You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PKI Workers: This release introduces a new worker type pki which
authenticates to Boundary using a new certificate-based method, allowing for
worker deployment without using a shared KMS.
Credentials: This release introduces a new credential store type static,
which simply takes in a user-supplied credential and stores it (encrypted)
directly in Boundary. Currently, the static credential store can hold
credentials of type username_password. These credentials can act as
credential sources for targets, similar to credential libraries from the vault credential store, and thus can be brokered to users at session
authorization time. PR
boundary connect Credential Brokering Integration: we have extended integration
into the boundary connect helpers. A new sshpass style has been added to the ssh helper, when used, if the credential contains a username/password and sshpass
is installed, the command will automatically pass the credentials to the ssh process.
Additionally, the default ssh helper will now use the username of the brokered credential. PR.
controller: Improve response time for listing sessions.
This also creates a new periodic job that will delete terminated
sessions after 1 hour.
See Deprecations/Changes for some additional details. PR.
event filtering: Change event filters to use lowercase and snake case for data
elements like the rest of Boundary filters do.
ui: Use include_terminated flag for listing sessions. PR.
The plugin execution_dir configuration parameter is now respected. PR.
ui: Fix Users page not updating fields correctly. PR.
Deprecations/Changes
Targets: Removes support for credential libraries with respect to Target resources.
The libraryfields and actions were deprecated in Boundary 0.5.0,
please use credential sources instead. See changelog referenced above for
more details (PR).
Credential Libraries: The user_password credential type has been renamed to username_password to remove any inconsistency over what the credential type is.
All existing user_password typed credential libraries will be migrated to username_password (PR).
controller: Change the default behavior of the session list endpoint
to no longer include sessions in a terminated state and introduces
a new query parameter/cli flag to include the terminated sessions.
This also removes the connection information from the list response. PR.
Anonymous user permissions: In order to reduce the risk of accidental and
unintended granting of permissions to anonymous users, the permissions system
now only allows certain actions on certain resources to be assigned to the
anonymous user; currently these are the same permissions as assigned in
Boundary's default role permissions. If other use-cases arise this list can be
expanded. See the
documentation
for more details.