Secret management toolchain

License Go Report Card made-with-Go GitHub release Maintenance

Harp

Harp is for Harpocrates (Ancient Greek: Ἁρποκράτης) the god of silence, secrets and confidentiality in the Hellenistic religion. - Wikipedia

TL;DR.

Harp is a toolset to handle secret data in a reproducible way by providing a way to describe how your value is technically managed and consistently associated to a predictable secret path with additional metadata (ownership, rotation period, leak severity, etc.).

These values (path => value) form a Bundle stored in an immutable file named a Container. This Container acts as a pivot format to allow Harp commands to communicate and create data management pipelines.

In addition to that, it provides a template engine used to generate various secret values (password, passphrase, crypto keys, etc.) but also as a secret consumer, it merges value placeholders from a file content to render a final configuration file.

Finally, it provides an SDK to allow developers to integrate Harp features in their products, and/or extend the Harp pipeline features by creating new plugins.

Why harp?

  • Secret management is in essence a collection of processes that must be auditable, executable and reproducible for infosec and operation requirements;
  • Secret provisioning must be designed with secret rotation as a day one task, due to the fact that secret data must be rotated periodically to keep its secret property;
  • Developers should negotiate secret value for the secret consumer they are currently developing, by the contract based on a path (reference to the secret) and a value specification (for code contract) without the knowledge of the final deployed value;
  • Secret Operators use different set of tools to achieve secret management operation which increases the error/secret exposure probability due to tool count involved in the process (incompatibility, changes, etc.);
  • Without a defined secret naming convention, the secret storage becomes difficult to handle in time (naming is hard) and secret naming could not be helped to get a consistent, reliable and flexible secret tree;
  • Secret storage backend can use various implementations in different environments and should be provisioned consistently.

Use cases

  • If you want to have a single secret value and you are asking yourself how to generate a strong password - Harp has a template engine with secret value generation functions to allow you to generate such values.
  • If you have thousands secrets to handle to deploy your platform/customers on multiple cloud providers with different secret storages - Harp will help you to define consistent secret provisioning bundles and pipelines.
  • If you are in the situation when you need an ephemeral secret storage to bootstrap your long term cloud secret storage - Harp will help you to create secret containers that can be consumed on deployment.
  • If you want to migrate massively your secrets from one secret storage to another - Harp provides you a secret container to store these secrets while they are going to be distributed in other secret storage implementations.
  • If you have to alter/modifiy a secret (rotation/deprecation/renewal) - Harp provides you a GitOps-able secret storage agnostic operation set, so that you can define a specification to describe how your secret operation is going to be applied offline on the secret container.

How does it work?

Secret management Pipeline

Like a Data pipeline but for secret

harp allows you to handle secrets using deterministic pipelines expressed using an atomic series of CLI operations applied to a commonly shared container immutable and standalone filesystem used to store secret collection (Bundle) generated from a template engine via user specification, or external secret value coming from files or external secret storage.

Pipelines

These pipelines use the immutable container filesystem as a data exchange protocol and could be extended for new input, intermediary operation or output via plugins created with the harp SDK.

Immutable transformation

Each applied transformation create a container with transformed data inside. This will enforce container reproducibility by eliminating cumulative side-effects applied to the same container.

The container handles for you the confidentiality and integrity protection applied to the secret collection stored inside and manipulated by copy during the pipeline execution.

What can I do?

New to harp, let's start with onboarding tutorial ! TL;DR - Features overview

Harp provides :

  • A methodology to design your secret management;
    • Secret naming convention (CSO);
    • A defined common language and complete processes to achieve secret management operations;
  • A SDK to create your own tools to orchestrate your secret management pipelines;
    • A container manipulation library exposed as github.com/elastic/harp/pkg/container;
    • A secret bundle specification to store and manipulate secrets exposed as github.com/elastic/harp/pkg/bundle;
    • An on-steroid template engine exposed as github.com/elastic/harp/pkg/template
    • A path name validation library exposed as github.com/elastic/harp/pkg/cso
  • A CLI for secret management implementation
    • CI/CD integration;
    • Based on human readable definitions (YAML);
    • In order to create auditable and reproducible pipelines.
    • An extensible tool which can be enhanced via plugins.

And allows :

  • Bundle level operations
    • Create a bundle from scratch / template / json (more via plugins);
    • Generate a complete bundle using a YAML Descriptor (BundleTemplate) to describe secret and their usages;
    • Read value stored in the K/V virtual filesystem;
    • Update the K/V virtual filesystem;
    • Reproductible patch applied on immutable container (copy-on-write);
    • Import / Export to Vault.
  • Immutable container level operations
    • Seal / Unseal a container for integrity and confidentiality property conservation to enforce at-rest encryption (aes256-gcm96 or chacha20-poly1305);
    • Multiple identities sealing algorithm;

FAQ

  • Is it used internally at Elastic? - Yes. It is used to generate bootstrap secrets used to bootstrap the new region infrastructure components. #ChickenEggProblem

  • Harp is only supporting Vault? - No, it has been published with only vault support builtin, but it supports many other secret storage implementations via plugins.

