From 260e9441f4286a48518a19a7612dfa8aba15d5e4 Mon Sep 17 00:00:00 2001 From: Bernd Kaiser Date: Sun, 24 Nov 2024 12:16:20 +0100 Subject: [PATCH] Adjust readme and changelog for version 0.5.0 --- CHANGELOG.md | 55 +++++++++++++++++++++++++++++++++++++++------------- README.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 93 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66fa780..fa0acbe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,34 +1,61 @@ +# v0.5.0 (`2024-11-25`) + +- Add `gpg` sub command + - `sign` signs data using a GPG private key stored in a Psono secret + - `verify` verifies signatures using a GPG public key stored in a Psono secret +- Add `ssh` sub command (Unix only) + - `add` adds SSH keys from Psono secrets to the SSH agent with optional lifetime and confirmation constraints +- Add Elster certificate secret type support +- Add aarch64-apple-darwin target to releases +- Update Rust toolchain to `1.82.0` +- Use native TLS implementation for musl builds +- Various dependency updates and CI/CD improvements +- Fix missing API setters and JSON get functionality + +# v0.4.0 (`2023-08-11`) + +- Add `totp` sub command + - `validate-token` checks if a token is currently valid for a TOTP Secret + - `get-token` gets the current token for a TOTP secret + - `get-url` gets the otpauth url for a TOTP secret +- Add credit card, totp and ssh key secret types +- Reenable `armv7-unknown-linux-musleabihf` target +- Update dependencies + # v0.3.0 (`2022-01-01`) -- Add `env-vars` sub command, which provides convenience commands for environment variable secrets +- Add `env-vars` sub command, which provides convenience commands for environment variable secrets - - `get-or-create` returns or creates a specific environment variable by name (key). + - `get-or-create` returns or creates a specific environment variable by name (key). - If the environment variable does not exist it creates a new entry add the end of the environment variables list and inserts a random env var value. The length and the charset can be adjusted (`--password-length` and `--danger-password-allowed-chars`). By default created environment values are alphanumeric (`[a-zA-Z0-9]`) and have a length of `21` chars. + If the environment variable does not exist it creates a new entry add the end of the environment variables list + and inserts a random env var value. The length and the charset can be adjusted (`--password-length` and + `--danger-password-allowed-chars`). By default created environment values are alphanumeric (`[a-zA-Z0-9]`) and + have a length of `21` chars. - - `update-or-create` updates or creates a specific environment variable by name (key) with the supplied value. + - `update-or-create` updates or creates a specific environment variable by name (key) with the supplied value. # v0.2.3 (`2021-12-27`) -- Fix: Docker `cross` build for `aarch64-unknown-linux-musl` and `armv7-unknown-linux-gnueabihf` +- Fix: Docker `cross` build for `aarch64-unknown-linux-musl` and `armv7-unknown-linux-gnueabihf` # v0.2.2 (`2021-05-05`) -- Fix: fix api endpoint url creation with `server-url` (also now ignores trailing slashes) +- Fix: fix api endpoint url creation with `server-url` (also now ignores trailing slashes) # v0.2.1 (`2021-04-15`) -- `api-key` show now contains `api_key_secrets_meta_data`, which for now contain the write_date of a secret. -- Fix: Add missing help texts +- `api-key` show now contains `api_key_secrets_meta_data`, which for now contain the write_date of a secret. +- Fix: Add missing help texts # v0.2.0 (`2021-04-15`) -- Add support to write secrets -- Add `config` support -- Add `run` commands to spawn programs with environment variables from your secrets -- Add `api-keys` command to query all secrets which are associated with the api key -- Update dependencies +- Add support to write secrets +- Add `config` support +- Add `run` commands to spawn programs with environment variables from your secrets +- Add `api-keys` command to query all secrets which are associated with the api key +- Update dependencies # v0.1.0 (`2020-06-17`) -- Initial release with supports to get secrets +- Initial release with supports to get secrets diff --git a/README.md b/README.md index c676896..1942f7a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ PSONO is a secure Open Source Password Manager, which can be self hosted by anyo `psonoci --help` ``` -psonoci 0.4.0 +psonoci 0.5.0 Bernd Kaiser Psono CI Client (https://github.com/meldron/psonoci) @@ -57,10 +57,12 @@ SUBCOMMANDS: api-key Psono api-key inspect (/api-key-access/inspect/) config Config commands (create, save, pack,...) env-vars Convenience commands on environment variable secrets + gpg GPG commands help Prints this message or the help of the given subcommand(s) license Prints psonoci's license run Spawns processes with environment vars from the api-keys secrets secret Psono secret commands (/api-key-access/secret/) + ssh SSH commands totp TOTP commands ``` @@ -76,6 +78,55 @@ These three options must be supplied (and be in front of the subcommand): There are several more options, please use the `help` commands for more info. +## SSH + +Since version `0.5` `psonoci` supports Psono's SSH sub command, which allows you to add SSH keys stored in your Psono vault to your SSH agent. + +This feature is currently **not** available on Windows. + +The SSH subcommand provides the following operation: + +### `add` + +`psonoci ssh add secret-id [OPTIONS]`: adds an SSH key from a Psono secret to your SSH agent. + +Options: +- `--ssh-auth-sock-path `: Path of the SSH_AUTH_SOCK (overwrites $SSH_AUTH_SOCK environment variable) +- `--key-passphrase `: Optional passphrase which was used to encrypt the key +- `--key-lifetime `: Limit the key's lifetime by deleting it after the specified duration in seconds +- `--key-confirmation`: Require explicit user confirmation for each private key operation using the key + +The secret must be of type SSH Key and contain a private key. On Unix systems, if `--ssh-auth-sock-path` is not provided, the command will use the `SSH_AUTH_SOCK` environment variable. + +## GPG + +Since version `0.5` `psonoci` supports Psono's GPG secret type, allowing you to securely manage GPG keys stored in your Psono vault for signing and verification operations. + +The GPG subcommand provides two main operations: + +### `sign` + +`psonoci gpg sign secret-id [OPTIONS] [INPUT_FILE]`: signs data using the GPG private key stored in the specified secret. + +Options: +- `--input-file `: File to sign (if not provided, reads from stdin) +- `--output `: Write signature to file (if not provided, writes to stdout) +- `--armor`: Output ASCII armored signature instead of binary + +The secret must be of type GPG Key and contain a private key. + +### `verify` + +`psonoci gpg verify secret-id --signature [OPTIONS] [INPUT_FILE]`: verifies a signature using the GPG public key stored in the specified secret. + +Options: +- `--input-file `: File to verify (if not provided, reads from stdin) +- `--signature `, `-s `: Path to the signature file (required) +- `--quiet`, `-q`: Do not print verification error +- `--verbose`, `-v`: Print success message with signature details + +Returns with exit code `0` if the signature is valid, otherwise displays an error and returns with exit code `1`. When using `--verbose`, displays information about when the signature was created and by whom. + ## TOTP Since version `0.4` `psonoci` supports Psono's [Time-based one-time password (TOTP)](https://en.wikipedia.org/wiki/Time-based_one-time_password) secret type.