Secrets.env

✨ Enhancements

* Suppress error messages during the internal trial run of the Teleport provider to prevent user confusion.

🧪 Experimental Features

* Add experimental support for Kubectl Provider.
* Add experimental support for 1Password CLI provider.

**Full Changelog**: https://github.com/tzing/secrets.env/compare/v1.0.3...v1.0.4

✨ Enhancements

* Add type check on Vault’s auth field.
The field was lazy evaluated and we could not tell the trivial mistakes in the configuration file.

* Improve the error message for [Vault KV Provider](http://localhost:8000/provider/vault.html) to display the permission denied error.

* Add internal helper module secrets_env.realms.subprocess to handle subprocess interactions.

🚧 Changes

* Refactor internal HTTP server implementation (secrets_env.realms.server). No behavior change.

✨ Enhancements

* Prevent saving Vault token to token helper for root user.

* Use the provider type name as default instance name.

yaml
sources:
This source will be named as `plain`
- type: plain

secrets:
- name: DEMO
source: plain
value: Hello, world!


* Set the provider as default when only one is installed.

This simplifies the configuration file when only one provider is installed:

yaml
sources:
- name: ExampleSource
type: plain

secrets:
This secret will be fetched from `ExampleSource`
- name: DEMO
value: Hello, world!


📄 Docs

* Move the changelog to Sphinx documentation



**Full Changelog**: https://github.com/tzing/secrets.env/compare/v1.0.1...v1.0.2

🚨 Breaking changes

* Command group `keyring` is merged into `set password`

✨ Enhancements

* Introduce `show` command to parses and displays the configuration file's contents without executing any commands.

This command helps users understand how secrets.env interprets the configuration file and identifies critical errors.

* Set environment variable `SECRETS_ENV_ACTIVE` and use it to prevent recursive execution of secrets.env.

* Add command `shell` that spawns a shell with the environment variables loaded by secrets.env.

Users can interact with the shell and use the environment variables.

* Add command `set` to store username and password in user space.

* Add support for Kubernetes auth method in Vault provider.

The Kubernetes auth method allows users to authenticate with Vault using a Kubernetes service account token.

🚧 Internal changes

* Use [shellingham](https://github.com/sarugaku/shellingham) to detect the shell type.
* Refactor `console` module.

**Full Changelog**: https://github.com/tzing/secrets.env/compare/v0.29.1...v1.0.0

✨ Enhancements

* Vault provider now integrates with Vault's [token helper]

[token helper]: https://www.vaultproject.io/docs/commands/token-helper

* Shifted some alerts to the [warnings] module to minimize the warning notifications displayed to the user.

[warnings]: https://docs.python.org/3/library/warnings.html

**Full Changelog**: https://github.com/tzing/secrets.env/compare/v0.29.0...v0.29.1

🚨 Breaking changes

* Vault userpass auth adapter got renamed from `basic` to `userpass`.

This change is to align the naming with the Vault's auth method.

* Vault token auth adapter no longer reads token from keyring.

Vault only provide short-lived tokens, so it is not practical to store them in keyring.

✨ Enhancements

* The secrets section in the config file now supports list as well as dictionary.

yaml
secrets:
- name: secret1
source: vault
path: secret/sample
field: token
- name: secret2
source: plaintext
value: example


* Deprecate the `teleport+vault` keyword

This keyword was used to configure the Teleport-integrated Vault secret provider.
It is now covered by `vault`.

* Command `keyring set` now accepts password from stdin

🚧 Internal changes

* Revise the documentation to ensure consistency across different providers.
* Refactor the configuration parser. Internally switch from using `dict` to [Pydantic](https://docs.pydantic.dev/latest/) models.
* Refactor layout of the adapter classes to make the code more extensible.