mirror of https://github.com/hashicorp/boundary
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
moduli-cache-optimize
dkanney-get-token
main
llb-app-token
dependabot/github_actions/actions-c7ef05859a
release/0.21.x
release/0.20.x
release/0.19.x
backport/aditya2548-update-cve-changelog-0.21/adequately-careful-gobbler
backport/aditya2548-update-cve-changelog-0.19/evidently-clear-gopher
dheath-delete-website
bgajjala-type-confusion-fix
ddebko-skip-iputils
bgajjala-bexpr-fix
llb-desktop-client-sort-backup
improve-testoutput
backport/irindos-bump-go/externally-champion-kid
rand-read-reverting
bosorawis-stop-revoking-expired-vault-creds
bosorawis-stop-renewing-and-revoking-expired-vault-lease
wongtonyb-enos-ssh-keypair
test_crypto_rand
bumped-ui-commit-95f72e1
update-ui-changelog
backport/update-ui-changelog/ideally-eternal-doberman
bump-ui-commit-4fc3244
wongtonyb-connectcli-stdoutpipe-ff
llb-password-credential-type-clean
recovered-work
llb-password-credential-fix
llb-password-credential-type-backup
mikemountain-sql-schema-and-pgtap
backport/dkanney-add-plugin-ibm-key-protect-kms/terminally-vocal-duckling
stable-website
backport/dheath-fix-redirects-2/extremely-gorgeous-troll
backport/am-add-winrdp-err/barely-bold-jaybird
app-token-prototype
dheath-worker-config-name
ICU-17720-storage-protobufs
moduli-e2e-loglevel-debug
backport/rdp-docs/actively-classic-adder
backport/ICU-14484-redis-connect/greatly-immortal-cardinal
bump-ui-commit-39dedc6
scc/backport-content-change
drohan-rdp-beta-doc-updates
scc/backport-redirects
dheath-spe-1219-controller-config
style-nonce
irindos-fix-nz-tests
manjeet-04-recovery-plugin-proto
llb-recovery
dkanney-expose-warehouse-tables-over-mcp-server
backport/dheath-clarify-known-issue-message/especially-fun-lioness
louis-tests
louis-testing
backport/bosorawis-add-test-to-migration-fix/surely-relevant-tiger
backport/bosorawis-add-test-to-migration-fix/hardly-optimal-ape
mikemountain-fix-rollback-bug-on-hook-failures
llb-normalized-grants-tests-only
dkanney-merge-main-into-release/0.19.x
dkanney-release/0.19.x-rebase-on-c97605b
dkanney-make-gen-release/0.19.x
mikemountain-add-create-default-and-admin-role-options
mikemountain-fix-migration-drop-cascade
backport/pnpm-migration/socially-star-sponge
backport/bump-ui-commit-2d34717/uniquely-amazing-gnat
backport/dheath-add-client-agent-commands/preferably-lenient-marten
backport/dheath-add-client-agent-commands/presumably-moved-bluejay
mikemountain-fix-makefile-sed-issue
mikemountain-add-createdefaultrole-and-createadminrole-options
backport/boundry/mini-doc-day-2/informally-mutual-poodle
anwittin-changelog-update-1-19-3
backport/dkanney-cve-suppression-for-0.19.2/secondly-unified-terrier
backport/add-ui-entries-changelog/suitably-large-puma
release/0.18.x
release/0.17.x
bosorawis-domain-iam-implement-role-grant-scopes
bosorawis-domain-iam-implement-list-role-grant-scopes
backup/backport/moduli-e2e-ubuntu22/especially-still-oarfish-10-44-20 AM
backport/ddebko-update-changelog/previously-adapting-hare
backport/ddebko-update-changelog/initially-whole-bison
tsccr-auto-pinning/trusted/2025-04-01
bosorawis-domain-iam-create-role
elimt-auth-tokens-grants-test
backport/vanphan24-patch-1---public_addr-note/poorly-smiling-dingo
backport/vanphan24-patch-1---public_addr-note/forcibly-proven-pheasant
backport/vanphan24-patch-1---public_addr-note/eminently-renewed-pika
mikemountain-changelog-0.19.1
boundry/mini-doc-day
elimt-grants-data-migration
jbrandhorst-prevent-enourmous-estimated-counts
backport/jbrandhorst-update-azure-plugin/largely-amused-tetra
judith/edu-web-codeowners
backport/docs/config-examples-fix/suddenly-eternal-rat
