v0.10.8

🚀 Features

• K8s Auth: Allow wildcards for service account and namespace. GH-669
• Add token_type support to create_kubernetes_role. GH-664

Thanks to @blag, @devlounge, @jeffwecan and @jonZlotnik for their lovely contributions.

v0.10.7

🚀 Features

• Support database secrets static roles. GH-662

📚 Documentation

• (Slightly) Expanded + Updated Approle Auth method Docs. GH-667

🧰 Miscellaneous

• Replace Travis CI w/ GitHub actions. GH-666

Thanks to @jeffwecan, @krish7919 and Krish for their lovely contributions.

v0.10.6

🚀 Features

• Enable response wrapping of PKI secrets. GH-649
• Add auth_methods module to support AppRole. GH-637
• Fix oidc login and add working example. GH-638
• Add rabbitmq vhost_topics parameter. GH-626

🐛 Bug Fixes

• Template "auth method not implemented" error message. GH-651
• Fix health.py read_health_status GET method. GH-653
• Fix transit constants for "generate_data_key". GH-632
• Fix PUT method in secrets engine kv_v1 to use PUT instead of POST. GH-629
• Remove Erroneous json() Calls In rabbitmq Class. GH-624

📚 Documentation

• Fix oidc login and add working example. GH-638

🧰 Miscellaneous

• Update health.py to match new Vault API query parameters. GH-635
• Remove Consul Secrets Engine create_or_update_role Policy Type Validation. GH-636

Thanks to @Angeall, @JJCella, @briantist, @derBroBro, @discogestalt, @dogfish182, @el-deano, @ghTravis, @godara01, @jeffwecan, @leongyh, @phickey, @tienthanh2509, @tmcolby and @trixpan for their lovely contributions.

v0.10.5

🚀 Features

• Add JWT/OIDC Authentication Method Classes. GH-613
• Add Identity Tokens Methods and Documentation. GH-611
• Add P-521 to list of allowed key types. GH-608
• Add P-384 and RSA-3072 to list of allowed key types. GH-606

🐛 Bug Fixes

• Options not read by tune_mount_configuration. GH-603

📚 Documentation

• Add Autodoc Summaries. GH-612
• Correct Return Type Docstrings Within Transit Class. GH-609
• Transit engine docs for Encrypt Data now refer to encrypt_data. GH-601

🧰 Miscellaneous

• Update Vault version test matrix / Oldest Support Vault Version. GH-610

Thanks to @akdor1154, @jeffwecan, @ns-jshilkaitis and @trishankatdatadog for their lovely contributions.

v0.10.4

🚀 Features

• Extract "renew_self_token" from "renew_token". GH-598
• Add convenience step_down sys backend method. GH-597

📚 Documentation

• Update AWS Auth Docs With Latest Usage . GH-599

Thanks to @jeffwecan, @jm96441n and @pnijhara for their lovely contributions.

v0.10.3

🚀 Features

• Add Support For use_token_groups In LDAP Auth Method. GH-591
• Add Raft System Backend Methods. GH-594

Thanks to @Finarfin and @jeffwecan for their lovely contributions.

v0.10.2

🚀 Features

• Add vault rekey verification methods. GH-586
• Add request data to exception objects. GH-583
• Add marshaling_algorithm to sign/verify params. GH-584
• Create_role_secret_id: add token_bound_cidrs parameter. GH-585
• Add issuer to kubernetes configuration. GH-575

🐛 Bug Fixes

• Remove json() calls (unneeded following JSONAdapter addition). GH-589

📚 Documentation

• Fix format errors in contributing for HTML docs. GH-577

Thanks to @TerryHowe, @and-semakin, @jeffwecan, @jschlyter, @jzck, @mdelaney and @scarabeusiv for their lovely contributions.

v0.10.1

💥 Breaking Changes

• Make returned responses more consistent. GH-537

Note: GH-537 changes some methods' return types from None to a request.Response
instance. For instance the client.secrets.identity.lookup_entity now returns a Response[204] (truthy) value instead of
None (falsy) when the lookup returns no results.
This change was made to simplify maintenance of response parsing within the hvac code base.