  • What's the difference with Vault? - Hashicorp Vault is an encrypted highly available K/V store with advanced autorization engine, it doesn't handle secret provisioning for you. You can't ask Vault to generate secrets for your application and store them using a defined logic. Harp is filling this requirement.

License

harp artifacts and source code is released under Apache 2.0 Software License.

Homebrew install

Download a release or build from source.

For stable version

brew tap elastic/harp
brew install elastic/harp/harp

Build instructions

Download a release or build from source.

First time

Check your go version

Only last 2 minor versions of a major are supported.

Harp is compiled with :

$ go version
go version go1.17.2 linux/amd64

Simple go version manager - https://github.com/stefanmaric/g

Install mage

Mage is an alternative to Make where language used is Go. You can install it using 2 different methods.

From source

# Install mage
git clone https://github.com/magefile/mage
cd mage
go run bootstrap.go

From brew formula

brew install mage

Clone repository

git clone [email protected]:elastic/harp.git
# Go to tools submodule
cd harp/tools
# Pull tools sources, compile them and install executable in tools/bin
mage

Daily

export PATH=$HARP_REPO/tools/bin:$PATH
# Build harp in bin folder
mage

Docker

For Tools

You have to build this image once before executing artifact pipelines.

mage docker:tools

For CLI

# or docker image [distroless:static, rootless, noshell]
mage docker:harp
# To execute in the container
docker run --rm -ti --read-only elastic/harp:<version>

Plugins

You can find more Harp feature extensions - https://github.com/elastic/harp-plugins

Community

Here is the list of external projects used as inspiration :

Owner
elastic
elastic
https://github.com/elastic/harp
Comments
  • chore(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0

    chore(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0

    Bumps google.golang.org/protobuf from 1.27.1 to 1.28.0.

    Release notes

    Sourced from google.golang.org/protobuf's releases.

    v1.28.0

    Overview

    The release provides a new unmarshal option for limiting the recursion depth when unmarshalling nested messages to prevent stack overflows. (UnmarshalOptions.RecursionLimit).

    Notable changes

    New features:

    • CL/340489: testing/protocmp: add Message.Unwrap

    Documentation improvements:

    • CL/339569: reflect/protoreflect: add more docs on Value aliasing

    Updated supported versions:

    UnmarshalOption RecursionLimit

    • CL/385854: all: implement depth limit for unmarshalling

    The new UnmarshalOptions.RecursionLimit limits the maximum recursion depth when unmarshalling messages. The limit is applied for nested messages. When messages are nested deeper than the specified limit the unmarshalling will fail. If unspecified, a default limit of 10,000 is applied.

    In addition to the configurable limit for message nesting a non-configurable recursion limit for group nesting of 10,000 was introduced.

    Upcoming breakage changes

    The default recursion limit of 10,000 introduced in the release is subject to change. We want to align this limit with implementations for other languages in the long term. C++ and Java use a limit of 100 which is also the target for the Go implementation.

    Commits
    • 32051b4 all: release v1.28.0
    • 3992ea8 all: implement depth limit for unmarshaling
    • e5db296 all: update supported versions
    • 3a9e1dc all: gofmt all
    • 26e8bcb all: remove unnecessary string([]byte) conversion in fmt.Sprintf with %s
    • 5aec41b testing/protocmp: add Message.Unwrap
    • 05be61f reflect/protoreflect: add more docs on Value aliasing
    • b03064a all: start v1.27.1-devel
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot will merge this PR once CI passes on it, as requested by @fin09pcap.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • [config] Config values are not honored with the command line flag

    [config] Config values are not honored with the command line flag

    What version of Go are you using (go version)?

    $ go version
go version go1.18.1 darwin/arm64

    Does this issue reproduce with the latest release?

    Yes.

    What operating system and processor architecture are you using (go env)?

    go env Output
    $ go env
GO111MODULE=""
GOARCH="arm64"
GOBIN=""
GOCACHE="/Users/fin09pcap/Library/Caches/go-build"
GOENV="/Users/fin09pcap/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="arm64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/fin09pcap/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/fin09pcap/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/Users/fin09pcap/.go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/Users/fin09pcap/.go/pkg/tool/darwin_arm64"
GOVCS=""
GOVERSION="go1.18.1"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/lp/ql182cbs1s55lq4nk5zwg1g00000gn/T/go-build3701245895=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.18.1 darwin/arm64
GOROOT/bin/go tool compile -V: compile version go1.18.1
uname -v: Darwin Kernel Version 21.4.0: Fri Mar 18 00:46:32 PDT 2022; root:xnu-8020.101.4~15/RELEASE_ARM64_T6000
ProductName:	macOS
ProductVersion:	12.3.1
BuildVersion:	21E258
lldb --version: lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)

    What version of Secret are you using (harp version)?

