Change log
Added
- Support for a
SECRETLESS_HTTP_CA_BUNDLEenvironment variable that specifies the path to a CA cert bundle and enables users to configure Secretless with additional CA certificates for server cert verification when using HTTP connectors. (PR #1180) - TLS support for the Secretless-to-server connections of the MSSQL connector. This is the recommended way to secure this connection and achieves feature parity with other TLS connectors. (#1163, #1164, #1165)
- MSSQL connector supports SSL host name verification with
verify-fullSSL mode. Also adds optionalsslhostconfiguration parameter that is compared to the server's certificate SAN. (#1199)
Fixed
- PostgreSQL connector log messages were updated to improve formatting, fixing a previous issue where the log messages were improperly formatted and were garbled in the logs. (PR #1192)
Security
- TCP connectors all automatically zeroize the connection credentials in memory after successfully opening a connection; previously, credentials were only zeroized in memory on error. (#1188)