Skip to content

v0.3.0

Choose a tag to compare

View all tags
@denerFernandes denerFernandes released this 09 May 20:49
· 41 commits to master since this release
v0.3.0
3c85f97

Features
AES-256-GCM at-rest encryption for stored passwords — Passwords saved through the dashboard are encrypted before being written to SQLite when TURBINEPROXY_SECRET_KEY (64-char hex) is set. On-disk format: enc:<base64url(nonce || ciphertext)>. Existing plaintext values and env:/file: references continue to work without migration.

External secret references (env: / file:) — Any password field in TOML or SQLite now accepts env:VAR (reads environment variable) or file:/path (reads file, trims whitespace) in addition to literal values. The actual secret never touches SQLite.

server_version per listener — Configure the version string sent to clients in the initial handshake independently per port. [mysql] defaults to "8.0.36-TurbineProxy"; [pgsql] defaults to "16.0". Useful when migrating to/from Aurora, Cloud SQL, or MariaDB without changing applications that depend on the version string.

Per-rule fast_forward — In addition to the global listener-level fast-forward mode, individual [[query_rules]] now support fast_forward = true. Only queries matching that rule bypass the full pipeline (fingerprinting, routing, cache, RYOW, N+1 detection, SQL injection protection, analytics). All other traffic retains full observability.

Per-rule qps_limit — Rate-limit the number of queries per second a rule forwards to the backend using a token bucket. Short bursts are absorbed immediately; sustained traffic above the limit is rejected with an error. 0 or omit = unlimited.

Per-rule dry_run — Mark a rule as dry_run = true to log matches without applying routing. Match statistics appear normally in the dashboard. Enables safe rule validation in production before going live.

Per-backend max_connections — Cap the maximum number of open connections to each primary or replica independently via the max_connections field in [[shared.replicas]] or [[shared.primary]].

PROXY Protocol v2 — Full support for the binary PROXY Protocol v2 format in [mysql.proxy_protocol] and [pgsql.proxy_protocol], in addition to the existing v1 (text) support.

Performance
Lookup table in query classifier — Query intent classification (SELECT, INSERT, UPDATE, …) now uses a compile-time 256-entry uppercase lookup table, eliminating per-query heap allocations in the hot path.
Dashboard
Query rules form now includes a Fast forward toggle alongside QPS limit and Dry run.
Rules table has a new Fast-fwd column with a visual indicator.
Documentation
README: feature table updated to reflect all new capabilities.
reference.md: dry_run, qps_limit, fast_forward added to [[query_rules]]; server_version added to [mysql] and [pgsql].
query-routing.md: new sections — Dry Run, Rate Limiting, and Per-Rule Fast Forward.
fast-forward.md: new Per-Rule Fast Forward section with a comparison table (global vs. per-rule).

Assets 2
Loading