    $ harp version
0.2.10 [main:2022-03-13T16:51:55Z] (Go: go1.17.7 darwin/arm64, Flags: defaults, Date: 2022-03-13T16:59:24Z)

    What did you do?

    harp config new > config.toml 
    $ harp config new > config.toml
$ cat config.toml

###############################
# Debug
###############################
[Debug]

  # allow debug mode
  enable = false

###############################
# Instrumentation
###############################
[Instrumentation]

  # Listen address for instrumentation server
  listen = ":5556"

  # Network class used for listen (tcp, tcp4, tcp6, unixsocket)
  network = "tcp"

  ###############################
  # Diagnotic Settings
  ###############################
  [Instrumentation.Diagnostic]

    # Enable diagnostic handlers
    enabled = false

    # Diagnostic settings
    [Instrumentation.Diagnostic.Config]

      [Instrumentation.Diagnostic.Config.GOPS]

        # Enable GOPS agent
        enabled = false

        # start a gops agent on specified URL. Ex: localhost:9999
        remoteDebugURL = ""

      [Instrumentation.Diagnostic.Config.PProf]

        # Enable PProf handler
        enabled = true

      [Instrumentation.Diagnostic.Config.ZPages]

        # Enable zPages handler
        enabled = true

  ###############################
  # Logs Settings
  ###############################
  [Instrumentation.Logs]

    # Log level: debug, info, warn, error, dpanic, panic, and fatal
    level = "warn"

    Modify the debug settings to true.

    What did you expect to see?

    Debug output is enabled via the command line flag.

    What did you see instead?

    $ harp --config config.toml bundle dump --in test.bundle
Error: unknown flag: --config
Usage:
  harp bundle dump [flags]

Examples:
  # Dump a JSON representation of a Bundle object from STDIN
  harp bundle dump

  # Dump a JSON map containing package name as key and associated secret kv
  harp bundle dump --data-only

  # Dump a JSON map containing package name as key and associated metadata
  harp bundle dump --metadata-only

  # Dump all package paths as a list (useful for xargs usage)
  harp bundle dump --path-only

  # Dump a Bundle using a JMEFilter query
  harp bundle dump --query <jmesfilter query>

  # Dump a bundle content excluding the template used to generate
  harp bundle dump --skip-template

Flags:
      --content-only    Display content only (data-only alias)
      --data-only       Display data only
  -h, --help            help for dump
      --in string       Container input ('-' for stdin or filename)
      --metadata-only   Display metadata only
      --path-only       Display path only
      --query string    Specify a JMESPath query to format output
      --skip-template   Drop template from dump
  • fix: update validator to use human names for IBM regions

    fix: update validator to use human names for IBM regions

    fix: Updates the Validator to support the human friendly names for the IBM Cloud Regions. test: update tests to due to being removed in daf830f02348b7770919ed1ad7a01c3634187d90

    ibmcloud regions --output json
    IBMCLOUD regions 
    [
    {
        "Name": "au-syd",
        "DisplayName": "Sydney"
    },
    {
        "Name": "in-che",
        "DisplayName": "Chennai"
    },
    {
        "Name": "jp-osa",
        "DisplayName": "Osaka"
    },
    {
        "Name": "jp-tok",
        "DisplayName": "Tokyo"
    },
    {
        "Name": "kr-seo",
        "DisplayName": "Seoul"
    },
    {
        "Name": "eu-de",
        "DisplayName": "Frankfurt"
    },
    {
        "Name": "eu-gb",
        "DisplayName": "London"
    },
    {
        "Name": "ca-tor",
        "DisplayName": "Toronto"
    },
    {
        "Name": "us-south",
        "DisplayName": "Dallas"
    },
    {
        "Name": "us-east",
        "DisplayName": "Washington DC"
    },
    {
        "Name": "br-sao",
        "DisplayName": "Sao Paulo"
    }
]

    Signed-off-by: Ben Stickel [email protected]

  • chore(deps): bump github.com/cloudflare/tableflip from 1.2.2 to 1.2.3

    chore(deps): bump github.com/cloudflare/tableflip from 1.2.2 to 1.2.3

    Bumps github.com/cloudflare/tableflip from 1.2.2 to 1.2.3.

    Release notes

    Sourced from github.com/cloudflare/tableflip's releases.

    Allow getting all inherited files

    What's Changed

    Full Changelog: https://github.com/cloudflare/tableflip/compare/v1.2.2...v1.2.3

    Commits
    • b3a0d54 Update notes about the journald bug (#70)
    • 7fb144b Add build constraints for the Go 1.16+ format
    • a4d168b Fix workflow syntax when more than one file fail format check
    • cd67dfb add function to return all inherited files
    • 287e7a4 fix flaky TestFilesAreNonblocking on CI
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @fin09pcap.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • feat(crate): introduce crate concept.

    feat(crate): introduce crate concept.

    Context

    • For me, the secret's management is heavily linked to configuration management. I'm preparing a technical move to migrate to configuration management.
    • Try to break the Vault dependency.
    • Implement the legacy harp registry concept using OCI registry.

    Golden circle

    Why

    • Harmonize configuration deployment to the same way we deploy code.
    • Decouple Vault usages – Harp uses Vault for Bundle storage and secret storage, but Harp bundle lifecycle is not bound to a secret storage, and this usage make Vault as a critical component for harp usages.

