---
- branch: MAIN
  date: Thu Aug 17 07:58:53 UTC 2017
  files:
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/security/vault/Makefile
    pathrev: pkgsrc/security/vault/Makefile@1.15
    type: modified
  - new: '1.10'
    old: '1.9'
    path: pkgsrc/security/vault/distinfo
    pathrev: pkgsrc/security/vault/distinfo@1.10
    type: modified
  id: 20170817T075853Z.470d34853c5f79bcc9d6af838f9d20b440875433
  log: |
    Update security/vault to 0.8.1.

    DEPRECATIONS/CHANGES:

    - PKI Root Generation: Calling `pki/root/generate` when a CA cert/key already
      exists will now return a `204` instead of overwriting an existing root. If
      you want to recreate the root, first run a delete operation on `pki/root`
      (requires `sudo` capability), then generate it again.

    FEATURES:

    - Oracle Secret Backend: There is now an external plugin to support leased
      credentials for Oracle databases (distributed separately).
    - GCP IAM Auth Backend: There is now an authentication backend that allows
      using GCP IAM credentials to retrieve Vault tokens. This is available as
      both a plugin and built-in to Vault.
    - PingID Push Support for Path-Baased MFA (Enterprise): PingID Push can
      now be used for MFA with the new path-based MFA introduced in Vault
      Enterprise 0.8.
    - Permitted DNS Domains Support in PKI: The `pki` backend now supports
      specifying permitted DNS domains for CA certificates, allowing you to
      narrowly scope the set of domains for which a CA can issue or sign child
      certificates.
    - Plugin Backend Reload Endpoint: Plugin backends can now be triggered to
      reload using the `sys/plugins/reload/backend` endpoint and providing either
      the plugin name or the mounts to reload.
    - Self-Reloading Plugins: The plugin system will now attempt to reload a
      crashed or stopped plugin, once per request.

    IMPROVEMENTS:

    - auth/approle: Allow array input for policies in addition to comma-delimited
      strings
    - auth/aws: Allow using root credentials for IAM authentication
    - plugins: Send logs through Vault's logger rather than stdout
    - secret/pki: Add `pki/root` delete operation
    - secret/pki: Don't overwrite an existing root cert/key when calling generate

    BUG FIXES:

    - aws: Don't prefer a nil HTTP client over an existing one
    - core: If there is an error when checking for create/update existence, return
      500 instead of 400
    - secret/database: Avoid creating usernames that are too long for legacy MySQL
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/vault'
  unixtime: '1502956733'
  user: fhajny