releases.shpreview
HashiCorp/Boundary/v0.11.0

v0.11.0

September 27, 2022BoundaryView original ↗
$npx -y @buildinternet/releases show rel_C8Lri_ba8A3kyIZCNH9w0

0.11.0 (2022/09/27)

Known Issues

  • PKI workers in past versions did not store a prior encryption key, and a bug prior to 0.11.0 meant that auth rotations could happen more frequently than expected. This could cause some race issues around rotation time. However, there was another issue where a past worker authentication record could be looked up for some operations instead of the current one, made more likely by the too-frequent rotations. In 0.11.0 we attempt to ensure that the record that remains on upgrade is the most current one, but it is possible that the wrong one is chosen, leading to a failure for the worker to authenticate or for some operations to consistently fail. In this case, the worker will need to be deleted and re-authorized. We apologize for any issues this causes and this should be remedied going forward.

Bug Fixes

  • Fix bug preventing delete of org. (PR
  • scopes: Organizations could be prevented from being deleted if some resources remained (PR)
  • workers: Authentication rotation could occur prior to the expected time (PR)
  • workers: When looking up worker authentication records, an old record could be returned instead of the new one, leading to errors for encryption or decryption operations (PR)

New and Improved

  • vault: (HCP Boundary only): Private Vault clusters can be used with HCP Boundary by using PKI workers deployed in the same network as a private cluster. Tags are used to control which PKI workers can manage private Vault requests by specifying a worker_filter attribute when configuring a Vault credential store.
  • credentials: There is now a json credential type supported by static credential stores that allows submitting a generic JSON object to Boundary for use with credential brokering workflows (PR)
  • ui: Add support for worker management (PR)
  • ui: Add support for PKI worker registration (PR)
  • ui: Add support for Static Credential Stores (PR)
  • ui: Add support for Username & Password Credentials (PR)
  • ui: Add support for Username & Key Pair Credentials (PR)
  • ui (HCP Boundary only): SSH Target creation along with injected application credential support (PR)
  • ui (HCP Boundary only): Update vault credential stores to support private vault access (PR)
  • ui: Improve quick setup wizard onboarding guide resource names (PR)
  • ui: Updates to host catalog and host set forms and “Learn More” links (PR)
  • workers: Added the ability to read and reinitialize the Worker certificate authority (PR1, PR2)
  • workers: Return the worker Boundary binary version on worker list and read (PR)
  • workers: Addition of worker graceful shutdown, triggered by an initial SIGINT or SIGTERM (PR)
  • workers: Retain one previous encryption/decryption key after authentication rotation (PR)

Deprecations/Changes

  • In 0.5.0, the add-host-sets, remove-host-sets, and set-host-sets actions on targets were deprecated in favor of add-host-sources, remove-host-sources, and set-host-sources. Originally these actions and API calls were to be removed in 0.6, but this was delayed to give extra time for clients to switch over. This has now been fully switched over. A database migration will modify any grants in roles to have the new actions. This same changeover has been made for add-/remove-/set-credential-libraries to add-/remove-/set-credential-sources, although those actions would only be in grant strings in very rare circumstances as the -sources actions replaced the -libraries actions very quickly. (PR)

Fetched April 8, 2026