    What

    • Harp Bundles contains secret management related information such as labels, annotations, patches, generation templates, validation policies, etc. This information must be securely stored and retrievable.
    • Harp should use a persistent Bundle storage where all resources are embedded in one manageable file structure. This file structure will be called a crate. #YetAnotherContainerSynonym

    How

    • A crate contains one and only one sealed container which can be unsealed by multiple crate consumers.
    • A crate can contain multiple archives (templates, patch, or policy collection)
    • By using OCI registries to store and retrieve crates, we offer a generic way to handle content already used to deploy code. The idea is to ignite a configuration container concept.
    • Reuse code container registry and infrastructure settings (no additional network configuration required to access secret storage).
    • Authentication/Authorization is delegated to the registry implementation.
    • Integrity/Confidentiality properties are controlled by the sealing process and optional pre-sealing value encryption, to decouple the ability to unseal and the ability to read the secret value.
    • Registry event webhooks can be used to trigger external processes (Bundle refresh, etc.).
    • All OCI based tools can be used (replication, signing, notarization, provenance authorization, etc.)

    Use cases

    • Exchange bundles via registry (store the bundle state)
    • Generate final configuration from a crate with a valid identity authorized by encryption to unseal the container and use an attached configuration archive as a template configuration file system. (ie. Act as a kubernetes projected volume provider for configMap)

    Visual overview

    Diagramme sans nom drawio

    Samples

    Sample Cratefile - Used to define the crate OCI layers.

    # Required
container "region-eu" {
    # Path to the container.
    path = "region-eu.bundle"
​
    # Idetities for sealing purpose if the container is not sealed.
    identities = [
        "v1.ipk.7u8B1VFrHyMeWyt8Jzj1Nj2BgVB7z-umD8R-OOnJahE", # Security public key
    ]
}
​
# Optional archive layer
# All files matching the filter will be compressed as a tar.gz and embedded
# in the crate.
archive "production" {
    # Root path from where files are crawled to create the archive.
    root = "./production"
​
    # Include filters.
    includes = [
        "**"
    ]
​
    # Exclude filters.
    excludes = [
        "**.go"
    ]
}

    Build and push the crate

    $ harp crate push --in Cratefile --to registry:ghcr.io/elastic/harp --ref region-boostrap:v1
  • HCL2 to Vault Value Result

    HCL2 to Vault Value Result

    What version of Go are you using (go version)?

    $ go version
go version go1.16 darwin/amd64

    Does this issue reproduce with the latest release?

    What operating system and processor architecture are you using (go env)?

    go env Output
    $ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/efreed/Library/Caches/go-build"
GOENV="/Users/efreed/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/efreed/.gvm/pkgsets/go1.16/global/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/efreed/.gvm/pkgsets/go1.16/global"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/Users/efreed/.gvm/gos/go1.16"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/Users/efreed/.gvm/gos/go1.16/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.16"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/hb/cqz2kv_j6gv66cbzp0pr1zdh0000gn/T/go-build4035214422=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.16 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.16
uname -v: Darwin Kernel Version 20.5.0: Sat May  8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64
ProductName:	macOS
ProductVersion:	11.4
BuildVersion:	20F71
lldb --version: lldb-1205.0.28.2
Apple Swift version 5.4.2 (swiftlang-1205.0.28.2 clang-1205.0.19.57)

    What version of Secret are you using (harp version)?

    $ harp version
cmd/harp/v0.1.17-7-g89a4f9e [main:89a4f9e] (Go: go1.16.6, Flags: defaults, User: golang, Date: 2021-07-13T10:22:48Z)

    What did you do?

    spec.yml

    apiVersion: harp.elastic.co/v1
kind: BundleTemplate
meta:
  name: "test-application-credentials"
  description: "Credentials for a test application"
  owner: [email protected]
spec:
  selector:
    quality: "{{ .Values.quality }}"
    platform: "ess"
    product: "test-application"
    version: "1.0.0"
  namespaces:
    platform:
      - region: "global"
        components:
          - name: "test-application"
            secrets:
              - suffix: "credentials"
                description: "testing credentials"
                template: |-
                  {
                    "cluster_username": "{{ .Values.variable.cluster_username }}"
                  }

    main.tf

    variable "cluster_username" {
  type    = string
  default = "myuser"
}

    harp from bundle-template --in spec.yml  --out - --values main.tf:hcl2 --set quality=qa | harp bundle dump --in - --data-only | jq .
{
  "platform/qa/ess/global/test-application/credentials": {
    "cluster_username": "map[default:myuser type:${string}]"
  }
}

    harp from bundle-template --in spec.yml  --out - --values main.tf:hcl2 --set quality=qa | harp to vault --in - --with-metadata

    What did you expect to see?

    I expected to see a key: cluster_username and value: myuser.

    When trying to read vault from another terraform workspace data.vault_generic_secret..., its unable to handle map[default:myuser type:${string}].

    What did you see instead?

    Screen Shot 2021-07-21 at 10 39 01 AM
  • chore(deps): Bump actions/cache from 3.0.3 to 3.2.1

    chore(deps): Bump actions/cache from 3.0.3 to 3.2.1

    Bumps actions/cache from 3.0.3 to 3.2.1.

    Release notes

    Sourced from actions/cache's releases.

    v3.2.1

    What's Changed

    Full Changelog: https://github.com/actions/cache/compare/v3.2.0...v3.2.1

    v3.2.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0

    v3.2.0-beta.1

    What's Changed

    v3.1.0-beta.3

    What's Changed

    • Bug fixes for bsdtar fallback, if gnutar not available, and gzip fallback, if cache saved using old cache action, on windows.