🚀 Features

• Add support for Transform secrets engine. GH-569

🐛 Bug Fixes

• Fix "Exception: member entities can't be set manually for external groups". GH-558

Thanks to @jeffwecan, @llamasoft and @msuszko for their lovely contributions.

v0.10.0

🚀 Features

• Add a correct endpoint for CRL retrieving . GH-547

📚 Documentation

• Fixes close quotes in example usage of read_secret_version. GH-557
• Fixes typo in docs: much -> must. GH-555

🧰 Miscellaneous

• Don't send optional parameters unless explicitly specified. GH-533

Note: GH-533 includes fundamental behavior involving sending parameters
to API requests to Vault. Many hvac method parameters that would have been sent with default arguments no
longer are included in requests to Vault. Notably, the following behavioral changes should be expected (copied from the
related PR comments):

Azure:

• CHANGED: create_role parameter policies now accepts CSV string or list of strings

Database:

• CHANGED: create_role documentation updated to something meaningful 🙃

GCP:

• configure parameter google_certs_endpoint is deprecated
• create_role parameter project_id is deprecated by bound_projects (list)

GitHub:

• configure is missing a lot of parameters

LDAP:

• CHANGED: configure parameters user_dn and group_dn made optional
  • Retained argument position to prevent being a breaking change
• CHANGED: hvac/constants/ldap.py file removed as it is no longer used

MFA:

• This entire endpoint is deprecated so I didn't bother updating it

Okta:

• CHANGED: configure parameter base_url default value now differs from API documentation
  • This is likely just a documentation issue
• register_user, read_user, and delete_user duplicate URL parameter username in JSON payload
  • I left this one as-is as it doesn't appear to hurt anything
• Ditto for delete_group, but register_group and list_group correctly omit it

PKI:

• CHANGED: sign_data and verify_signed_data optional parameter marshaling_algorithm added

RADIUS:

• configure is missing a lot of parameters
• BUG: register_user attempted to convert username string into a CSV list (?!) for POST data
  • Didn't hurt anything as username is extracted from URL path in Vault server
• BUG: register_user parameter policies never actually passed as parameter

System Backend:

• Auth
  • enable_auth_method parameter plugin_name is deprecated
  • CHANGED: enable_audit_device optional parameter local was added
• Init
  • initialize provides default for required API parameters secret_shares and secret_threshold
• Key
  • start_root_token_generation parameter otp is deprecated

Misc:

• There seems to be some discrepancy on how "extra arguments" are accepted:
  • Some methods use only **kwargs (e.g. hvac/api/system_backend/auth.py)
  • Some use *args and **kwargs (e.g. hvac/api/secrets_engines/active_directory.py)
  • hvac/api/secrets_engines/pki.py uses extra_params={}
• Most argument names match API parameter names, but some don't
  • Example: hvac/api/auth_methods/ldap.py configure uses user_dn instead of userdn
  • Example: hvac/api/system_backend/auth.py configure uses method_type instead of type
• Many methods duplicate URL parameters into JSON payload as well
  • This isn't necessary and fortunately Vault ignores the extra parameters
• ttl, max_ttl, policies, period, num_uses and a few other fields are deprecated as of Vault version 1.2.0
  • https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#120-july-30th-2019

Thanks to @findmyname666, @llamasoft, @moisesguimaraes, @philherbert and Adrian Eib for their lovely contributions.

v0.9.6

🚀 Features

• Added userpass auth method. GH-519
• added rabbitmq secrets backend. GH-540
• Quote/Escape all URL placeholders. GH-532

📚 Documentation

• Getting Started Guide and LDAP Auth Updates. GH-524

🧰 Miscellaneous

• Handle bad gateway from Vault. GH-542
• Fix GET/LIST typos. GH-536
• Fix Travis HEAD build + Overhaul install scripts. GH-535
• Improve Integration Test Error Handling. GH-531

Thanks to @DaveDeCaprio, @Dowwie, @drewmullen, @jeffwecan, @llamasoft and @vamshideveloper for their lovely contributions.