backport/docs/config-examples-fix/rationally-immortal-kangaroo
jbrandhorst-prototype-db-iface-changes
bumpui-commit-835b302c1
bump-commit-835b302c1
irindos-test
backport/bump-ui-commit-ae1e6d2/notably-secure-malamute
bosorawis-grants-tests-for-accounts-resource
release/0.16.x
jbrandhorst-remove-dependabot-actions
elimt-gcp-multiple-targets
backport/artifact-manifest/main/mainly-proven-snake/vaguely-next-foal
jimlambrt-cache-refresh-win
ddebko-optimize-cluster-tests
jbrandhorst-revert-awssdk-update
ddebko-revert-awskms
moduli-vgt
backport/ryan/ICU-15359/steadily-content-finch
jbrandhorst-remove-wget
backport/ci/update-security-scanner-token/strangely-sweeping-wildcat
dheath-telemetry-doc
bosorawis-labweek-per-authmethod-ttl
backport/jbrandhorst-clarify-ts-configuration-reload/lately-quiet-civet
fix-security-scanner
jimlambrt-cache-soft-delete-user
jimlambrt-cache-speedup-refresh
hugo-dhc-manual-tests
backport/irindos-update-changelog-0.17.2/gently-grand-titmouse
jbrandhorst-context-cause
jbrandhorst-go-api-paging
backport/irindos-update-changelog/horribly-super-crayfish
jbrandhorst-fix-security-scanner
uruemu/app-token-service
dheath-IA-POC
llb-app-tokens
jefferai-rbac-caching
release/0.15.x
moduli-e2e-port
irindos-custom-cli-dump
jefferai-proxyv2-test-2
jefferai-proxyv2-test-1
llb-worker-storage-bucket-state
dmiu_vault-response-wrapping
release/0.14.x
release/0.13.x
single-write-errors
elimt-release-0.16.1-mod-update
backport/alanknight_update_dependencies/personally-champion-robin
irindos-cause-split-brain
backport/uruemu/session-recording-observation-events/plainly-tender-guinea
labweek/event-streaming
alanknight_sessions_includeterminated
jbrandhorst-node-enrollment-test
alanknight_labweek_search_tui
jbrandhorst-help-api
flakey-test-TestRotationTicking
lab-week/event-streaming
dheath-docsdays-multi-hop-concept
irindos-update-apisdk
jefferai-random-reader-through-nodee
dgreeninger-vault-integration-howto
backport/dheath-ICU-12878/obviously-intense-calf
backport/irindos-update-bsr-detail/publicly-merry-kangaroo
carlos
dgreeninger-vault-integrations2
SMRE-7-release-pipeline
tmessi-cp-monthly-active-users
backport/jbrandhorst-update-runc/carefully-supreme-mole
jefferai-proxy-in-api
jbrandhorst-fuzz-dns-validator
syncing-file-buffer
jefferai-initial-resources-test
moduli-e2e-fast
tmessi-target-list-reduce-query-params
elimt-oidc-prompts-changelog
tmessi-rate-limit-sys-event
tmessi-rate-limit-unlimited
DoNotDelete-plugin-sdk-0.3.0
app-token-read
moduli-e2e-logout-test
mikemountain-iam-groups-list-pagination
jimlambrt-more-multierror-bits
llb-worker-local-storage-state
moduli-e2e-authorize-session-scope-test
mikemountain-iam-user-list-pagination
mikemountain-iam-role-list-pagination
mikemountain-auth-handlers-pagination
mikemountain-auth-domain-pagination
AdamBouhmad-patch-1
mikemountain-managed-groups-list-pagination
mikemountain-sessions-list-pagination
mikemountain-refactor-auth-methods-domain-layer
mikemountain-auth-token-domain-list-pagination
mikemountain-refactor-accounts-domain-layer
backport/jimlambrt-ldap-mtls-fix-changelog/forcibly-cunning-katydid
backport/dmiu_add-valid-principals-ssh-cert/manually-stirred-mutt
elimt-cpu-consumption-changelog
backport/jimlambrt-fix-oplog-keys/gladly-included-aardvark
elimt-worker-local-storage-proto
release/0.14.1
alanknight_warnings
jimlambrt-go-version
jbrandhorst-experimenting
mikemountain-refactor-accounts-base-repo
releng-test-cgo-enabled
readme-update
rab-permissions-docs-rebase
jimlambrt-make-gen
jimlambrt-auth-ldap-fixes
jimlambrt-drop-oplog-scopeid-fk
backport/jefferai-icu-10786/subtly-legal-chigger
ajayreshc-plugin-proto-observability
backport/dheath-elur-edits/humbly-comic-hornet