    Full Changelog: https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3

    ... (truncated)

    Changelog

    Sourced from actions/cache's changelog.

    3.0.3

    • Fixed avoiding empty cache save when no files are available for caching. (issue)

    3.0.4

    • Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

    3.0.5

    • Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

    3.0.6

    • Fixed #809 - zstd -d: no such file or directory error
    • Fixed #833 - cache doesn't work with github workspace directory

    3.0.7

    • Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

    3.0.8

    • Fix zstd not working for windows on gnu tar in issues #888 and #891.
    • Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

    3.0.9

    • Enhanced the warning message for cache unavailablity in case of GHES.

    3.0.10

    • Fix a bug with sorting inputs.
    • Update definition for restore-keys in README.md

    3.0.11

    • Update toolkit version to 3.0.5 to include @actions/core@^1.10.0
    • Update @actions/cache to use updated saveState and setOutput functions from @actions/core@^1.10.0

    3.1.0-beta.1

    • Update @actions/cache on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (issue)

    3.1.0-beta.2

    • Added support for fallback to gzip to restore old caches on windows.

    3.1.0-beta.3

    • Bug fixes for bsdtar fallback if gnutar not available and gzip fallback if cache saved using old cache action on windows.

    3.2.0-beta.1

    • Added two new actions - restore and save for granular control on cache.

    3.2.0

    • Released the two new actions - restore and save for granular control on cache

    3.2.1

    • Update @actions/cache on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (issue)
    • Added support for fallback to gzip to restore old caches on windows.
    • Added logs for cache version in case of a cache miss.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump actions/cache from 3.0.3 to 3.2.0

    chore(deps): Bump actions/cache from 3.0.3 to 3.2.0

    Bumps actions/cache from 3.0.3 to 3.2.0.

    Release notes

    Sourced from actions/cache's releases.

    v3.2.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0

    v3.2.0-beta.1

    What's Changed

    v3.1.0-beta.3

    What's Changed

    • Bug fixes for bsdtar fallback, if gnutar not available, and gzip fallback, if cache saved using old cache action, on windows.

    Full Changelog: https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3

    v3.1.0-beta.2

    What's Changed

    Full Changelog: https://github.com/actions/cache/compare/v3.1.0-beta.1...v3.1.0-beta.2

    ... (truncated)

    Changelog

    Sourced from actions/cache's changelog.

    3.0.3

    • Fixed avoiding empty cache save when no files are available for caching. (issue)

    3.0.4

    • Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

    3.0.5

    • Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

    3.0.6

    • Fixed #809 - zstd -d: no such file or directory error
    • Fixed #833 - cache doesn't work with github workspace directory

    3.0.7

    • Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

    3.0.8

    • Fix zstd not working for windows on gnu tar in issues #888 and #891.
    • Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

    3.0.9

    • Enhanced the warning message for cache unavailablity in case of GHES.

    3.0.10

    • Fix a bug with sorting inputs.
    • Update definition for restore-keys in README.md

    3.0.11

    • Update toolkit version to 3.0.5 to include @actions/core@^1.10.0
    • Update @actions/cache to use updated saveState and setOutput functions from @actions/core@^1.10.0

    3.1.0-beta.1

    • Update @actions/cache on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (issue)

    3.1.0-beta.2

    • Added support for fallback to gzip to restore old caches on windows.

    3.1.0-beta.3

    • Bug fixes for bsdtar fallback if gnutar not available and gzip fallback if cache saved using old cache action on windows.

    3.2.0-beta.1

    • Added two new actions - restore and save for granular control on cache.

    3.2.0

    • Released the two new actions - restore and save for granular control on cache
    Commits
    • c17f4bf GA for granular cache (#1035)
    • ac25611 docs: fix an invalid link in workarounds.md (#929)
    • dc097e3 Update examples.md (#1026)
    • fb86cbf Updated node example (#1008)
    • a57932f Merge pull request #1014 from jongwooo/chore/use-built-in-cache-action
    • 04b13ca chore: Use built-in cache action to cache dependencies
    • 941bc71 Merge pull request #1004 from jongwooo/chore/use-cache-in-check-dist
    • 08d8639 Merge branch 'main' into chore/use-cache-in-check-dist
    • a2f324e Merge pull request #1013 from jongwooo/refactor/use-early-return-pattern-to-a...
    • 35f4702 refactor: Use early return pattern to avoid nested conditions
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump github.com/klauspost/compress from 1.15.1 to 1.15.13

    chore(deps): Bump github.com/klauspost/compress from 1.15.1 to 1.15.13

    Bumps github.com/klauspost/compress from 1.15.1 to 1.15.13.

