Skip to content

v0.7.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 Jun 14:58
· 52 commits to main since this release
v0.7.0
This tag was signed with the committer’s verified signature.
CybotTM Sebastian Mendel
SSH Key Fingerprint: NOxv8dcZlMFz3wrLdHILVNSnF6xskqAjN3bnn0i7K30
Verified
Learn about vigilant mode.
a139c01
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

Vault Analytics — a new backend module that helps administrators keep the vault tidy. It shows usage KPIs (total, expired, frontend-accessible and never-rotated secrets, plus read activity for the selected window) and, most usefully, a redaction-candidates table that flags secrets which appear unused and may be safe to remove. Candidates are graded into delete-candidates (never read, not read for a configurable period, or expired) and review-candidates (revealed by hand but never read by automation; never rotated). Automated reads are counted separately from manual reveals, so a secret used only through manual workflows is not mistaken for dead. A 30/90/180/365-day window drives the signals, and each flagged secret links straight to its edit view. Thresholds are configurable in the extension settings.

Demo data for development — the new vault:seed-demo command fills a development instance with realistic, historic secrets and a matching audit-log history, so the Analytics module has lifelike data to explore. It is idempotent, refuses to run in Production, and reseeds with --force.

TYPO3 14.3 LTS — the v14 line now targets 14.3 LTS (^13.4 || ^14.3). The 14.0–14.2 sprint releases are no longer supported.

Reliability — secret listings and rotation loops now skip malformed (non-string) identifier rows instead of injecting a bogus empty identifier.

Full details — including the developer-facing tooling and documentation changes — are in the changelog.

Installation

composer require netresearch/nr-vault

Publication status

Security

All release artifacts are signed with Sigstore keyless signing.

Verify signatures

cosign verify-blob \
  --bundle nr-vault-0.7.0.zip.sigstore.json \
  --certificate-identity-regexp "https://github.com/netresearch/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  nr-vault-0.7.0.zip

Verify checksums

sha256sum -c checksums.txt

Software Bill of Materials (SBOM)

SBOMs are provided in both SPDX and CycloneDX formats for supply chain transparency.

Assets 12
Loading