v0.3.1

Overview

Features 🚀

• feat: add image and chart signing by @csatib02 in #242
• feat: make vault api calls concurrent by @csatib02 in #249

Maintenance 🚧

• chore: remove obsolete build tags by @csatib02 in #257
• chore: update deps by @csatib02 in #280
• chore: prepare release by @csatib02 in #284

Documentation 📄

• docs: CNCF onboarding by @csatib02 in #247

Dependency Updates ⬆️

View all dependency changes

• chore(deps): Bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #218
• chore(deps): Bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in #219
• chore(deps): Bump docker/build-push-action from 5.3.0 to 5.4.0 by @dependabot in #220
• chore(deps): Bump the k8s-io group with 5 updates by @dependabot in #221
• chore(deps): lock file maintenance by @renovate in #222
• chore(deps): Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the k8s-io group by @dependabot in #223
• chore(deps): Bump alpine from 3.20.0 to 3.20.1 by @dependabot in #224
• chore(deps): Bump docker/build-push-action from 5.4.0 to 6.1.0 by @dependabot in #225
• chore(deps): Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by @dependabot in #226
• chore(deps): lock file maintenance by @renovate in #227
• chore(deps): Bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #229
• chore(deps): Bump docker/build-push-action from 6.1.0 to 6.2.0 by @dependabot in #228
• chore(deps): lock file maintenance by @renovate in #230
• chore(deps): Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in #231
• chore(deps): Bump actions/download-artifact from 4.1.7 to 4.1.8 by @dependabot in #234
• chore(deps): Bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @dependabot in #235
• chore(deps): Bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #232
• chore(deps): Bump docker/build-push-action from 6.2.0 to 6.3.0 by @dependabot in #233
• chore(deps): lock file maintenance by @renovate in #236
• chore(deps): Bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #237
• chore(deps): Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @dependabot in #239
• chore(deps): Bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @dependabot in #240
• chore(deps): lock file maintenance by @renovate in #241
• chore(deps): Bump the k8s-io group with 4 updates by @dependabot in #243
• chore(deps): Bump github/codeql-action from 3.25.11 to 3.25.13 by @dependabot in #245
• chore(deps): Bump docker/build-push-action from 6.3.0 to 6.4.1 by @dependabot in #246
• chore(deps): Bump github.com/samber/slog-multi from 1.1.0 to 1.2.0 by @dependabot in #244
• chore(deps): lock file maintenance by @renovate in #248
• chore(deps): Bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #251
• chore(deps): Bump docker/build-push-action from 6.4.1 to 6.5.0 by @dependabot in #256
• chore(deps): Bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in #255
• chore(deps): Bump docker/setup-buildx-action from 3.4.0 to 3.6.1 by @dependabot in #254
• chore(deps): Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #252
• chore(deps): Bump alpine from 3.20.1 to 3.20.2 by @dependabot in #250
• chore(deps): Bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by @dependabot in #253
• chore(deps): Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #261
• chore(deps): Bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #259
• chore(deps): Bump docker/build-push-action from 6.5.0 to 6.6.1 by @dependabot in #258
• chore(deps): Bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #260
• chore(deps): Bump docker/build-push-action from 6.6.1 to 6.7.0 by @dependabot in #265
• chore(deps): Bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in #264
• chore(deps): Bump tonistiigi/xx from 1.4.0 to 1.5.0 by @dependabot in #267
• chore(deps): Bump github/codeql-action from 3.26.2 to 3.26.5 by @dependabot in #268
• chore(deps): Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #270
• chore(deps): Bump github.com/samber/slog-multi from 1.2.0 to 1.2.1 by @dependabot in #272
• chore(deps): Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 in the sigs-k8s-io group by @dependabot in #263
• chore(deps): Bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot in #269
• chore(deps): Bump alpine from 3.20.2 to 3.20.3 by @dependabot in #273
• chore(deps): Bump cachix/install-nix-action from 27 to 28 by @dependabot in #275
• chore(deps): Bump the k8s-io group with 4 updates by @dependabot in #278
• chore(deps): Bump DeterminateSystems/magic-nix-cache-action from 7 to 8 by @dependabot in #277
• chore(deps): Bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #276
• chore(deps): Bump github.com/hashicorp/vault/api from 1.14.0 to 1.15.0 by @dependabot in #279
• chore(deps): lock file maintenance by @renovate in #283
• chore(deps): Bump github.com/samber/slog-multi from 1.2.1 to 1.2.2 by @dependabot in #281
• chore(deps): Bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in #282