    Release notes

    Sourced from github.com/klauspost/compress's releases.

    v1.15.13

    What's Changed

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.12...v1.15.13

    v1.15.12

    What's Changed

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.11...v1.15.12

    v1.15.11

    What's Changed

    New Contributors

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.10...v1.15.11

    v1.15.10

    What's Changed

    ... (truncated)

    Commits
    • 6810f22 zstd: Import xxhash v2.2.0 (#708)
    • 0d2a371 zstd: sync xxhash with final accepted patch upstream (#707)
    • a0c1f61 zstd: Select best match using selection trees (#706)
    • 48791b0 zstd: Improve best compression's match selection (#705)
    • e5c6ce2 huff0: Check for zeros earlier in Scratch.countSimple (#704)
    • dfaad36 zstd: Use individual reset threshold (#703)
    • d3349be zstd: Write table clearing in a way that the compiler recognizes (#702)
    • b7c48cb zstd: Rewrite matchLen to make it inlineable (#701)
    • 6efddf2 zstd: Revert #699 (#700)
    • 2878205 zstd: Improve throughput of SpeedBestCompression encoder (#699)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump github.com/klauspost/compress from 1.15.1 to 1.15.12

    chore(deps): Bump github.com/klauspost/compress from 1.15.1 to 1.15.12

    Bumps github.com/klauspost/compress from 1.15.1 to 1.15.12.

    Release notes

    Sourced from github.com/klauspost/compress's releases.

    v1.15.12

    What's Changed

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.11...v1.15.12

    v1.15.11

    What's Changed

    New Contributors

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.10...v1.15.11

    v1.15.10

    What's Changed

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.9...v1.15.10

    v1.15.9

    What's Changed

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.8...v1.15.9

    v1.15.8

    What's Changed

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump oras.land/oras-go from 1.1.1 to 1.2.1

    chore(deps): Bump oras.land/oras-go from 1.1.1 to 1.2.1

    Bumps oras.land/oras-go from 1.1.1 to 1.2.1.

    Release notes

    Sourced from oras.land/oras-go's releases.

    v1.2.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/oras-project/oras-go/compare/v1.2.0...v1.2.1

    v1.2.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/oras-project/oras-go/compare/v1.1.1...v1.2.0

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump github.com/klauspost/compress from 1.15.1 to 1.15.14

    chore(deps): Bump github.com/klauspost/compress from 1.15.1 to 1.15.14

    Bumps github.com/klauspost/compress from 1.15.1 to 1.15.14.

    Release notes

    Sourced from github.com/klauspost/compress's releases.

    v1.15.14

    What's Changed

    New Contributors

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.13...v1.15.14

    v1.15.13

    What's Changed

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.12...v1.15.13

    v1.15.12

    What's Changed

    Full Changelog: https://github.com/klauspost/compress/compare/v1.15.11...v1.15.12

    v1.15.11

    What's Changed

    New Contributors

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump actions/cache from 3.0.3 to 3.2.2

    chore(deps): Bump actions/cache from 3.0.3 to 3.2.2

    Bumps actions/cache from 3.0.3 to 3.2.2.

    Release notes

    Sourced from actions/cache's releases.

    v3.2.2

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/cache/compare/v3.2.1...v3.2.2

    v3.2.1

    What's Changed

    Full Changelog: https://github.com/actions/cache/compare/v3.2.0...v3.2.1

    v3.2.0

    What's Changed

    New Contributors

    ... (truncated)

    Changelog

    Sourced from actions/cache's changelog.

    3.0.3

    • Fixed avoiding empty cache save when no files are available for caching. (issue)

    3.0.4

    • Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

    3.0.5

    • Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

    3.0.6

    • Fixed #809 - zstd -d: no such file or directory error
    • Fixed #833 - cache doesn't work with github workspace directory

    3.0.7

    • Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

    3.0.8

    • Fix zstd not working for windows on gnu tar in issues #888 and #891.
    • Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

    3.0.9

    • Enhanced the warning message for cache unavailablity in case of GHES.

    3.0.10

    • Fix a bug with sorting inputs.
    • Update definition for restore-keys in README.md

    3.0.11

    • Update toolkit version to 3.0.5 to include @actions/core@^1.10.0
    • Update @actions/cache to use updated saveState and setOutput functions from @actions/core@^1.10.0

    3.1.0-beta.1

    • Update @actions/cache on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (issue)

    3.1.0-beta.2

    • Added support for fallback to gzip to restore old caches on windows.

    3.1.0-beta.3

    • Bug fixes for bsdtar fallback if gnutar not available and gzip fallback if cache saved using old cache action on windows.

    3.2.0-beta.1

    • Added two new actions - restore and save for granular control on cache.

    3.2.0

    • Released the two new actions - restore and save for granular control on cache

    3.2.1

    • Update @actions/cache on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (issue)
    • Added support for fallback to gzip to restore old caches on windows.
    • Added logs for cache version in case of a cache miss.

    ... (truncated)

    Commits
    • 4723a57 Revert compression changes related to windows but keep version logging (#1049)
    • d1507cc Merge pull request #1042 from me-and/correct-readme-re-windows
    • 3337563 Merge branch 'main' into correct-readme-re-windows
    • 60c7666 save/README.md: Fix typo in example (#1040)
    • b053f2b Fix formatting error in restore/README.md (#1044)
    • 501277c README.md: remove outdated Windows cache tip link
    • c1a5de8 Upgrade codeql to v2 (#1023)
    • 9b0be58 Release compression related changes for windows (#1039)
    • c17f4bf GA for granular cache (#1035)
    • ac25611 docs: fix an invalid link in workarounds.md (#929)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump oras.land/oras-go from 1.1.1 to 1.2.2

    chore(deps): Bump oras.land/oras-go from 1.1.1 to 1.2.2

    Bumps oras.land/oras-go from 1.1.1 to 1.2.2.

