DevOps Secrets Safe 20.3.1 Release Notes

September 3, 2020

Requirements:

• DevOps Secrets Safe deployment is only supported using Helm 3.
• DevOps Secrets Safe is currently supported on Kubernetes up to version 1.17.
• DevOps Secrets Safe CLI (ssrun) is supported on any standard Unix / Linux environment that has python 3.5 or higher and pip3 installed.
• The MD5 signature is: 29cc8e76988ee91c2d2f1aead04ee88d.
• The SHA-1 signature is: caa2da545aa6f677fb1a8f8f85d001f2bd5446e5.

Updates:

• Create users for Kubernetes ServiceAccounts
  • The DSS user creation endpoint now allows specification of a Kubernetes ServiceAccount name for user creation.
• Kubernetes integration image name
  • Image name used for secret retrieval is now "beyondtrust/secrets-agent".
• Kubernetes Integration retrieves all secrets under a scope
  • The secrets-agent Kubernetes integration container can be used to retrieve all secrets under a target scope and unpack the contents of those secrets into a directory.
• Configure Kubernetes identity provider without input file
  • The Kubernetes Identity Provider for DSS, when targeting the cluster that DSS is running on, can be configured without any input file from the CLI, using ssrun identity create -n kubernetes.

Changes:

• Kubernetes integration image name
  • Image name used for secret retrieval is now "beyondtrust/secrets-agent".
• Kubernetes integration cluster RBAC
  • Pre-creation of DSS principals for Kubernetes ServiceAccounts requires additional permissions for DSS on the target Kubernetes cluster. These permissions are documented in the Kubernetes integration guide.
• Refresh tokens in request body
  • DSS refresh tokens for authentication are transmitted in the request body rather than as query parameters.