compliance/license-update
mikemountain-purge-pagination-tables
mikemountain-prototype-table-trigger-job
dmiu_client-connection-via-unix-socket
dmiu_plugin-error-handling
backport/danny-knights-documentation/hopefully-giving-goat
backport/xw-worker-docs/mildly-talented-newt
backport/irindos-bsr-check-nano-decode/implicitly-hip-turkey
jimlambrt-update-cap
backport/xw-worker-docs/honestly-composed-minnow
backport/dheath-reorg-session-recording-operations/terribly-alert-bug
backport/docs/cli-commands/internally-bursting-condor
backport/docs/cli-commands/eagerly-chief-yeti
backport/dheath-fix-toc-typo/overly-funky-gelding
backport/dheath-fix-headings-1/mistakenly-mint-panther
backport/edorion-patch-3/entirely-direct-barnacle
backport/edorion-patch-2/amazingly-inspired-prawn
backport/edorion-patch-1/properly-desired-mastiff
backport/dheath-host-discovery/gradually-dominant-bunny
backport/irindos-fix-mlock-typo/preferably-enormous-mustang
backport/dheath-update-target-client-port/mainly-loving-heron
backport/irindos-0130-release-notes/actually-unbiased-bunny
jimlambrt-gldap-dep
jimlambrt-cache-poc
backport/dheath-fix-spacing-bullets/code/severely-decent-walleye
llb-jefferai
backport/dheath-bsr-key-req/adversely-great-teal
backport/Postgres-version-recommendation/badly-major-goshawk
backport/irindos-update-storage-bucket-docs/shortly-worthy-foal
backport/dheath-fix-code-blocks/endlessly-closing-alpaca
backport/what-is-boundary-changes/terminally-famous-goshawk
xinglu-permissions-docs
release/0.12.x
hz-cli-print-cert
jefferai-test-stream-interceptor
manthony-controller-led-auth
tmessi-interface-to-any
zs.test-api-docs-preview
tmessi-fix-ui-build
jefferai-unsettable-bools
test-gh-fix
dmiu_plugin-restructure
sarah-test-transient
ahuang/test-mod-cache
test-changing-nofile-limit
try-test-splitting
tmessi-ci-gh-actions-mariano
jimlambrt-ldap-changelog
backport/alanknight_pkiworkers_docs/clearly-driven-raptor
backport/alanknight_pkiworkers_docs/rapidly-rational-chamois
backport/alanknight_pkiworkers_docs/wholly-pumped-dinosaur
backport/rab-0_12_0_cve-link/partly-singular-bison
eneil/test-changes
test-rm-product-metadata
jimlambrt-ldap-wh
backport/bump-ui-commit-onboarding-update/firmly-flexible-mallard
jimlambrt-ldap-ongoing
release/0.5.x
release/0.6.x
release/0.7.x
release/0.8.x
release/0.9.x
release/0.10.x
release/0.11.x
backport/dheath-add-frontmatter-ref-arch/normally-smooth-werewolf
backport/dheath-release-notes-0.11/probably-legal-walrus
backport/dheath-release-notes-0.11/grossly-advanced-alien
tmessi-sqltest-postgres-versions
backport/ks.update-alert-docs/miserably-valued-seahorse
RELENG-305
daniellemiu_remove-session-id-from-retrieveCredential
release/0.11.2
backport/set-product-version/briefly-knowing-fowl
backport/dheath-template-params-rewrite/totally-thankful-buzzard
mktg-tf-999fc08cd5edb8632f8f6995f9998396
tmessi-sqllit
hz-active-conns-main
hugoamvieira-bud-update-changelog1
backport/dheath-vault-credential-templating/carefully-striking-jaybird
sam/set-product-version
hz-active-conns-cherrypick
backport/dheath-boundary-v-others/adequately-genuine-badger
backport/dheath-boundary-v-others/readily-rich-squirrel
backport/dheath-boundary-v-others/sadly-splendid-lion
hz-db-consistency-2
chore-bump-ui-commit
hz-active-connections-re
hz-active-connections
jefferai-eph-testing
kevin/boundary-ga-link-fixes
jefferai-skip-shared-lock-acquisition
jefferai-hosts-on-targets
jefferai-gen-add-set-remove
manthony/QTI-317
b/set-version-docker
chore-bump-ui
qti/nomad-deployment
jimlambrt-go-dbw-dep-update
rename_boundary_service
jimlambrt-worker-dag
qti-275
llb-project-scope-refactor
mgaffney-rename-catalog-column
jimlambrt-repo
