DevOps Secrets Safe deployment is only supported using Helm 3.
DevOps Secrets Safe is currently supported on Kubernetes up to version 1.17.
DevOps Secrets Safe CLI (ssrun) is supported on any standard Unix / Linux environment that has python 3.5 or higher and pip3 installed.
The MD5 signature is: 29cc8e76988ee91c2d2f1aead04ee88d.
The SHA-1 signature is: caa2da545aa6f677fb1a8f8f85d001f2bd5446e5.
Updates:
Create users for Kubernetes ServiceAccounts
The DSS user creation endpoint now allows specification of a Kubernetes ServiceAccount name for user creation.
Kubernetes integration image name
Image name used for secret retrieval is now "beyondtrust/secrets-agent".
Kubernetes Integration retrieves all secrets under a scope
The secrets-agent Kubernetes integration container can be used to retrieve all secrets under a target scope and unpack the contents of those secrets into a directory.
Configure Kubernetes identity provider without input file
The Kubernetes Identity Provider for DSS, when targeting the cluster that DSS is running on, can be configured without any input file from the CLI, using ssrun identity create -n kubernetes.
Changes:
Kubernetes integration image name
Image name used for secret retrieval is now "beyondtrust/secrets-agent".
Kubernetes integration cluster RBAC
Pre-creation of DSS principals for Kubernetes ServiceAccounts requires additional permissions for DSS on the target Kubernetes cluster. These permissions are documented in the Kubernetes integration guide.
Refresh tokens in request body
DSS refresh tokens for authentication are transmitted in the request body rather than as query parameters.