Skip to content

v1.26.0
Compare
Choose a tag to compare
@styra-bot styra-bot released this 24 Sep 10:24
· 6 commits to main since this release
v1.26.0
95d910e

OPA v0.68.0
Regal v0.27.0

This release contains various version bumps and an improvement to EKM ergonomics!

External Key Manager (EKM): Simplified configuration, support for plugin configs

Starting with this release, you no longer need to reference service and keys replacements via JSON pointers, but you can use direct lookups, like

services:
  acmecorp:
    credentials:
      bearer:
        scheme: "bearer"
        token: "${vault(kv/data/acmecorp/bearer:data/token)}"

Furthermore, these are also supported in plugins allowing you to retrieve secrets for their configurations as well.

These replacement can also be done in substrings, like this:

decision_logs:
  plugin: eopa_dl
plugins:
  eopa_dl:
    output:
    - type: http
      url: https://myservice.corp.com/v1/logs
      headers:
        Authorization: "bearer ${vault(kv/data/logs:data/token)}"

Replacements also happen on discovery bundles, if their config includes lookup calls of this sort.

See here for the docs on Using Secrets from HashiCorp Vault.

Assets 8
Loading