jimlambrt-byow-create-ongoing
docs-install-dir
jimlambrt-yugabyte
release/0.8.1
jefferai-session-listing-style
new-metrics-doc
jimlambrt-kms-refactor
test-build-downloading-ui-artifact
jefferai-remove-alpnmux
test-workflow
plugin-error-code-conversion
add-desktop-vault-credential-clickthrough
test-kms
sarah-test
crt
release/0.7.3
vancluever-persisted-creds-maintenance-job
release/0.7.2
hostcatalog-updates-074
vancluever-persisted-creds-maintenance-job-abandoned-timestamponly
mgaffney-update-mappers2
brk.feat/mdx-v2
release_notes_07
build-abd695e5bc42d01e4412bf6c76211c3fc93a93d7-96b4bb6d1c841f3
jeff-windows-asset-embedding
build-bc27190474ad4863d3c7541f35467c84d8b17621-6e6387801f8e1b6e
jeff-ci-error-investigation
jimlambrt-update-db-docs
vancluever-plugin-hostcatalogs-catch-duplicate-name-early
vancluever-hostcatalogsecret-crud
backport/add-reference-architectures-docs-2/sadly-exotic-cattle
jeff-migrate-host-set-members
backport/nq.web.upgrade-analytics-package/factually-modern-mastodon
backport/nq.add-fathom-analytics/luckily-definite-fawn
jeff-shared-host-lookup
ac.homepage-refresh
build-07c5c00f557ccc6d58ac065fa6c267f576860ac2-b6d44bfa8919b067
zs.hero-video-tweaks
jeff-plugin-threadsafe-map
jimlambrt-events-inbound-interceptor
jimlambrt-events-no-default-stderr-sink
jimlambrt-gorm-v2
vancluever-plugin-hostcatalogs-manager-launch-and-hooks
vancluever-plugin-hostcatalogs-manager
build-7746916d59c46491d77b4381b9e0bfee7f2960c1-aa2e5699399125ec
vscode-customization
build-3fc2cf4df5820b2465e10a4fe12d03e563c9ea36-aa2e5699399125ec
vancluever-plugin-hostcatalogs
build-02c0764e1100301622a8cb916a7e3e6224fec79e-aa2e5699399125ec
build-02c0764e1100301622a8cb916a7e3e6224fec79e-7d2e41b4124999b9
vancluever-move-host-resoruce-address-up-to-top-level
christoff-event-api
christoff-event-storage-protobuf
jeff-add-migration-hooks
jeff-robbarnes-testing
christoff-db-prince
build-5f88243ddc6182db9c71ba84fd401040de4f5d41-ee438ecfea1e5f6d
jimlambrt-oidc-ctx
jimlambrt-remove-threshold
jimlambrt-event-logger-dep
vancluever-plugin-prototype
boundary-toc-draft
boundary-draft-toc
mdeggies-ui-build-fix-commit
christoff-fix-build-ui
jimlambrt-event-resource
build-0b66464a3a173d5cd28a41924fb661d9e68b33c5-7706fefd870195c1
build-48e55f156a0fbdcb4e1e711b04271e57bc8f952e-7706fefd870195c1
build-7f9bc768a02832ebfd96387f8ea48b56975ab391-7706fefd870195c1
build-14c7993c2cc5a9ad92025453c2dbe66651a98359-7706fefd870195c1
build-f48382828610d294361ee6630c11972d501678fb-7706fefd870195c1
jimlambrt-events-integration-updates
jeff-vault-target-sad-cli
origin/vancluever/worker-unit-testing
vancluever/worker-status-connection-close
vancluever/controller-session-cleanup
jimlambrt-hclog-sink-prototyping
jimlambrt-encrypt-node
build-407a21991aa7dc550967720466d4b10c2e02ee1c-af038697addc95f7
pw-prefix-docs
jimlambrt-dry-out-eventer
jimlambrt-events-eventer
jimlambrt-o11y-wip
jimlambrt-o11y-audit-encrypt-filter
build-95e6a736e5d92c824843675122618828c94b89d0-855628175bd6dd2b
build-ed5e34082c60ac49d2501f1ac68f6bd36925c169-96c1fa474bdc9213
build-79c1d90fa58c43e8bdbd1b3a27ea57b8329461d6-855628175bd6dd2b
build-a87fe5f803e2b28fa008158d8a080aa3fe65184e-6a9de274fa82c0d3
packagespec-0.2.6/main
build-3c994f66f877224fd1d75e6ce3ff4efb3aa9a0ad-f8da55a155fec372
build-b0fbd9b905aa8ef091936636d8d7463e728de64c-f8da55a155fec372
build-c3cbf23eaba7c37a4e7a2829c19e8bb2f63efc10-f8da55a155fec372
build-c3cbf23eaba7c37a4e7a2829c19e8bb2f63efc10-d2d108249f2b472e
build-f7e7e54fd8f07011fd36e71cca494d2621017aff-f8da55a155fec372
eventmvp
jimlambrt-oidc-user-name-email-with-scopes
build-7bf6fad7e235ff9ba8fa904904afd1b6deb40082-604d79ffd095ac1d
build-6c003c94f7a49dba6ae2ad524d4e830929c2a363-604d79ffd095ac1d
