vault-gpg-plugin

• Signatures can be published to a Rekor transparency log (#117, #119)

It is now possible to upload the signatures made via the endpoint gpg/:name/sign to a Rekor instance.

You can choose to upload information into the transparency when your create a new key, you only need to choose a value for the parameter transparency_log_address (e.g. the public instance https://rekor.sigstore.dev/). For existing keys you can update the parameter transparency_log_address with the new configuration update endpoint.

You can find more details about Rekor in the Rekor's documentation.

• Built with Go 1.17
• Builds are deterministic
• github.com/ProtonMail/go-crypto/openpgp instead of the now deprecated golang.org/x/crypto/openpgp

• The endpoint POST /gpg/keys/:name now prevents overwriting existing keys – thanks @trishankatdatadog (#51)
• Split HTTP API into separate doc – thanks @trishankatdatadog (#50)

• Prebuilt binaries work with Alpine amd64 (#28)
• Built with Go 1.14

• Tested and built against HashiCorp Vault 1.2.2
• Built with Go 1.13

Tested and built against HashiCorp Vault 1.0.0

• Tested and built against HashiCorp Vault 0.11.1
• Built with Go 1.11

• New API endpoint show-session-key to decrypt the session key of one message. This can be useful to decrypt large message without having to transmit the whole message to Vault.

• Tested and built against HashiCorp Vault 0.9.4
• Built with Go 1.10
• [BUG_FIX] key_bits parameter to create a key can now be given as a int as expected

• Tested and built against HashiCorp Vault 0.9.3
• Fix the inline documentation about key_bits usage
• Add seal wrapping support (HashiCorp Vault Enterprise feature)

• Plugin is usable when TLS is enabled
• Tested and built against Hashicorp Vault 0.9.0

• Tested and built against Hashicorp Vault 0.8.3
• Built with Go 1.9

First release of the plugin 🎉