0.6.0

Changelog

• 98026fb Fix gitignore and add version CLI command
• 8fbddf0 Update to ko action v0.7
• 9857671 Update ldflags field in goreleaser Makefile
• 0fa10c3 Update Makefile LDFLAG
• 4e86727 Update Makefile
• 8d36530 Add LDFlags in ko in goreleaser and change base image and repo env var
• ecce7df Merging by hand with meld modifications from lousion77/k8s-kms-plugin-fork
• bac7f2e feature : aes-cbc then hmac for tpm2 (ThalesGroup#37)
• 68806ed Merge pull request ThalesGroup#36 from howardjohn/patch-1
• cd14b9b Make Istio client compatible with grpc 1.42+
• ed9f7fe Merge pull request ThalesGroup#35 from hoskeri/injector-script
• b79a72c Thales Plugin Injector
• b3b28f9 Merge pull request ThalesGroup#34 from hoskeri/no-pkcs11-panic
• 67e8897 Don't Panic on PKCS11 errors
• 133b6d3 Merge pull request ThalesGroup#33 from thalescpl-io/luna_fips_mode_fix
• 0e195f0 Updating modules and adding Luna compatibility (entails setting GCMIVFromHSM to false for SoftHSM use)
• a46126e Merge pull request ThalesGroup#28 from hoskeri/whitespace-fix
• e1e1c76 Merge pull request ThalesGroup#29 from thalescpl-io/fix_k8s_kms_registration
• adf6109 Removing default unary interceptor block (from testing)
• a7b353d Only overriding keyID in UnaryInterceptor if both keyid and keyringid fields are empty
• 6a7e774 removing debug
• 3f1a80e fmt
• 360fb87 Moving away from using the kek wrapper functions
• 3efd32e Modifying service name for compatibility
• dd706be Initial fixes - still some duplication and inefficiency
• a6e5a76 remove whitespace from P11_PIN_FILE
• b230e0a Merge pull request ThalesGroup#25 from thalescpl-io/verify_cert_chain_improvements
• 4e443ea resolving test certificate expiry errors and re-formatting
• cdbdf4b Merge pull request ThalesGroup#24 from thalescpl-io/verify_cert_chain_improvements
• c762a3d Additional behavior for verifying cert chains - now handles the cases of: 1) a single cert being provided, where the root is used from the HSM; 2) a cert is provided along with a root (and possibly intermediates) - this results in the provided chain being verified followed by the root being compared against the one in the CA; 3) an intermediate CA being supplied along with the end certificate - this results in the intermediate-end chain being verified initially and then verified against the CA from the HSM
• 72051fb Merge pull request ThalesGroup#22 from thalescpl-io/rev_gose
• 6e2ddde revved to gose 0.8.2
• 7fe562d removed left over debug
• 3660ce1 Merge pull request ThalesGroup#19 from justinpettit/decrypt-csr
• 35c0419 Merge pull request ThalesGroup#20 from thalescpl-io/version_response
• fb9ba40 version #
• bd4a042 implementing /version for k8s
• 97db3f6 cmd: Use "hsm-plugin-server.sock" for socket name.
• 12e0840 import-ca: Rename command and minor cleanups.
• a5dfb83 test: Clean ups.
• f851c06 cmd: Add verify-cert command.
• 6240ff6 cmd: Add decrypt-csr and generate-kek commands.
• 23c69f0 set ca_id to be unique in test suite
• 11f938c fixed cmd params
• 1ba2977 fixed unit test
• 2093f0b made ca_id unique
• 43142b6 refactored import ca request
• de83269 Merge pull request ThalesGroup#18 from thalescpl-io/import_cert_mods
• 29cd50f adding a minor comment
• 51266ff Implementing verify ca cert chain using HSM-stored cert
• 07a8597 Breaking change, re-applying the verify cert chain calls
• b72fee7 Initial changes including re-using the provided KekKid for storing the CA cert in the HSM
• 868cf7a Merge pull request ThalesGroup#17 from thalescpl-io/import_cert
• 67e7848 import ca cli feature complete
• b16ca31 import CA unit test work
• ccd3c62 adding command and api
• b5f41f4 Merge pull request ThalesGroup#16 from myidpt/prod
• ed6c793 Add prod Dockerfile and enable loading PIN from file.
• 880a4f4 Merge pull request ThalesGroup#15 from thalescpl-io/using_wrapped_dek_instead_of_kek_directly
• c4870cd Moving to use wrapped DEK in authenticatedcrypt instead of KEK directly