build-db29c83daf377602e31a5aaebb5252c10e6da4bd-604d79ffd095ac1d
feature-enable-ui-oidc
jimlambrt-oidc-wip
backport/br.stackmenu/thoroughly-tidy-jaybird
jimlambrt-oidc-primary-bool
jimlambrt-oidc-wip-primary-bool
jimlambrt-oidc-wip-disable-discovered
jimlambrt-oidc-wip-uniq-names
jimlambrt-oidc-wip-fix-migrations
jimlambrt-oidc-predictable-auth-oidc-acct-ids
build-c0f33f982c87c0eb4127cb16cf06b03a37b91dbd-ac2d26e9788a0ad5
jeff-update-tls-max-version
jimlambrt-oidc-op-state-changes
revert-937-jimlambrt-oidc-providers-and-repo-reads
jimlambrt-oidc-eff-dating
malnick/dt-client-videos
build-bc565922fbd3a18c9f6a22cd2e80a93df0d7cd45-8df1aef0cf650f
build-c45916918a4e71d3c9f3b47d058ce1e2075e8f5d-eee4aa2684a7d81e
build-9761f1deee3fceeb4e9a11696e3a15de813c6979-eee4aa2684a7d81e
docs-desktop
malnick/jeff-publicclusteraddr-env
mgaffney-ICU-1063-target-hosts
ICU-1063-target-hosts
binary-test-harness
build-ba6c0df8ca56eff0f01d9717da1b1435898408d3-1a2da1c180d096ae
build-f8577519b6fb152ddb19b2e4a7dcf8e9b1e82f58-33843d4ffce619b7
build-b5d84495a33b72a3139bd224d3cfcd4cbaad7b98-6d31fbde972f7762
fix-base-image-reference
jeff-websocket-netconn-framewrapping
build-d8020842ae8b6c742b94538baada313d7eb52809-96150adb9f0307e8
build-a39bad1ab0159ba4fe91365e9ddec93f04d795e3-96150adb9f0307e8
build-353360bbcf38badecbc8b2ebfaeae3597e704a6f-96150adb9f0307e8
jeff-dynamic-groups-exp
malnick-patch-1
build-eccd68d73c3edf14863ecfd31f9023063b809d5a-8bc67ea0caf8607a
build-3b9ef13f173683e82a68b7fb47ed491ac025518f-8bc67ea0caf8607a
build-be498b301567249e8b913e79591af378f0fa5cd6-8bc67ea0caf8607a
jeff-recovery-config-hcl-string
jeff-worker-unix-public-addr
issue-701
chlg-subheader
build-e08ab98a2b128ee202eae46551da23c831b4acfc-13facd1eb832bef
build-7b7fbfa2c1af4c7ee2f60857cedb22f19daffc4f-ccf4cf2f99886942
br.boundary-releases
build-ce40b69ffa93e0b68a045114847ca498732f18b9-19422f9faecfc500
br.download-boundary
nq.website.remove-auth
hashiconf
cli-data
chore-ui-v0.1.0
Docs-landing-page
jm.add-hashi-stack-menu
prefix-format-err
jeff-error-cli-update
malnick-err-cli-update
cli-printer
helpful-text
build-a1765d5838b0fe61ad80af4b3c2d5e514595d216-e4376ac9df46687f
integration-test
db_env_var
build-2647dd2d665b71b5da76a9964b4c272985d37ea0-748714d3a36e1911
build-44575137078a4c177fc9a16b16faf98494b49130-4344d637dfb974c4
build-ad364714b47113baf7e87e9a382d03b8f73b896a-93a6ac5d68844c75
admin-docs
cli-labels
jimlambrt-assoc-changes
build-be1555d9b0325d7d8078451c19df46d0aa514c40-77765297f95ba814
uniq-name
examples
jimlambrt-session-basics
rm-tribal
jimlambrt-targets-store
external-kms
kms-proto
jeff-migrate-debugging
e2e
docs-project-resource
mgaffney/wt-demo-1
iam-basics
revert-143-remove-projects-from-grants
jimlambrt-auth-additions
dev-test-db
mgaffney/static-hosts
mgaffney/make-tests-faster
apigen
mgaffney/db-init
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.1
sdk/v0.0.7
v0.5.0
api/v0.0.15
v0.4.0
v0.3.0
v0.2.3
v0.2.2
v0.2.1
api/v0.0.10
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
api/v0.0.1
api/v0.0.11
api/v0.0.12
api/v0.0.13
api/v0.0.14
api/v0.0.16
api/v0.0.17
api/v0.0.18
api/v0.0.19
api/v0.0.2
api/v0.0.20
api/v0.0.21
api/v0.0.22
api/v0.0.23
api/v0.0.24
api/v0.0.25
api/v0.0.26
api/v0.0.27
api/v0.0.28
api/v0.0.29
api/v0.0.3
api/v0.0.30
api/v0.0.31
api/v0.0.32
api/v0.0.33
api/v0.0.34
api/v0.0.35
api/v0.0.36
api/v0.0.37
api/v0.0.38
api/v0.0.39
api/v0.0.4
api/v0.0.40
api/v0.0.41
api/v0.0.42
api/v0.0.43
api/v0.0.44
api/v0.0.45
api/v0.0.46
api/v0.0.47
api/v0.0.48
api/v0.0.49
api/v0.0.5
api/v0.0.50
api/v0.0.51
api/v0.0.52
api/v0.0.53
api/v0.0.54
api/v0.0.55
api/v0.0.56
api/v0.0.57
api/v0.0.58
api/v0.0.59
api/v0.0.6
api/v0.0.60
api/v0.0.7
api/v0.0.8
api/v0.0.9