Full Changelog: v0.3.0...v0.3.1

v0.3.0

Overview

Breaking changes❗

Annotation changes in #211

Features 🚀

• chore: replace vault-env with secret-init by @csatib02 in #139
• chore: match annotations with secrets webhook by @csatib02 in #211

Maintenance 🚧

• ci: update dependabot config by @csatib02 in #184
• feat: Add license and go badges by @csatib02 in #170
• chore: update nix by @csatib02 in #198
• feat: add issue template by @csatib02 in #205

Dependency Updates ⬆️

View all dependency changes

• chore(deps): Bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @dependabot in #136
• chore(deps): Bump actions/download-artifact from 4.1.2 to 4.1.4 by @dependabot in #140
• chore(deps): Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #141
• chore(deps): Bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #142
• chore(deps): Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #143
• chore(deps): Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #144
• chore(deps): Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in #146
• chore(deps): Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #148
• chore(deps): Bump cachix/install-nix-action from 25 to 26 by @dependabot in #147
• chore(deps): Bump golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18 by @dependabot in #149
• chore(deps): Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #150
• chore(deps): Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #158
• chore(deps): Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @dependabot in #157
• chore(deps): Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #156
• chore(deps): Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #155
• chore(deps): Bump DeterminateSystems/magic-nix-cache-action from 3 to 4 by @dependabot in #154
• chore(deps): Bump golang from 010f3b3 to ede158f by @dependabot in #153
• chore(deps): Bump github.com/hashicorp/vault/api from 1.12.0 to 1.12.1 by @dependabot in #152
• chore(deps): Bump the k8s group with 4 updates by @dependabot in #151
• chore(deps): Bump github.com/hashicorp/vault/api from 1.12.1 to 1.12.2 by @dependabot in #161
• chore(deps): Bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #160
• chore(deps): Bump actions/dependency-review-action from 4.1.3 to 4.2.4 by @dependabot in #159
• chore(deps): Bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in #162
• chore(deps): Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 by @dependabot in #163
• chore(deps): Bump github.com/bank-vaults/vault-operator from 1.21.2 to 1.22.1 by @dependabot in #164
• chore(deps): Bump golang from 1.22.1-alpine3.18 to 1.22.2-alpine3.18 by @dependabot in #165
• chore(deps): Bump azure/setup-helm from 3.5 to 4 by @dependabot in #167
• chore(deps): Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in #168
• chore(deps): Bump sigs.k8s.io/controller-runtime from 0.17.2 to 0.17.3 by @dependabot in #169
• chore(deps): Bump golang.org/x/net from 0.21.0 to 0.23.0 by @dependabot in #172
• chore(deps): Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #173
• chore(deps): Bump github.com/hashicorp/vault/api from 1.12.2 to 1.13.0 by @dependabot in #178
• chore(deps): Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #174
• chore(deps): Bump azure/setup-helm from 4.1.0 to 4.2.0 by @dependabot in #176
• chore(deps): Bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in #175
• chore(deps): Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #180
• chore(deps): Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #182
• chore(deps): Bump actions/download-artifact from 4.1.5 to 4.1.7 by @dependabot in #181
• chore(deps): Bump actions/dependency-review-action from 4.2.5 to 4.3.2 by @dependabot in #185
• chore: bump go version, update dependencies by @csatib02 in #179
• chore(deps): Bump sigs.k8s.io/controller-runtime from 0.18.1 to 0.18.2 in the sigs-k8s-io group by @dependabot in #187
• chore(deps): Bump DeterminateSystems/magic-nix-cache-action from 4 to 6 by @dependabot in #190
• chore(deps): Bump golang from 1.22.2-alpine3.18 to 1.22.3-alpine3.18 by @dependabot in #188
• chore(deps): Bump aquasecurity/trivy-action from 0.19.0 to 0.20.0 by @dependabot in #189
• chore(deps): Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #191
• chore(deps): Bump the k8s-io group with 4 updates by @dependabot in #193
• chore(deps): Bump github/codeql-action from 2.13.4 to 3.25.5 by @dependabot in #194
• chore(deps): Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #196
• chore(deps): Bump golang from 4531927 to d1a601b by @dependabot in #197
• chore(deps): Bump cachix/install-nix-action from 26 to 27 by @dependabot in #195
• chore(deps): Bump alpine from 3.19.1 to 3.20.0 by @dependabot in #199
• chore(deps): Bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3 in the sigs-k8s-io group by @dependabot in #200
• chore(deps): Bump github.com/hashicorp/vault/api from 1.13.0 to 1.14.0 by @dependabot in #201
• chore(deps): Bump github.com/samber/slog-multi from 1.0.2 to 1.0.3 by @dependabot in #202
• chore(deps): Bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in #203
• chore(deps): Bump aquasecurity/trivy-action from 0.20.0 to 0.21.0 by @dependabot in #204
• chore(deps): Bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #207
• chore(deps): Bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #208
• chore(deps): lock file maintenance by @renovate in #209
• chore: bump go version 1.22.2 --> 1.22.3 by @csatib02 in #210
• chore(deps): Bump sigs.k8s.io/e2e-framework from 0.3.0 to 0.4.0 in the sigs-k8s-io group by @dependabot in #206
• chore(deps): Bump DeterminateSystems/magic-nix-cache-action from 6 to 7 by @dependabot in ht...

