torus-cli

Notable Changes

• Support Ubuntu 16.10 (Yakkety Yak) for deb packages.
• Secrets set on the command line are now always treated as strings. Previously,
  We would attempt to convert to ints or floats. Torus doesn't know if
  you want -007 to be a string suffix for your spy identifiers, or the number
  -7; so no longer guess, and use the provided value.
  This change will affect newly set values, but not existing ones.

Fixes

• Ensure keypairs generate does not panic when used against an org that has
  existing keypairs.
• Teach keypairs list to display the real validity state of a key, not just
  always "YES".
• Under NPM/Node.js, run via a passthrough script that will select the right
  binary. This replaces the previous install time symlinking script, which
  was error prone and unusable with sudo installs in some cases.
• Skip over users without encryption keys when storing secrets, instead of
  erroring out, allowing other users to still access the secrets.
• Teach the keypairs worklog item how to handle users that have been
  removed from a keyring (or had their keys revoked), and then subsequently
  re-added: The old secret values still require rotation, but the user can be
  given access to the secrets once again.
• Allow non-admin users to run worklog list, by continuing passed unauthorized
  requests when looking at invites. Only admins can view invites.

Notable Changes

• Add preferences for core.disable_progress and core.disable_hints to
  control levels of output in preparation for guided on-boarding.
• Support vim movement bindings for interactive inputs. This can be enabled
  with torus prefs set core.vim true.
• Support ** in path expressions passed to commands. torus set /org/project/**/port 5000 is equivalent to torus set /org/project/*/*/*/*/port
• torus ls behaviour changed to follow system ls more closely, no longer
  supporting context or command flags (e.g. --org, --project, etc).
• torus worklog list now displays a friendly message if no actions need to be
  taken.
• torus prefs list now displays the default values for preferences if no
  override has been set by the user.
• Added directory styles to get.torus.sh
• Updated validation for torus allow and torus deny to catch when secret name is missing
• torus ls no longer filters out credentials with the same name based on specificity.

Fixes

• Ensure that torus version will always return, even if the upstream server
  is misconfigured.
• Fixed an issue where the wrong version of a credential would be used after a
  user was removed from an org.
• Fixed an issue where the wrong version of a credential would be displayed if
  more than two credentials of the same name existed inside the same keyring.

Docs

• Added documentation for torus worklog resolve

Thanks

• Ben Tranter

Notable Changes

• Added Contributor Guide, CLA and Code of Conduct as a part of our open sourcing effort
• Introducing the ability to create, list, view, and destroy machines to support secret access in automated environments (e.g. continuous integration or production).

Fixes

• Errors encountered during an interactive prompt are no longer hidden, they are surfaced to the user.

Published: 2016-09-08

Notable Changes

• Five commands converted from Node.js to Go (run, view, invites accept, teams create, teams remove`).

Performance Improvements

• Significant performance improvements to the run and view commands (60% reduction in execution time).

Fixes

• Fixed an issue introduced in v0.6.0 that prevented alpha users from accepting invitations.

Published: 2016-09-13

Notable Changes

• The conversion to Go is complete.
• Required external files are now bundled into the Go binary.

No changelog entry

Published: 2016-09-20

Notable Changes

• Command added for viewing policy statements: ag policies view

Fixes

• Corrected the help message for ag invites approve

Published: 2016-09-28

Deprecation:

• All previous versions of ag are deprecated and support will cease as of
  October 24th 2016. Please switch to using torus by that date.

Breaking

• The command line utility has been renamed to torus from ag.
• All .arigatorc and .arigato.json files will need to be renamed to
  .torusrc and .torus.json.
• The arigato root directory has been renamed to ~/.torus from ~/.arigato

Upgrade Instructions

• If you already have ag installed, stop the daemon using ag daemon stop
• Uninstall the ag using npm uninstall -g ag
• Install the new version using npm install -g torus-cli
• Rename .arigato.json and .arigatorc to .torus.json and .torusrc
  respectively

Notable Changes

• All environment variables are now prefixed with TORUS_ instead of AG_
• torus link will now generate a .torus.json file instead of .arigato.json
• torus prefs will now read and write to a global .torusrc file

Fixes

• A secret can no longer be set for a non-existent service, environment, or
  user.

Published: 2016-09-29

Fixes

• Credential names are case insensitive, normalized to lower case. Teach the
  cli to do this before sending credentials to the server.

Published: 2016-10-12

Breaking

• The credential schema revision has changed to make unset credentials
  easier to identify. This change is backwards incompatible; torus clients
  before v0.11.0 will error when trying to read credentials set or unset by
  v0.11.0+ clients.
• An API change to the server breaks compatability with torus clients with
  versions at or above v0.10.0 and before this version (v0.11.0).

Fixes

• Grammar fixes in command output.
• The username displayed in invites list now has its own column.
• Fix a panic in keypairs generate when the supplied org is not found.

Notable Changes

• Defaults for the instance value have been cleaned up. During set and
  unset, instance defaults to * (all instances of a service run by an
  identity). During view, run, and status, it defaults to 1.
• torus now ships with the final production root signing key.