sdk/v0.0.1
sdk/v0.0.10
sdk/v0.0.11
sdk/v0.0.12
sdk/v0.0.13
sdk/v0.0.14
sdk/v0.0.15
sdk/v0.0.16
sdk/v0.0.17
sdk/v0.0.18
sdk/v0.0.19
sdk/v0.0.2
sdk/v0.0.20
sdk/v0.0.21
sdk/v0.0.22
sdk/v0.0.23
sdk/v0.0.24
sdk/v0.0.25
sdk/v0.0.26
sdk/v0.0.27
sdk/v0.0.28
sdk/v0.0.29
sdk/v0.0.3
sdk/v0.0.30
sdk/v0.0.31
sdk/v0.0.32
sdk/v0.0.33
sdk/v0.0.34
sdk/v0.0.35
sdk/v0.0.36
sdk/v0.0.37
sdk/v0.0.38
sdk/v0.0.39
sdk/v0.0.4
sdk/v0.0.40
sdk/v0.0.41
sdk/v0.0.42
sdk/v0.0.43
sdk/v0.0.44
sdk/v0.0.45
sdk/v0.0.46
sdk/v0.0.47
sdk/v0.0.48
sdk/v0.0.49
sdk/v0.0.5
sdk/v0.0.50
sdk/v0.0.51
sdk/v0.0.52
sdk/v0.0.53
sdk/v0.0.54
sdk/v0.0.55
sdk/v0.0.56
sdk/v0.0.57
sdk/v0.0.6
sdk/v0.0.8
sdk/v0.0.9
v0.1.0-beta.1
v0.1.0-beta.2
v0.1.0-beta.3
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.11.1
v0.11.2
v0.12.0
v0.12.1
v0.12.2
v0.13.0
v0.13.1
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.5
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.20.0
v0.20.1
v0.21.0
v0.21.1
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.9.0
v0.9.1
${ noResults }
Johan Brandhorst-Satzkorn
edd323b73a
* Key Rotation/Destruction (#2477) * fix: Correct kms.CreateKeys comment This method does not return anything. * feat(kms): Add new ListKeys method The new ListKeys method wraps the underlying KMS wrapper, returning all the keys in the scope specified. * feat(scopes): Add new scope actions for key management Adds list-keys, rotate-keys and revoke-keys actions for scopes. * feat(scopes): Add ListKeys API endpoint This new endpoint lists all keys in a scope * feat(api): Add ListKeys to Scopes client This has to be a custom function because it is a custom action and doesn't map well to any of the existing templates, or generalises well in a way that would make it reasonable to create a new template. * feat(cli): Add new scopes list-keys command * add RotateKeys function to the kms repository * Add Rotate Keys Endpoint to Scopes Api (#2360) * add rotate keys endpoint * add tests for RotateKeys endpoint * remove that one comment I forgot about * addressing more PR comments * Add Rotate Keys CLI Command (#2395) * add cli command and client * add bats tests * fix some info text and pr comments * write a new rotate keys description * Add Missing DEK Foreign Keys (#2408) * add missing fks * mark key as nullable in gorm * update tests to use a new wrapper with a real key_id * fix formatting in test and add keys for auth_token test * replace key values * revert postgres_40_01_test.go * style: reformat sql for readability * refactor: change type of key_id columns to kms_private_id * Store key_id and scope_id with oplog entries, re-type columns referencing data key version (#2431) * fix(db): Correct types of data key version referencers * fix(oplog): Fix missing error handling * feat(oplog): Store key_id and scope_id with oplog entries This migration truncates all existing oplog entries, as migrating existing data would have been complex and likely unnecessary. * Update view references * Always delete oplog entries when dropping keys * Fix rebase issues * Fix sql tests * Add schema for new kms destruction jobs (#2479) * feat: Add schema for new kms destruction jobs The schema lets us manage destruction jobs per-table while providing a guarantee that only one run is running at a time. * Apply suggestions from code review Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Fix table reference and tests Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * update domain, api, and cli to all include key versions in outputs (#2472) * update domain, api, and cli to all include key versions in outputs * fix go sum * add migration to fix immutable error * fix final test issue as