Vault 1.2.0 Beta1 发布,私密信息管理工具

栏目: 软件资讯 · 发布时间: 5年前

内容简介:Vault 1.2.0 Beta1 发布,Vault 是秘密访问私密信息的工具,可以帮你管理一些私密的信息,比如 API 密钥,密码,验证等等。Vault 提供一个统一的接口来访问所有隐私信息,同时提供严格的访问控制和记录详细的审计...

Vault 1.2.0 Beta1 发布,Vault 是秘密访问私密信息的工具,可以帮你管理一些私密的信息,比如 API 密钥,密码,验证等等。Vault 提供一个统一的接口来访问所有隐私信息,同时提供严格的访问控制和记录详细的审计日志。

Vault 1.2.0 Beta1 发布,私密信息管理工具

一个现代化系统需要访问多种多样的隐私信息:数据库凭证,外部服务 API 密钥;面向服务架构通讯验证等等。那么知道谁在什么时候访问了这些隐私信息是重要的,Vault 就提供了这些功能,可以安全的存储所有隐私信息,同时也能记录所有隐私信息的访问状况。

Vault 主要特性:

  • 安全存储

  • 动态密码

  • 数据加密

  • 租用和更新

  • 撤销

新版本包含大量的改动,详细列表如下:

CHANGES:

  • auth/token: Token store roles use new, common token fields for the values that overlap with other auth backends. periodexplicit_max_ttl, and bound_cidrs will continue to work, with priority being given to the token_ prefixed versions of those parameters. They will also be returned when doing a read on the role if they were used to provide values initially; however, in Vault 1.4 if period or explicit_max_ttl is zero they will no longer be returned. (explicit_max_ttl was already not returned if empty.)
  • Due to underlying changes in Go version 1.12 and Go > 1.11.5, Vault is now stricter about what characters it will accept in path names. Whereas before it would filter out unprintable characters (and this could be turned off), control characters and other invalid characters are now rejected within Go's HTTP library before the request is passed to Vault, and this cannot be disabled. To continue using these (e.g. for already-written paths), they must be properly percent-encoded (e.g. \r becomes %0D\x00 becomes %00, and so on).
  • The user-configured regions on the AWSKMS seal stanza will now be preferred over regions set in the enclosing environment. This is a breaking change.
  • All values in audit logs now are omitted if they are empty. This helps reduce the size of audit log entries by not reproducing keys in each entry that commonly don't contain any value, which can help in cases where audit log entries are above the maximum UDP packet size and others.
  • Both PeriodicFunc and WALRollback functions will be called if both are provided. Previously WALRollback would only be called if PeriodicFunc was not set. See GH-6717 for details.
  • Vault now uses Go's official dependency management system, Go Modules, to manage dependencies. As a result to both reduce transitive dependencies for API library users and plugin authors, and to work around various conflicts, we have moved various helpers around, mostly under an sdk/ submodule. A couple of functions have also moved from plugin helper code to the api/ submodule. If you are a plugin author, take a look at some of our official plugins and the paths they are importing for guidance.

FEATURES:

  • Combined DB credential rotation: Alternative mode for the Combined DB Secret Engine to automatically rotate existing database account credentials and set Vault as the source of truth for credentials.
  • Identity Tokens: Vault's Identity system can now generate OIDC-compliant ID tokens. These customizable tokens allow encapsulating a signed, verifiable snapshot of identity information and metadata. They can be use by other applications—even those without Vault authorization—as a way of establishing identity based on a Vault entity.
  • Pivotal Cloud Foundry plugin: New auth method using Pivotal Cloud Foundry certificates for Vault authentication.
  • ElasticSearch database plugin: New ElasticSearch database plugin issues unique, short-lived ElasticSearch credentials.
  • New UI Features: An HTTP Request Volume Page and new UI for editing LDAP Users and Groups have been added.
  • HA support for Postgres: PostgreSQL versions >= 9.5 may now but used as and HA storage backend.
  • KMIP secrets engine (Enterprise): Allows Vault to operate as a KMIP Server, seamlessly brokering cryptographic operations for traditional infrastructure.

IMPROVEMENTS:

  • auth/jwt: A JWKS endpoint may now be configured for signature verification [JWT-43]
  • auth/jwt: bound_claims will now match received claims that are lists if any element of the list is one of the expected values [JWT-50]
  • auth/jwt: Leeways for nbf and exp are now configurable, as is clock skew leeway [JWT-53]
  • auth/kubernetes: Allow service names/namespaces to be configured as globs [KUBEAUTH-58]
  • auth/token: Add a large set of token configuration options to token store roles [GH-6662]
  • identity: Allow a group alias' canonical ID to be modified
  • namespaces: Namespaces can now be created and deleted from performance replication secondaries
  • replication: Client TLS authentication is now supported when enabling or updating a replication secondary
  • secrets/database: Cassandra operations will now cancel on client timeout [GH-6954]
  • storage/postgres: LIST now performs better on large datasets [GH-6546]
  • ui: KV v1 and v2 will now gracefully degrade allowing a write without read workflow in the UI [GH-6570]
  • ui: Many visual improvements with the addition of Toolbars [GH-6626], the restyling of the Confirm Action component [GH-6741], and using a new set of glyphs for our Icon component [GH-6736]
  • ui: Lazy loading parts of the application so that the total initial payload is smaller [GH-6718]
  • ui: Tabbing to auto-complete in filters will first complete a common prefix if there is one [GH-6759]
  • ui: Removing jQuery from the application makes the initial JS payload smaller [GH-6768]

BUG FIXES:

  • auth/aws: Fix a case where a panic could stem from a malformed assumed-role ARN when parsing this value [GH-6917]
  • auth/aws: Fix an error complaining about a read-only view that could occur during updating of a role when on a performance replication secondary [GH-6926]
  • auth/jwt: Fix a regression introduced in 1.1.1 that disabled checking of client_id for OIDC logins [JWT-54]
  • auth/jwt: Fix a panic during OIDC CLI logins that could occur if the Vault server response is empty [JWT-55]
  • identity: Fix a case where modifying aliases of an entity could end up moving the entity into the wrong namespace
  • namespaces: Fix a behavior (currently only known to be benign) where we wouldn't delete policies through the official functions before wiping the namespaces on deletion
  • ui: Fix timestamp on some transit keys [GH-6827]

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

数字民主的迷思

数字民主的迷思

[美] 马修·辛德曼 / 唐杰 / 中国政法大学出版社 / 2015-12-25 / CNY 39.00

马修·辛德曼著的《数字民主的迷思》主要讨论互联网对美国政治的影响,聚焦的是“民主化”这一课题。针对公众关于网络民主的美好想象与过分狂热,它通过对在线竞选、链接结构、流量模式、搜索引擎使用、博客与博主、内容生产的“规模经济”等主题的深入处理,借助大量数据图表与分析,勾勒出互联网政治的种种局限性。尤其表明,网络政治信息仍然为一小群精英与机构所创造和过滤,在网络的每一个层次和领域都仍然遵循着“赢家通吃”......一起来看看 《数字民主的迷思》 这本书的介绍吧!

RGB转16进制工具
RGB转16进制工具

RGB HEX 互转工具

MD5 加密
MD5 加密

MD5 加密工具

HEX HSV 转换工具
HEX HSV 转换工具

HEX HSV 互换工具