v0.2.1

Overview

This release targets dependency and pipeline updates.

Maintenance 🚧

• chore(deps): Bump docker/metadata-action from 5.0.0 to 5.2.0 by @dependabot in #73
• chore(deps): Bump alpine from 3.18.4 to 3.18.5 by @dependabot in #75
• chore(deps): Bump docker/metadata-action from 5.2.0 to 5.3.0 by @dependabot in #76
• chore(deps): Bump golang from 1.21.4-alpine3.18 to 1.21.5-alpine3.18 by @dependabot in #78
• chore(deps): Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 by @dependabot in #80
• chore(deps): Bump alpine from 3.18.5 to 3.19.0 by @dependabot in #79
• chore(deps): Bump golang from 5c1cabd to 9390a99 by @dependabot in #81
• chore(deps): Bump k8s.io/client-go from 0.28.4 to 0.29.0 by @dependabot in #82
• chore(deps): Bump k8s.io/apiextensions-apiserver from 0.28.4 to 0.29.0 by @dependabot in #84
• chore(deps): Bump golang from 9390a99 to d8b9994 by @dependabot in #90
• chore(deps): Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #89
• chore(deps): Bump docker/metadata-action from 5.3.0 to 5.4.0 by @dependabot in #87
• chore(deps): Bump actions/download-artifact from 3.0.2 to 4.1.0 by @dependabot in #88
• chore: update dependency packages by @ramizpolic in #91
• chore(deps): Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in #94
• chore(deps): Bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in #95
• chore(deps): Bump docker/metadata-action from 5.4.0 to 5.5.0 by @dependabot in #96
• chore(deps): Bump actions/download-artifact from 4.1.0 to 4.1.1 by @dependabot in #97
• chore(deps): Bump actions/cache from 3.3.2 to 3.3.3 by @dependabot in #100
• chore(deps): Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in #101
• chore(deps): Bump actions/dependency-review-action from 3.1.5 to 4.0.0 by @dependabot in #105
• chore(deps): Bump k8s.io/klog/v2 from 2.110.1 to 2.120.1 by @dependabot in #108
• chore(deps): Bump actions/upload-artifact from 4.1.0 to 4.3.0 by @dependabot in #111
• chore(deps): Bump k8s.io/apimachinery from 0.29.0 to 0.29.1 by @dependabot in #107
• chore(deps): Bump k8s.io/api from 0.29.0 to 0.29.1 by @dependabot in #110
• chore(deps): Bump alpine from 3.19.0 to 3.19.1 by @dependabot in #114
• chore(deps): Bump k8s.io/client-go from 0.29.0 to 0.29.1 by @dependabot in #112
• chore(deps): Bump actions/cache from 3.3.3 to 4.0.0 by @dependabot in #103
• chore(deps): Bump cachix/install-nix-action from 24 to 25 by @dependabot in #102
• chore(deps): Bump golang from 1.21.5-alpine3.18 to 1.21.6-alpine3.18 by @dependabot in #99
• chore(deps): Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0 by @dependabot in #113
• chore(deps): Bump k8s.io/apiextensions-apiserver from 0.29.0 to 0.29.1 by @dependabot in #109
• chore(deps): Bump DeterminateSystems/magic-nix-cache-action from 2 to 3 by @dependabot in #117
• chore(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #119
• chore(deps): Bump actions/download-artifact from 4.1.1 to 4.1.2 by @dependabot in #120
• ci: update dependabot config by @akijakya in #124
• chore(deps): Bump golang from 1.21.6-alpine3.18 to 1.22.0-alpine3.18 by @dependabot in #125
• chore(deps): Bump tonistiigi/xx from 1.3.0 to 1.4.0 by @dependabot in #122
• chore(deps): Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #123
• chore(deps): Bump docker/metadata-action from 5.5.0 to 5.5.1 by @dependabot in #116
• chore(deps): Bump sigs.k8s.io/controller-runtime from 0.16.3 to 0.17.0 by @dependabot in #104
• chore(deps): Bump haya14busa/action-cond from 1.1.1 to 1.2.1 by @dependabot in #127
• chore(deps): Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.1 by @dependabot in #128
• chore(deps): Bump the k8s group with 4 updates by @dependabot in #133
• chore(deps): Bump sigs.k8s.io/controller-runtime from 0.17.1 to 0.17.2 by @dependabot in #134
• chore(deps): Bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @dependabot in #135
• feat: Cancel previous workflow on push by @csatib02 in #132
• chore: update bank-vaults deps by @ramizpolic in #130