    Release notes

    Sourced from oras.land/oras-go's releases.

    v1.2.2

    What's Changed

    Full Changelog: https://github.com/oras-project/oras-go/compare/v1.2.1...v1.2.2

    v1.2.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/oras-project/oras-go/compare/v1.2.0...v1.2.1

    v1.2.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/oras-project/oras-go/compare/v1.1.1...v1.2.0

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump Zenithar/gh-gomod-generate-sbom from 1.0.1 to 1.0.3

    chore(deps): Bump Zenithar/gh-gomod-generate-sbom from 1.0.1 to 1.0.3

    Bumps Zenithar/gh-gomod-generate-sbom from 1.0.1 to 1.0.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump goreleaser/goreleaser-action from 3 to 4

    chore(deps): Bump goreleaser/goreleaser-action from 3 to 4

    Bumps goreleaser/goreleaser-action from 3 to 4.

    Release notes

    Sourced from goreleaser/goreleaser-action's releases.

    v4.0.0

    What's Changed

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3...v4.0.0

    v3.2.0

    What's Changed

    • chore: remove workaround for setOutput by @​crazy-max (#374)
    • chore(deps): bump @​actions/core from 1.9.1 to 1.10.0 (#372)
    • chore(deps): bump yargs from 17.5.1 to 17.6.0 (#373)

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3.1.0...v3.2.0

    v3.1.0

    What's Changed

    • fix: dist resolution from config file by @​crazy-max (#369)
    • ci: fix workflow by @​crazy-max (#357)
    • docs: bump actions to latest major by @​crazy-max (#356)
    • chore(deps): bump crazy-max/ghaction-import-gpg from 4 to 5 (#360)
    • chore(deps): bump ghaction-import-gpg to v5 (#359)
    • chore(deps): bump @​actions/core from 1.6.0 to 1.8.2 (#358)
    • chore(deps): bump @​actions/core from 1.8.2 to 1.9.1 (#367)

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3.0.0...v3.1.0

    Commits
    • 8f67e59 chore: regenerate
    • 78df308 chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#383)
    • 66134d9 Merge remote-tracking branch 'origin/master' into flarco/master
    • 3c08cfd chore(deps): bump yargs from 17.6.0 to 17.6.2
    • 5dc579b docs: add example when using workdir along with upload-artifact (#366)
    • 3b7d1ba feat!: remove auto-snapshot on dirty tag (#382)
    • 23e0ed5 fix: do not override GORELEASER_CURRENT_TAG (#370)
    • 1315dab update build
    • b60ea88 improve install
    • 4d25ab4 Update goreleaser.ts
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • chore(deps): Bump google.golang.org/grpc from 1.46.0 to 1.51.0

    chore(deps): Bump google.golang.org/grpc from 1.46.0 to 1.51.0

    Bumps google.golang.org/grpc from 1.46.0 to 1.51.0.

    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.51.0

    Behavior Changes

    • xds: NACK EDS resources with duplicate addresses in accordance with a recent spec change (#5715)
    • grpc: restrict status codes that can be generated by the control plane (gRFC A54) (#5653)

    New Features

    • client: set grpc-accept-encoding header with all registered compressors (#5541)
    • xds/weightedtarget: return a more meaningful error when all child policies are in TRANSIENT_FAILURE (#5711)
    • gcp/observability: add "started rpcs" metric (#5768)
    • xds: de-experimentalize the google-c2p-resolver (#5707)
    • balancer: add experimental Producer types and methods (#5669)
    • orca: provide a way for LB policies to receive OOB load reports (#5669)

    Bug Fixes

    • go.mod: upgrade x/text dependency to address CVE 2022-32149 (#5769)
    • client: fix race that could lead to an incorrect connection state if it was closed immediately after the server's HTTP/2 preface was received (#5714)
    • xds: ensure sum of the weights of all EDS localities at the same priority level does not exceed uint32 max (#5703)
    • client: fix binary logging bug which logs a server header on a trailers-only response (#5763)
    • balancer/priority: fix a bug where unreleased references to removed child policies (and associated state) was causing a memory leak (#5682)
    • xds/google-c2p: validate URI schema for no authorities (#5756)

    Release 1.50.1

    New Features

    • gcp/observability: support new configuration defined in public preview user guide

    Release 1.50.0

    Behavior Changes

    • client: use proper "@" semantics for connecting to abstract unix sockets. (#5678)
      • This is technically a bug fix; the result is that the address was including a trailing NULL byte, which it should not have. This may break users creating the socket in Go by prefixing a NULL instead of an "@", though, so calling it out as a behavior change.