Notable Changes

• Introduce new orgs remove <username> command, to remove a user from an
  org, including their team memberships and secret access.
• Introduce keyring versioning. After a user has been removed from a keyring,
  we increment the keyring version, creating a logical access boundary. New
  secrets are added to the new keyring version, and old secrets can be
  called out as needing to be rotated.
• Introduce the worklog command. worklog discovers and tracks important
  tasks to do within torus. The first type of item it tracks are secrets
  that should be rotated due to users being removed from an organization.

Fixes

• Assorted fixes for help text.
• Fixed a bug with orgs invite send which prevented a user from being invited
  if any teams were specified.
• teams remove no longer panics if a bad team name is supplied.
• policies detach no longer panics if too few arguments are supplied.
• Adding an admin or owner to a team with a deny no longer removes their access.

Notable Changes

• The alpha waitlist has been removed, any user can now signup for their free account. We've introduced the torus verify command allowing users to verify their email addresses if they interrupt the signup flow
• Introduced the torus ls command for navigating through all of the organizations, projects, services, environments, and the secrets you have access too.
• Improved error messages across the product, including input validation.

Fixes

• Fix to torus keypairs generate when used with --all
• Fixed invite approval for orgs with secrets set using an or operation (e.g. ag set -e production -e development secret mysupersecret).
• Fix to prevent display of credentials which had been unset.

Notable Changes

• License changed to BSD 3-Clause
• Repository open-sourced, updated README

Notable Changes

• Introduced --user, -u and --machine, -m flags to torus set, torus unset, torus view, torus run, and torus ls for specifying machine or
  user identity
• Introduce machines roles list and machines roles create commands for
  viewing and creating machine roles.
• Machine teams no longer appear under teams list nor can you view machine
  teams through teams members.
• The machines command now appears under the ORGANIZATIONS category when
  listing commands with torus help.
• Introduce more release formats: npm, binary/zip, rpm/yum, & homebrew
• Provide more detailed error messages.

Fixes

• Listing teams no longer results in a panic when an unknown org is specified.
• torus status properly displays the identity segment for a machine in the credential path.
• Various typo fixes.

Notable Changes

• Introduced --format, -f to torus view for specifying the format of out the output (env, json, verbose).
• Updated the --verbose, -v option for torus view to be a shortcut to --format verbose.
• Include a systemd service unit with the rpm packaging, to run the torus daemon in a system wide machine mode. When the unit is running, users in the torus group can access it. To run the unit, both TORUS_TOKEN_ID and TORUS_TOKEN_SECRE must be set in /etc/torus/token.environment.
• Introduced torus profile update for changing the current users name, email, or password.
• Introduced torus profile view for displaying current identity, removing such information from torus status
• Began publishing deb, rpm, brew, and binary releases at get.torus.sh increasing the number of ways you can download and install torus.

Published: 2016-09-07

Notable Changes

• Support for specifying org, project, user, and instance flags using AG_ORG, AG_PROJECT, AG_USER, and AG_INSTANCE environment variables.
• Improved output for listing subcommand help (e.g. ag help orgs)
• UI improvements for all list commands converted to Go
• All prompts now provide inline feedback on input validity
• When creating a service, environment, or project you can now create a parent object in one flow (e.g. while creating a new service you can also create a new org and project).
• Significant performance improvement for all commands converted from Node to Go.

We've converted 29 of 41 total commands from Node.js to Go since our last release (v0.5.0). The 12 remaining commands are listed below.

• ag view
• ag run
• ag allow
• ag deny
• ag invites accept
• ag policies detach
• ag set
• ag teams add
• ag teams create
• ag teams remove
• ag unset
• ag verify

Published: 2016-08-29

This release marks the first stage of our conversion to go. As such, many changes are structural, and not visible (but they're all still great!)

Breaking Changes

• Subcommand structure has changed:
  • Subcommands were previously delimited with a colon (ie ag envs:create). They are now delimited with a space (ie ag envs create).
  • Top-level commands containing subcommands are now list subcommands of the top-level command. For example, the old ag orgs is now ag orgs list.
  • For more details of the new command structure, please see ag help to view all top level commands, ag <command> --help to view the subcommands within a top-level command, and ag <command> <subcommand> --help to see the help for an individual subcommand.

Notable Changes

• ag run reads environment and service from environment variables (AG_ENVIRONMENT and AG_SERVICE).
• New command: ag daemon can display the session daemon's status, and start or stop it.
• ag login provides validation feedback while entering email and password.

Performance Improvements

• Help output is noticeably faster.
• Server-side performance improvements will speed up most commands.

Published: 2016-08-22

Breaking

• Generating policies via. allow/deny will require >= v0.4.0.

Notable

• Added feedback messages when generating a keypair or encrypting a secret.
• Added the ability to view members of a team and to remove them using ag teams:members and ag teams:remove.

Fixes

• If the CLI cancels mid-operation the daemon now cancels its on-going crypto operations.
• The CLI no longer checks the file permissions of the .arigato.json file

Published: 2016-08-17

Notable Changes

• ag run now accepts an email and password variables (e.g. AG_EMAIL=[email protected] AG_PASSWORD=my_password). This allows you to automate the login process!
• Listing services via. ag services or ag environments now takes your context into consideration. To list all projects or environments just use -a, --all.

Fixes

• The daemon is now compiled using go 1.7 fixing crashes on MacOS X Sierra.
• ag run did not start the process or pass parameters to the child properly, this has been fixed.

No changelog entry