New Contributors

• @csatib02 made their first contribution in #132

Full Changelog: v0.2.0...v0.2.1

v0.2.0

What's Changed

Breaking changes in Helm chart

• imagePullSecrets -> image.imagePullSecrets
• env default variables -> {}
• ingress.hosts default item -> []

Features

• helm: improvements by @akijakya in #54
• feat: collect secrets from vault-env-from-path annotation by @akijakya in #60
• feat: switch from logrus to slog by @akijakya in #62
• feat: replace flag name underscores with dashes by @akijakya in #66

Maintenance

• docs: fix Helm chart url by @akijakya in #49
• docs: separated examples from README, added image by @akijakya in #67
• feat(GA): add common pipeline actions by @ramizpolic in #72
• feat: use official signals package by @akijakya in #69

Dependencies

• chore(deps): Bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 by @dependabot in #51
• chore(deps): Bump k8s.io/apiextensions-apiserver from 0.28.3 to 0.28.4 by @dependabot in #57
• chore(deps): Bump docker/build-push-action from 5.0.0 to 5.1.0 by @dependabot in #61
• chore(deps): Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot in #63
• chore(deps): Bump github.com/bank-vaults/vault-sdk from 0.9.0 to 0.9.1 by @dependabot in #71
• chore(deps): Bump cachix/install-nix-action from 23 to 24 by @dependabot in #70
• chore(deps): Bump actions/dependency-review-action from 3.1.1 to 3.1.4 by @dependabot in #68
• chore(deps): Bump golang from 1.21.3-alpine3.18 to 1.21.4-alpine3.18 by @dependabot in #50

Full Changelog: v0.1.0...v0.2.0

v0.1.0

Vault Secrets Reloader - Alpha Release v0.1.0 🎉

We are excited to announce the alpha release of Vault Secrets Reloader, a Kubernetes Controller that reloads workloads on a referenced secret change in HashiCorp Vault.

Vault Secret Reloader can periodically check if a secret that is used in watched workloads has a new version in Hashicorp Vault, and if so, automatically “reloads” them by incrementing an annotation value, initiating a rollout for the workload’s pods. This controller is essentially a complementary to Vault Secrets Webhook, relying on it for actually injecting secrets into the pods of the affected workloads.

🌟 Features

• Automated Secret Collection: Collect secrets from Kubernetes workloads using a special annotation
• Version-Based Secret Comparison: Cross-reference the collected secrets with their corresponding versions in Vault and reload affected workloads
• Tailored Scheduling: Customize the frequency of collection and reloading intervals to fit custom requirements

To get familiarized, try out the Reloader locally with the help of our guide - you only need Docker to be installed!

❓ What's next?

We are actively working on adding new features to the Reloader. Check out our issues page to see the new features we are working on.

🗣️ We are looking for feedback!

Your insights are crucial to us. You can support us with your feedback, bug reports, and feature requests by responding to this announcement, or opening an issue.

This release offers already existing Vault Secrets Webhook users an automated solution for injecting the latest version of their secrets into the pods, contributing to Bank-Vaults's mission to simplify and enhance secret management in the Cloud Native ecosystem.

🔗 Useful links

• Contributing guide
• Security procedures
• Code of Conduct
• Email: [email protected]

© License

The project is licensed under the Apache 2.0 License.

📢 Release Notes

• chore: add codeowners by @ramizpolic in #8
• feat: reloader POC 2 by @akijakya in #6
• feat: add Helm chart, tests and Github Actions by @akijakya in #9
• docs: improve readme by @akijakya in #21
• docs/ci: improvements by @akijakya in #38

New Contributors

• @ramizpolic made their first contribution in #8
• @akijakya made their first contribution in #6
• @dependabot made their first contribution in #19

Full Changelog: https://github.com/bank-vaults/vault-secrets-reloader/commits/v0.1.0