    New Features

    • metadata: add experimental ValueFromIncomingContext to more efficiently retrieve a single value (#5596)
    • stats: provide peer information in HandleConn context (#5589)
    • xds: add support for Outlier Detection, enabled by default (#5435, #5673)

    Bug Fixes

    • client: fix deadlock in transport caused by GOAWAY racing with stream creation (#5652)

    ... (truncated)

    Commits
    • eeb9afa Change version to 1.51.0 (#5782)
    • 72812fe gcp/observability: filter logging from cloud ops endpoints calls (#5765)
    • 0ae33e6 xdsclient: remove unused test code (#5772)
    • 824f449 go.mod: upgrade x/text to v0.4 to address CVE (#5769)
    • 7f23df0 xdsclient: switch xdsclient watch deadlock test to e2e style (#5697)
    • 32f969e o11y: Added started rpc metric in o11y plugin (#5768)
    • b597a8e xdsclient: improve authority watchers test (#5700)
    • e41e894 orca: create ORCA producer for LB policies to use to receive OOB load reports...
    • 36d14db Fix binary logging bug which logs a server header on a trailers only response...
    • fcb8bdf xds/google-c2p: validate url for no authorities (#5756)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Related tags
Security kubernetes golang yaml cloud encryption pipeline vault secret-management cloud-storage provisioning golang-library unix-command secret-storage unix-philosophy cloud-security gitops
SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms
 SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

Jan 2, 2023
A tool for secrets management, encryption as a service, and privileged access management
 A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

Jan 2, 2023
Implementation of Secret Service API

Secret Service Implementation of Secret Service API What does this project do? By using secret service, you don't need to use KeePassXC secretservice

Dec 21, 2022
Generate client secret for Apple get token call

Generate client secret for Apple get token call A util to generate client secret used in Apple get token call. Create a config.json file with the foll

Jan 6, 2022
Allows you to replace a secret in a file using secrets manager

secrets inserter Allows you to replace a secret in a file using secrets manager. ::SECRET:secret-name:SECRET:: will be replaced with your secret-name

Dec 12, 2021
QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security and store it on physical paper.
 QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security and store it on physical paper.

QR Secrets QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security. Incorporating; AES256-GCM-HKDF

Jan 12, 2022
Sqreen's Application Security Management for the Go language
 Sqreen's Application Security Management for the Go language

Sqreen's Application Security Management for Go After performance monitoring (APM), error and log monitoring it’s time to add a security component int

Dec 27, 2022
Product Analytics, Business Intelligence, and Product Management in a fully self-contained box
 Product Analytics, Business Intelligence, and Product Management in a fully self-contained box

Engauge Concept It's not pretty but it's functional. Track user interactions in your apps and products in real-time and see the corresponding stats in

Nov 17, 2021
Optimus is an easy-to-use, reliable, and performant workflow orchestrator for data transformation, data modeling, pipelines, and data quality management.

Optimus Optimus is an easy-to-use, reliable, and performant workflow orchestrator for data transformation, data modeling, pipelines, and data quality

Jan 6, 2023
Secretsmanager - Secrets management that allows you to store your secrets encrypted in git

I created secretsmanager to store some secrets within a repository. The secrets are encrypted at rest, with readable keys and editable JSON, so you can rename a key or delete it by hand. The cli tool handles the bare minumum of requirements.

May 6, 2022
step-ca is an online certificate authority for secure, automated certificate management.
 step-ca is an online certificate authority for secure, automated certificate management.

??️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Jan 6, 2023
Simple Shamir's Secret Sharing (s4) - A go package giving a easy to use interface for the shamir's secret sharing algorithm

Simple Shamir's Secret Sharing (s4) With Simple Shamir's Secret Sharing (s4) I want to provide you an easy to use interface for this beautiful little

Jan 2, 2023
PolarDB Cluster Manager is the cluster management component of PolarDB for PostgreSQL, responsible for topology management, high availability, configuration management, and plugin extensions.

What is PolarDB Cluster Manager PolarDB Cluster Manager is the cluster management component of PolarDB for PostgreSQL, responsible for topology manage

Nov 9, 2022
Obfuscate Go code by wrapping the Go toolchain

Obfuscate Go code by wrapping the Go toolchain.

Dec 31, 2022
Stackie enables developers to configure their local environment/toolchain with ease.

Stackie enables developers to configure their local environment/toolchain with ease. Made for Pulumi CLI, Google Cloud Platform (gcloud), and Amazon Web Services (aws-cli).

Sep 10, 2021
A smart contract development toolchain for Go

ethgen - A smart contract development toolchain for Go A simple yet powerful toolchain for Go based smart contract development Compile solidity contra

Sep 14, 2022
SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms
 SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

Jan 2, 2023
Content and build toolchain for Zig by Example
 Content and build toolchain for Zig by Example

Content and build toolchain for Zig by Example. Building To build the site you'll need Go installed. Run: tools/build To build continuously in a loop:

Dec 5, 2022
A tool for secrets management, encryption as a service, and privileged access management
 A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

Jan 2, 2023
A tool for secrets management, encryption as a service, and privileged access management
 A tool for secrets management, encryption as a service, and privileged access management

Deploy HCP Vault & AWS Transit Gateways via Terraform https://medium.com/hashicorp-engineering/deploying-hcp-vault-using-the-hcp-terraform-provider-5e

Nov 23, 2021