hashicorp/boundary v0.10.0

on GitHub

0.10.0 (2022/08/10)

Known Issues

• Migration to this version may fail if the cluster contains credential
  libraries. This will be fixed shortly in 0.10.1.

New and Improved

• ssh Target Type With Credential Injection (HCP Boundary only): Boundary has
  gained a new ssh target type. Using this type, username/password or SSH
  private key credentials can be sourced from vault credential libraries or
  static credentials and injected into the SSH session between a client and
  end host. This allows users to securely SSH to remote hosts while never being
  in possession of a valid credential for that target host.
• SSH Private Key Credentials: There is now an ssh_private_key credential type
  that allows submitting a username/private key (and optional passphrase) to
  Boundary for use with credential injection or brokering workflows.
• boundary connect ssh Credential Brokering Enhancements: we have extended
  support into the boundary connect ssh helper for brokered credentials of
  ssh_private_key type; the command will automatically pass the credentials to
  the ssh process (PR).
• boundary authenticate, boundary accounts: Enables use of env:// and
  file:// syntax to specify location of a password
  (PR)

Bug Fixes

• cli: Correctly cleanup plugins after exiting boundary dev, boundary server
  and boundary database init
  (Issue,
  PR).
• boundary accounts change-password: Fixed being prompted for confirmation of
  the current password instead of the new one
  (PR)

Deprecations/Changes

• API Module: Changed the return types that reference interfaces into their
  expected typed definition. Type casting is only allowed against interface
  types, therefore to mitigate compiler errors please remove any type casting
  done against the return values.
  (Issue,
  PR)
• Targets: Rename Application credentials to Brokered credentials
  (PR).
• Host plugins: Plugin-type host catalogs/sets/hosts now use typed prefixes for
  any newly-created resources. Existing resources will not be affected.
  (PR)
• Credential stores: Static-type credential stores/credentials now use typed
  prefixes for any newly-created resources. Existing resources will not be
  affected. (PR)
• Change of behavior on -token flag in CLI: Passing a token this way can
  reveal the token to any user or service that can look at process information.
  This flag must now reference a file on disk or an env var. Direct usage of the
  BOUNDARY_TOKEN env var is also deprecated as it can show up in environment
  information; the env:// format now supported by the -token flag causes the
  Boundary process to read it instead of the shell so is safer.
  (PR)
• Change of behavior on -password flag in CLI: The same change made above for
  -token has also been applied to -password or, for supporting resource
  types, -current-password and -new-password.
  (PR)