New Features
Sudo Password Support (#315, fixes #313)
- Added secure sudo password handling through multiple methods:
- Task-level
sudo_passwordoption in playbooks - Integration with Spot's secrets management system
- Support for
--sudo-passwordCLI flag for ad-hoc commands
- Task-level
- Passwords are never exposed in logs or command output
Interactive Password Input (#315)
- spot CLI: Interactive prompt for secrets key when not provided via flag or environment variable
- spot-secrets: Interactive prompt for encryption/decryption key when not provided
- Secure password input using terminal masking (no echo)
- Automatic detection of terminal vs piped input
- All entered passwords are automatically masked in logs
Line Command (#310)
- New
linecommand type for file line manipulation- Add lines to files at specific positions
- Remove lines from files by content or line number
- Replace lines in files
- Useful for configuration file management
Improvements
- Enhanced secrets handling with secure password input using golang.org/x/term
- Secrets key is no longer required via flag/env - can be entered interactively
- Added comprehensive documentation for variable expansion behavior (fixes #256)
- Better security through password masking in all output
Maintenance
- Updated Dependabot configuration to reduce noise from automatic PRs (#272)
- Updated GitHub Actions dependencies (#288)
- Various dependency updates
Documentation
- Added detailed explanation of variable expansion in README
- Updated security notes for sudo_password feature
- Enhanced playbook schema documentation
This release focuses on improving security and usability with interactive password support, sudo password handling, and the new line command for file manipulation. The interactive password feature makes Spot more user-friendly while maintaining security best practices.
Full Changelog: v1.17.2...v1.18.0