Release Notes
Added
- Support for encrypting keys stored on the Hashicorp K/V secret engine with transit engine.
Vault always encrypts its K/V entries with encryption keys managed internally by Vault. Now, users can specify a transit key,
that KES uses to encrypt K/V values before sending them to Vault. This gives users control over which key is used to encrypt
the keys generated and stored by KES (on Vault). Ref: server-config.yaml#L243
Changed
- The Go version has been updated to Go 1.21.3.
- KES internals have been refactored. Among other things KES now uses structured logging. Refer #403 to for details.
What's Changed
- update Go from
1.21.1to1.21.3and go mod dep by @aead in #402 - vault: add support for transit-encrypted K/V by @aead in #404
- refactor KES API and internals by @aead in #403
- cmd: fix regression on server address handling by @aead in #405
Full Changelog: 2023-10-03T00-48-37Z...2023-10-24T20-26-51Z