey authentication — connect the platform cache with no static auth string, using the API pod's existing cloud workload identity. Opt in via api.config.redis.auth_mode: aws_iam (AWS ElastiCache, IRSA — SigV4-presigned connect token), gcp_iam (GCP Memorystore, WIF — OAuth2 token), or azure_ad (Azure Cache for Redis — Microsoft Entra token). A fresh token is minted per connection via a redis-py credential provider, offloaded to a worker thread so the event loop is never blocked. TLS (rediss://) is required and enforced at startup — IAM tokens never traverse a plaintext connection. Static auth-string Redis (the default) is unchanged.

Status

Beta — production-ready for the documented surface. Cloud-IAM Redis auth should be validated against your IAM-enabled cache in staging before switching production off the static auth string. AWS additionally requires an ElastiCache User in IAM mode and elasticache:Connect on the API IRSA role.

Full Changelog: v0.45.1...v0.46.0

Assets 32
Loading