v1.1.0
Welcome to the next release of VaulTLS. It includes a few nice quality of life improvements and important dependency updates.
Add support for CRLs in PEM format
Some reverse proxies such as Nginx require the Certificate Revocation List (CRL) to be in PEM format (default is DER binary format). Add an option to the API and front end to specify which format you want to download your CRL as.
For the API access PEM CRLs as follows: /api/certificates/ca/<id>/crl?format=pem/
Add env variables to reset password
So far it was not (easily) possible to change the password of any user that forgot their password. Starting with this release you can specify a VAULTLS_ACCOUNT_EMAIL and VAULTLS_ACCOUNT_PASSWORD to change someones password (password can also be specified as a secret file if desired). VaulTLS will handle this during start up and then exit. It is not possible to properly run VaulTLS with these env variables set.
Improve TLS CA and certificate properties
When using mTLS with Authentik, it requires certain extensions to be set in the CAs and certificates used (RFC 5280). Namely the CA extension must be set as critical for CAs. Furthermore the Subject Key Indentifier (SKI) and Authority Key Identifier (AKI) extensions must be set. Since VaulTLS uses a very basic key hierarchy with no CAs besides the root CA, this is not super important, but necessary to comply. Thank you @XPvf16Cjgg3brCH1qFzT for your PR (#152) to improve this!
Add env variable to use non secure cookies
I am a strong advocate that VaulTLS should be setup behind a reverse proxy to handle HTTPS. In release 1.0.0 I therefor added the secure property for any authentication cookies which tells browsers to not send back the authentication cookie on a non-secure connection (i.e. requiring HTTPS). However, for users that run VaulTLS without it, this made it difficult to login, since the browser will query authenticated API endpoints without including the session cookie. While not advised, I added an env variable VAULTLS_INSECURE which must be set to true to disable the secure property.
Update dependencies
This release also contains a few dependency updates for packages that contained some exploits such as ones for Vite, picomatch and yaml.