DevOps Secrets Safe 20.3.1 Release Notes

September 3, 2020

Requirements:

  • DevOps Secrets Safe deployment is only supported using Helm 3.
  • DevOps Secrets Safe is currently supported on Kubernetes up to version 1.17.
  • DevOps Secrets Safe CLI (ssrun) is supported on any standard Unix / Linux environment that has python 3.5 or higher and pip3 installed.
  • The MD5 signature is: 29cc8e76988ee91c2d2f1aead04ee88d.
  • The SHA-1 signature is: caa2da545aa6f677fb1a8f8f85d001f2bd5446e5.

Updates:

  • Create users for Kubernetes ServiceAccounts
    • The DSS user creation endpoint now allows specification of a Kubernetes ServiceAccount name for user creation.
  • Kubernetes integration image name
    • Image name used for secret retrieval is now "beyondtrust/secrets-agent".
  • Kubernetes Integration retrieves all secrets under a scope
    • The secrets-agent Kubernetes integration container can be used to retrieve all secrets under a target scope and unpack the contents of those secrets into a directory.
  • Configure Kubernetes identity provider without input file
    • The Kubernetes Identity Provider for DSS, when targeting the cluster that DSS is running on, can be configured without any input file from the CLI, using ssrun identity create -n kubernetes.

Changes:

  • Kubernetes integration image name
    • Image name used for secret retrieval is now "beyondtrust/secrets-agent".
  • Kubernetes integration cluster RBAC
    • Pre-creation of DSS principals for Kubernetes ServiceAccounts requires additional permissions for DSS on the target Kubernetes cluster. These permissions are documented in the Kubernetes integration guide.
  • Refresh tokens in request body
    • DSS refresh tokens for authentication are transmitted in the request body rather than as query parameters.