• b2feefe merged in and regenned
• 984c1d6 Merge pull request ThalesGroup#14 from justinpettit/kekkid
• 6473309 Istio: Use []byte instead of string for KEK ID in Auth Encrypt/Decrypt.
• 78ca142 revved to gose 0.8.1
• e4e6997 Merge pull request ThalesGroup#12 from thalescpl-io/auth_enc_iv_and_tag_in_JWE
• 6732927 Merge pull request ThalesGroup#11 from myidpt/boringssl
• 8e78237 Merge branch 'master' into boringssl
• 1b462e2 Clean up Dockerfile
• deb0ba8 Simplifying AuthenticatedEncryptResponse and AuthenticatedEncryptRequest so that the IV and auth_tag fields are no longer used (bundled inside the JWE ciphertext)
• f503c71 Make FIPS compliant.
• 9156570 Merge pull request ThalesGroup#8 from thalescpl-io/auth_enc
• 3d6d8e6 try skaffold
• 68f8016 merged in master, and resolved conflicts
• c2e67a6 remvoed est
• a312303 Revert "clean up"
• 1ed1167 clean up
• cb237b3 Merge pull request ThalesGroup#10 from justinpettit/sek
• f3accca Merge pull request ThalesGroup#9 from justinpettit/pkcs1
• 305b5f0 Remove last references to SEK.
• b0540c3 p11: Use PEM type "RSA PRIVATE KEY" for PKCS ThalesGroup#1 encoding.
• 9de555e cleaned up more skey references
• 5b0b105 removed old ca code
• c5266db JWE based crpto for AE and AD operations
• 7f211b4 removed more sek references
• bd44f7a Merge pull request ThalesGroup#7 from justinpettit/skey
• 1e4e7f4 Merge pull request ThalesGroup#6 from justinpettit/perms
• facaa45 Merge pull request ThalesGroup#5 from justinpettit/test-fix
• e9b91f4 test: Remove last SEK references.
• 984e79f serve:go: Set socket file permissions to 0775.
• e9fe915 test: Fix build issues.
• b1f919f removed unused test from suite
• 6857c7d removed unused test from suite
• d086897 refactored and implemented 2.2 of API spec
• 7301653 committing dns
• a1c2e2b refactored, to compile
• 638c5da mirrored KEK gen/destroy in Istio from KMS
• 66cc853 Split out non-istio APIs to the GP KMS api
• 51cc4dc updated documentation for quick start
• 493af32 ca find/load is failing
• 4484c7e renamed ca methods to be consistant with other formats
• 9b76a54 signcsr from test suite
• effc963 signcsr
• e5acf97 generate CA before signcsr
• d03d836 protos
• 2c21307 removed old protos
• fad893c added GenRootCA
• 4c26f3d adding cakey and signcsr starters
• 7e20fad logrus-filename for debug for now
• b1d35d3 generatesek working
• 7085da6 checking current implementation and test flow
• 0b45cf6 fixed server params for p11 config
• 8392c4b removed urary blocker as we now have a socket working from test to server
• 11d8412 removed native provider as it's depreciated for softhsm2
• 7e05b27 added loop exit
• 4137981 loop test for easier debuging and iteration
• 2771fba added standalone arch
• ddf9bce socket only now
• 5579866 generateSEK added
• bb5dd78 Some comments
• e9a1f94 GenerateDEK unit test passed
• aef58ee added some basics on tooling for the dev env
• 4f1bd97 ca clean up
• 97a99eb updated generated code
• a16dd23 corrected API doc, and lots of EST work
• 2b913c1 trying to get proper param in flags
• 0f067e1 goflags
• 3c14c25 swapping around mains
• 42d3142 pruning up
• a7a014b allow any
• a8cb18e logger
• 42f4aa7 enroll work
• fe79cf7 clean lint
• 427fc78 est mTLS works, but too well
• ae57b5d added healthy check for est
• 3ed0842 Merge pull request ThalesGroup#1 from justinpettit/patch-1
• 93ca6ad grpc healthy, working on est and enrolling
• d42184d README.md: Fix typo.
• 6011fff estclient
• 470730e commiting it all
• 2afc490 minikube dev friendly
• 9a8cc21 bootstrapping
• 9883182 p11 ca
• 95587f3 clean up
• 1a9e1dc est server and plantuml
• a6e6eb6 adding est server
• bde3573 adding est server
• e34623f adding docker to gcr.io/thalescpl-io for consistancy
• 30dd405 added apis
• 0bafc22 refactor socket and server code
• 1cc80aa hander cleanup
• 51586cd adjusting for Istio/CA use case
• d96b78e going for generate key
• 1148cac first commit

Thanks to all contributors!