Release Notes
Release 2024-02-29T08-12-28Z adds a new HMAC server API, introduces a new and more efficient ciphertext format and contains bug fixes for prometheus metrics.
Added
- The KES server provides the
/v1/key/hmac/<key-name>API can be used to compute a deterministic checksum over a message. It may
be used to check if a message has been modified. The HMAC API is only available for newly created keys. Existing keys do not support
this API. - The KES repository contains a Grafana dashboard example that can be used to visualize server metrics.
Changed
- The KES server uses a new ciphertext format when encrypting messages or generating data encryption keys. This format is more efficient since ciphertexts are now ~40% smaller. This reduces network traffic and storage space when requesting and storing many data key ciphertexts. The server is backwards compatible and still accepts previous ciphertext formats. However, it's no longer possible to
downgrade to a version before this release after upgrade to this or any future versions. The reason is that existing KES server versions
don't recognize the new ciphertext format and fail to decrypt it. Hence, this change is backwards but not forward compatible.
What's Changed
- add HMAC API and use KMS secret key crypto by @aead in #433
- add HMAC API test by @aead in #434
- fix: set client CAs for mTLS auth by @lu1as in #437
- ci: fix linter warnings by @aead in #440
- Edit sample YAML config for easier importing to web docs by @feorlen in #442
- fix: return updating http metrics by @DimkaGorhover in #444
- seperating zsh and bash autocomplete by @zveinn in #441
- Added KES grafana dashboard by @shtripat in #447
- update SDK dependency by @aead in #448
- Fix go.sum for release by @donatello in #449
New Contributors
- @feorlen made their first contribution in #442
- @DimkaGorhover made their first contribution in #444
- @zveinn made their first contribution in #441
Full Changelog: 2024-01-11T13-09-29Z...2024-02-29T08-12-28Z