v0.2.1

Added

• Enabled policy-based access control.
• The root key that SPIKE Nexus generates is now split into several Shamir
  shards and distribute to SPIKE Keepers.
• New additions and improvements to SPIKE Go SDK.
• Various minor bugfixes.
• Code cleanup.
• Implemented several recovery scenarios.
• SPIKE now has static analysis, CI integration, linting, and automated tests.
• Documentation updates. Documentation is still lagging behind, but we are
  updating and improving it along the way.
• Created a makefile to group related scripts into make targets.
• Made the start script more robust.
• Ensured that the policies and the demo app work as expected.
• Implemented a Secret Metadata API.
• Implemented exponential retries across several API-consuming methods.

Changed

• BREAKING: changed the CLI usage. Instead of spike get, for example, we
  now use spike secret get. The reason for this change is that we introduced
  a policy command (i.e. spike policy get).

Security

• Fixed CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause
  authorization bypass in golang.org/x/crypto
• Fixed CVE-2024-45338: Non-linear parsing of case-insensitive content in
  golang.org/x/net/htm

---

Below are the generated release notes of every commit since the last release cut:

What's Changed

• Introuducing policies by @v0lkan in #50
• ability to enforce policies by @v0lkan in #52
• demo app to show policies by @v0lkan in #53
• working demo by @v0lkan in #54
• Feat/17-retry mechanism by @gurkanguray in #49
• Using the new SPIKE Go SDK by @v0lkan in #55
• Fix build errors in main by @v0lkan in #56
• Fix SPIFFE link by @sadikkuzu in #57
• Spike 46 by @sahinakyol in #51
• update sdk usage by @v0lkan in #58
• add makefiles and minor refactoring by @v0lkan in #59
• Add input parameter sanitization by @v0lkan in #60
• Implemented some pending internal TODO items by @v0lkan in #61
• Implement Backing Store Caching for Policies by @v0lkan in #62
• Shamir Secrets Sharing for the Root Key by @v0lkan in #63
• Added a production setup guide by @v0lkan in #75
• Add basic lint, build and unit-test CI by @strideynet in #73
• feat: add test for list, put and undelete under pkg/store by @yasinterol in #66
• Adding unit tests for internal/auth and app/keeper/env packages by @abhishek44sharma in #65
• Add GolangCI Lint by @strideynet in #77
• WIP: Invert Keeper Flow by @v0lkan in #78
• Nexus Recovery by @v0lkan in #82
• Bump golang.org/x/crypto from 0.26.0 to 0.31.0 by @dependabot in #84
• Bump golang.org/x/net from 0.28.0 to 0.33.0 by @dependabot in #85
• Mostly code cleanup by @v0lkan in #86
• using new sdk by @v0lkan in #87
• v0.2.1 by @v0lkan in #88

New Contributors

• @gurkanguray made their first contribution in #49
• @sadikkuzu made their first contribution in #57
• @strideynet made their first contribution in #73
• @yasinterol made their first contribution in #66
• @abhishek44sharma made their first contribution in #65

Full Changelog: v0.2.0...v0.2.1

v0.2.0

Added

• Added configuration options for SPIKE Nexus and SPIKE Keeper.
• Documentation updates.
• Max secret versions is now configurable.
• Introduced standard and configurable logging.
• Added sqlite3 as a backing store.
• Enabled cross-compilation and SHA checksums.
• Enhanced audit trails and error logging.
• Created initial smoke/integration tests.
• Stability improvements.

Changed

• Removed password authentication for admin users. Admin users' SVIDs
  are good enough to authenticate them.
• Implemented passwordless admin login flow
  (the neat thing about passwords is: you don't need them).

---

Below are the generated release notes of every commit since the last release cut:

What's Changed

• configure ticker interval by @v0lkan in #1
• introduce structured logging by @v0lkan in #2
• ADR-0013: S3-Compatible Storage as SPIKE's Backing Store by @v0lkan in #3
• added a footer by @v0lkan in #4
• Documentation update. by @v0lkan in #5
• We first try saving admin token to nexus by @v0lkan in #6
• Add SQLite Backend by @v0lkan in #7
• Add in-memory backing store option by @v0lkan in #8
• issue reorganization by @v0lkan in #9
• add db ERD to docs. by @v0lkan in #24
• New Admin Authentication Flow by @v0lkan in #25
• JWT auth: missing code from partially-merged branch by @v0lkan in #26
• Added video presentations to the website by @v0lkan in #27
• Fixes and improvements to the current login flow by @v0lkan in #28
• Update route handling code by @v0lkan in #29
• Enhancements to audit trails by @v0lkan in #30
• various improvements by @v0lkan in #31
• Code organization by @v0lkan in #32
• WIP for the demo application by @v0lkan in #39
• add additional persistence operations by @v0lkan in #40
• Sahinakyol spike 18 by @v0lkan in #41
• refactor(app): spike-18 Should return an error store.Get, store.Delete by @sahinakyol in #38
• move kv store to pkg by @v0lkan in #43
• Passwordless Login by @v0lkan in #44
• release v0.2.0 by @v0lkan in #48

New Contributors

• @v0lkan made their first contribution in #1
• @sahinakyol made their first contribution in #38

Full Changelog: v0.1.0...v0.2.0

v0.1.0

Added

• Implemented put, read, delete, undelete, and list functionalities.
• Created initial documentation, README, and related files.
• Compiled binaries targeting various platforms (x86, arm64, darwin, linux).
• SPIKE is demoable, however we need to update certain login and initialization
  flows.
• In memory secrets storage only (using database as a backing store is coming up
  next)
• Created a jira.txt to track things (to avoid polluting GitHub issues
  unnecessarily)
• This is an amazing start; more will come. Turtle power 🐢⚡️.

Full Changelog: https://github.com/spiffe/spike/commits/v0.1.0