Adjust readme and changelog for version 0.5.0

CHANGELOG.md

@@ -1,34 +1,61 @@
+# v0.5.0 (`2024-11-25`)
+
+- Add `gpg` sub command
+    - `sign` signs data using a GPG private key stored in a Psono secret
+    - `verify` verifies signatures using a GPG public key stored in a Psono secret
+- Add `ssh` sub command (Unix only)
+    - `add` adds SSH keys from Psono secrets to the SSH agent with optional lifetime and confirmation constraints
+- Add Elster certificate secret type support
+- Add aarch64-apple-darwin target to releases
+- Update Rust toolchain to `1.82.0`
+- Use native TLS implementation for musl builds
+- Various dependency updates and CI/CD improvements
+- Fix missing API setters and JSON get functionality
+
+# v0.4.0 (`2023-08-11`)
+
+- Add `totp` sub command
+    - `validate-token` checks if a token is currently valid for a TOTP Secret
+    - `get-token` gets the current token for a TOTP secret
+    - `get-url` gets the otpauth url for a TOTP secret
+- Add credit card, totp and ssh key secret types
+- Reenable `armv7-unknown-linux-musleabihf` target
+- Update dependencies
+
 # v0.3.0 (`2022-01-01`)
 
--   Add `env-vars` sub command, which provides convenience commands for environment variable secrets
+- Add `env-vars` sub command, which provides convenience commands for environment variable secrets
 
-    -   `get-or-create` returns or creates a specific environment variable by name (key).
+    - `get-or-create` returns or creates a specific environment variable by name (key).
 
-        If the environment variable does not exist it creates a new entry add the end of the environment variables list and inserts a random env var value. The length and the charset can be adjusted (`--password-length` and `--danger-password-allowed-chars`). By default created environment values are alphanumeric (`[a-zA-Z0-9]`) and have a length of `21` chars.
+      If the environment variable does not exist it creates a new entry add the end of the environment variables list
+      and inserts a random env var value. The length and the charset can be adjusted (`--password-length` and
+      `--danger-password-allowed-chars`). By default created environment values are alphanumeric (`[a-zA-Z0-9]`) and
+      have a length of `21` chars.
 
-    -   `update-or-create` updates or creates a specific environment variable by name (key) with the supplied value.
+    - `update-or-create` updates or creates a specific environment variable by name (key) with the supplied value.
 
 # v0.2.3 (`2021-12-27`)
 
--   Fix: Docker `cross` build for `aarch64-unknown-linux-musl` and `armv7-unknown-linux-gnueabihf`
+- Fix: Docker `cross` build for `aarch64-unknown-linux-musl` and `armv7-unknown-linux-gnueabihf`
 
 # v0.2.2 (`2021-05-05`)
 
--   Fix: fix api endpoint url creation with `server-url` (also now ignores trailing slashes)
+- Fix: fix api endpoint url creation with `server-url` (also now ignores trailing slashes)
 
 # v0.2.1 (`2021-04-15`)
 
--   `api-key` show now contains `api_key_secrets_meta_data`, which for now contain the write_date of a secret.
--   Fix: Add missing help texts
+- `api-key` show now contains `api_key_secrets_meta_data`, which for now contain the write_date of a secret.
+- Fix: Add missing help texts
 
 # v0.2.0 (`2021-04-15`)
 
--   Add support to write secrets
--   Add `config` support
--   Add `run` commands to spawn programs with environment variables from your secrets
--   Add `api-keys` command to query all secrets which are associated with the api key
--   Update dependencies
+- Add support to write secrets
+- Add `config` support
+- Add `run` commands to spawn programs with environment variables from your secrets
+- Add `api-keys` command to query all secrets which are associated with the api key
+- Update dependencies
 
 # v0.1.0 (`2020-06-17`)
 
--   Initial release with supports to get secrets
+- Initial release with supports to get secrets

README.md

@@ -11,7 +11,7 @@ PSONO is a secure Open Source Password Manager, which can be self hosted by anyo
 `psonoci --help`
 
 ```
-psonoci 0.4.0
+psonoci 0.5.0
 Bernd Kaiser
 Psono CI Client (https://github.com/meldron/psonoci)
 
@@ -57,10 +57,12 @@ SUBCOMMANDS:
     api-key     Psono api-key inspect (/api-key-access/inspect/)
     config      Config commands (create, save, pack,...)
     env-vars    Convenience commands on environment variable secrets
+    gpg         GPG commands
     help        Prints this message or the help of the given subcommand(s)
     license     Prints psonoci's license
     run         Spawns processes with environment vars from the api-keys secrets
     secret      Psono secret commands (/api-key-access/secret/)
+    ssh         SSH commands
     totp        TOTP commands
 ```
 
@@ -76,6 +78,55 @@ These three options must be supplied (and be in front of the subcommand):
 
 There are several more options, please use the `help` commands for more info.
 
+## SSH
+
+Since version `0.5` `psonoci` supports Psono's SSH sub command, which allows you to add SSH keys stored in your Psono vault to your SSH agent.
+
+This feature is currently **not** available on Windows.
+
+The SSH subcommand provides the following operation:
+
+### `add`
+
+`psonoci ssh add secret-id [OPTIONS]`: adds an SSH key from a Psono secret to your SSH agent.
+
+Options:
+- `--ssh-auth-sock-path <PATH>`: Path of the SSH_AUTH_SOCK (overwrites $SSH_AUTH_SOCK environment variable)
+- `--key-passphrase <PASSPHRASE>`: Optional passphrase which was used to encrypt the key
+- `--key-lifetime <SECONDS>`: Limit the key's lifetime by deleting it after the specified duration in seconds
+- `--key-confirmation`: Require explicit user confirmation for each private key operation using the key
+
+The secret must be of type SSH Key and contain a private key. On Unix systems, if `--ssh-auth-sock-path` is not provided, the command will use the `SSH_AUTH_SOCK` environment variable. 
+
+## GPG
+
+Since version `0.5` `psonoci` supports Psono's GPG secret type, allowing you to securely manage GPG keys stored in your Psono vault for signing and verification operations.
+
+The GPG subcommand provides two main operations:
+
+### `sign`
+
+`psonoci gpg sign secret-id [OPTIONS] [INPUT_FILE]`: signs data using the GPG private key stored in the specified secret. 
+
+Options:
+- `--input-file <PATH>`: File to sign (if not provided, reads from stdin)
+- `--output <PATH>`: Write signature to file (if not provided, writes to stdout)
+- `--armor`: Output ASCII armored signature instead of binary
+
+The secret must be of type GPG Key and contain a private key.
+
+### `verify`
+
+`psonoci gpg verify secret-id --signature <SIGNATURE_FILE> [OPTIONS] [INPUT_FILE]`: verifies a signature using the GPG public key stored in the specified secret.
+
+Options:
+- `--input-file <PATH>`: File to verify (if not provided, reads from stdin)
+- `--signature <PATH>`, `-s <PATH>`: Path to the signature file (required)
+- `--quiet`, `-q`: Do not print verification error
+- `--verbose`, `-v`: Print success message with signature details
+
+Returns with exit code `0` if the signature is valid, otherwise displays an error and returns with exit code `1`. When using `--verbose`, displays information about when the signature was created and by whom.
+
 ## TOTP
 
 Since version `0.4` `psonoci` supports Psono's [Time-based one-time password (TOTP)](https://en.wikipedia.org/wiki/Time-based_one-time_password) secret type.