well as make gen issue * rebase and fix * address johan pr comments * make gen, didn't realize comments were included * update migrations based on new migration 55 file 03 * Move migrations to 56 * feat: Add key version rewrapping function registry (#2478) The new RegisterTableRewrapFn can be used by a domain to register a callback to use when rewrapping data in a specific table name. * feat(kms): Add scopeId to RewrapFn (#2539) This makes it much easier for rewrap functions to look up the correct wrapper and limit the number of rows searched. * Update Root Cert Proto Definition (#2542) * update root cert proto definition to properly identify public_key as the table primary key * add the test fix as well * Rewrap Functions for Encrypted Tables (#2532) * add oidc rewrap * add argon2 config rewrap * add auth token rewrapping * add worker auth cert rewrapping * check the err * add username password credential rewrapping * add ssh private key credential rewrapping * add vault client certificate rewrap function * add host catalog secret rewrap function * cleanup a little * add host vault token rewrap function * add session credential rewrap function * add session rewrap function * add worker auth rewrap function * update test to include full assert gamut * add session rewrap function TEST * bring all tests up to current standards, make more readable, and include full assert gamut * rework all rewrap functions to utilize scope id * update comments, queries, sql refs, etc, in response to PR comments * forgot a comment * remove hmac updates and fix a couple comments again * Rewrapping Registered Tables Test (#2555) * add the registered table test as well as the two missing rewrap functions * address pr comments, add db r/w conversions, cmp.diff, sql comment, remove (now) faulty immutable test * Add ability to list key version destruction jobs, recurring jobs and destroying key versions (#2498) * feat(kms): Add ability to list data key version destruction jobs * feat(scopes): Add ListKeyVersionDestructionJobs * feat(cli): Add list-key-version-destruction-jobs * feat(kms): Add recurring job that performs table rewrapping The new recurring job runs for each job table with a registered rewrapping callback. It attempts to become the running run and start its rewrapping, gracefully handling sudden interruptions by resuming it's work if it finds evidence of sudden interruption. * feat(kms): Add recurring job for destroying key versions The new job monitors the database for data key version destruction jobs that have finished rewrapping all its data, performing the final data key version revocation. * feat(kms): Add DestroyKeyVersion DestroyKeyVersion immediately destroys a key version if it is a root key version or a data key version which encrypts no data. If the data key version encrypts data which needs to be rewrapped, it queues an asynchronous job to complete the rewrapping operation. * feat(scopes): Add DestroyKeyVersion API endpoint * feat(cli): Add scopes destroy-key-version CLI command * Ensure all secret updates include key ID (#2556) * feat(all): Ensure all secret updates include key ID When updating a secret, it is paramount that the key ID is also updated, as it is the only means we have of ensuring that we only destroy keys once there is no more data associated with the key. * Remove fix to session repository for now This breaks the current private key derivation method * add new encrypt/decrypt funcs and made necessary proto changes (#2557) * add new encrypt/decrypt funcs and made necessary proto changes * address all PR comments * fix test panic * add param checking to rewraps * fix(schema): Correctly organize