20 Jan 08:34

Zenithar

fec450f

v0.1.7

Harp v0.1.7 - https://github.com/elastic/harp

Changes

Go toolchain constraints updated to [1.15.6, 1.15.7]
os/exec vulnerability mitigation - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3115 (not disclosed yet)
Fix container reader usage for bundle diff/dump
Dependencies have been updated
Tools have been updated (rebuild tools base image via mage docker:tools)
errorwrapping is now fixed and enforced by linter
CodeQL is executed on each PR + main
Snyk vulnerability scan for dependency is executed on each PR + main

Reference(s)

Assets 2

20 Jan 07:28

Zenithar

cmd/harp/v0.1.7

fec450f

cmd/harp/v0.1.7

Go 1.15.7

Assets 9

20 Jan 07:32

Zenithar

cmd/harp-server/v0.1.7

fec450f

cmd/harp-server/v0.1.7

Go 1.15.7

Assets 9

17 Dec 13:37

Zenithar

cmd/harp/v0.1.6

bbdc5a2

cmd/harp/v0.1.6

Changes

CSO
- Add global region alias to support region unbounded secrets
- Add local provider to infrastructure ring

Assets 9

17 Dec 13:45

Zenithar

cmd/harp-server/v0.1.6

bbdc5a2

cmd/harp-server/v0.1.6

Changes

harp server vault
- Support --transformer keyName:key where key is generated from harp keygen to expose a transformer as a Vault Transit encryption backend.

Samples

Expose transformers using Vault Transit backend API.

harp server vault \
  --transformer fernet:$(harp keygen fernet) \
  --transformer aes-256:$(harp keygen aes-256) \
  --transformer secretbox:$(harp keygen secretbox)

You can use vault cli to encrypt or decrypt a secret :

$ export VAULT_ADDR=http://127.0.0.1:8200
$ vault write transit/encrypt/<keyName> plaintext=$(base64 <<< "my secret data")
Key           Value
---           -----
ciphertext    vault:v1:66hL0lIX0lXHFD6sDsl07ztaDStDrJLL7mKGei3zlups6cllARcUec7P4kg4JaA23AEqkNNGqg==

Then to decrypt :

$ export VAULT_ADDR=http://127.0.0.1:8200
$ vault write -format=json transit/decrypt/secretbox ciphertext=vault:v1:66hL0lIX0lXHFD6sDsl07ztaDStDrJLL7mKGei3zlups6cllARcUec7P4kg4JaA23AEqkNNGqg== \
    | jq -r ".data.plaintext" \
    | base64 -D
my secret data

This does not pretend to replace a full-featured Vault cluster, just expose using Vault compatible API a limited set of features at the bootstrap time during a deployment usable with Vault CLI, while Vault cluster is not deployed yet.
Once deployed, VAULT_ADDR just need to point to real Vault cluster at showtime.

Assets 9

10 Dec 10:43

Zenithar

cmd/harp/v0.1.5

f14c2ac

cmd/harp/v0.1.5

Changes

Secret value is encoded using a compound ASN.1 sequence to allow future improvements;
Vault support nested JSON value inserted via UI only, but not via CLI => Harp enforces simple secret key/value as 'string => string' to prevent nested secret tree where the user should dispatch secret across the secret tree. This produces an error on vault import, this error is now logged;

Assets 9

10 Dec 10:55

Zenithar

cmd/harp-server/v0.1.5

f14c2ac

cmd/harp-server/v0.1.5

Align to v0.1.5

Assets 9

05 Dec 16:17

Zenithar

cmd/harp/v0.1.4

9407e9c

cmd/harp/v0.1.4

Golang 1.15.6

Assets 9

05 Dec 16:26

Zenithar

cmd/harp-server/v0.1.4

9407e9c

cmd/harp-server/v0.1.4

Golang 1.15.6

Assets 9

25 Nov 11:35

Zenithar

cmd/harp/v0.1.3

7528eaf

cmd/harp/v0.1.3

OSS

Assets 9

Releases: elastic/harp

v0.1.7

Changes

Reference(s)

Uh oh!

cmd/harp/v0.1.7

Uh oh!

cmd/harp-server/v0.1.7

Uh oh!

cmd/harp/v0.1.6

Changes

Uh oh!

cmd/harp-server/v0.1.6

Changes

Samples

Uh oh!

cmd/harp/v0.1.5

Changes

Uh oh!

cmd/harp-server/v0.1.5

Uh oh!

cmd/harp/v0.1.4

Uh oh!

cmd/harp-server/v0.1.4

Uh oh!

cmd/harp/v0.1.3

Uh oh!