migrations again * Review comments part 1 * Review comments part 2 * Review comments part 3 * Store cert private key, encrypt tofu token (#2583) * fix(session): store cert private key, encrypt tofu token Previously, we would derive a session certificate private key from the session key used in each project, and not store the key. We would also encrypt the tofu token with the database key but not store a reference to this key in the database. This change fixes this by replacing our key derivation with a key generation step, and instead store the generated key, encrypted, in the database. We also ensure that any new tofu tokens are encrypted with the same key. To handle existing sessions, we lazily rewrite the sessions whenever a user lists them. There is a minor risk that a user could end up destroying the database key that encrypts the tofu token before that session has been rewrapped, but this is going to be rare and temporary. * feat(session): Allow the random source for secrets to be configured * Review comments * Minor fixes * More minor fixes * More small fixes Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * fix(session): Unset session key ID when scope is deleted Unsetting the key ID allows the session to live beyond the lifetime of the scope, while allowing the scope to cascade delete its keys. * fix(migrations): Rewrite migration 56 tests These tests can no longer use the normal test helpers as they try to use the new oplog table structure, so we have to manually write all the interactions. * fix(migrations): Rename migration 58 file name This was the name used in the release branch, update it to the new migration number. * fix(e2e): Add some comments and debug to kms tests * fix(session): Handle empty project and user IDs in read When a project or user is deleted, the session is automatically canceled and the respective field on the session is unset. LookupSession did not handle this case gracefully, and would error on decryption in this state. Skip decrypting sessions that do not have either a user or project to avoid this error. The decrypted values are not used for a canceled session. * Fix worker test * Increase test timeout Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> |
3 years ago | |
|---|---|---|
| .. | ||
| store | Update grpc-gateway dependency (#2311) | 4 years ago |
| account.go | The name. The name. The name! | 6 years ago |
| authtoken.go | Update to go-kms-wrapping version 2, and plugin-based KMS (#1901) | 4 years ago |
| authtoken_test.go | Key Rotation/Destruction (#2477) (#2607) | 3 years ago |
| doc.go | Upgrade to Go 1.19 (#2347) | 4 years ago |
| gorm.go | a small refactor, so we can easily support options when creating new auth tokens. (#920) | 5 years ago |
| gorm_test.go | The name. The name. The name! | 6 years ago |
| immutable_fields_test.go | See how Boundary would look with gofumpt applied (#853) | 5 years ago |
| options.go | Add some common account bits and change over some getOpts -> GetOpts funcs (#2565) (#2566) | 3 years ago |
| options_test.go | Add some common account bits and change over some getOpts -> GetOpts funcs (#2565) (#2566) | 3 years ago |
| repository.go | Rewrite interface{} to any (#2535) | 3 years ago |
| repository_test.go | Update to go-kms-wrapping version 2, and plugin-based KMS (#1901) | 4 years ago |
| rewrapping.go | Key Rotation/Destruction (#2477) (#2607) | 3 years ago |
| rewrapping_test.go | Key Rotation/Destruction (#2477) (#2607) | 3 years ago |
| status.go | Add new OIDC auth method. (#1090) | 5 years ago |
| testing.go | Add some common account bits and change over some getOpts -> GetOpts funcs (#2565) (#2566) | 3 years ago |