releases.shpreview
HashiCorp/Boundary/v0.9.0

v0.9.0

June 20, 2022BoundaryView original ↗
$npx -y @buildinternet/releases show rel_UdXb1gdq-Q0ESRhyrVBhR

0.9.0 (2022/06/20)

New and Improved

  • PKI Workers: This release introduces a new worker type pki which authenticates to Boundary using a new certificate-based method, allowing for worker deployment without using a shared KMS.
  • Credentials: This release introduces a new credential store type static, which simply takes in a user-supplied credential and stores it (encrypted) directly in Boundary. Currently, the static credential store can hold credentials of type username_password. These credentials can act as credential sources for targets, similar to credential libraries from the vault credential store, and thus can be brokered to users at session authorization time. PR
  • boundary connect Credential Brokering Integration: we have extended integration into the boundary connect helpers. A new sshpass style has been added to the ssh helper, when used, if the credential contains a username/password and sshpass is installed, the command will automatically pass the credentials to the ssh process. Additionally, the default ssh helper will now use the username of the brokered credential. PR.
  • controller: Improve response time for listing sessions. This also creates a new periodic job that will delete terminated sessions after 1 hour. See Deprecations/Changes for some additional details. PR.
  • event filtering: Change event filters to use lowercase and snake case for data elements like the rest of Boundary filters do.
  • ui: Use include_terminated flag for listing sessions. PR.
  • ui: Add Quick Setup onboarding guide. PR.

Bug Fixes

  • The plugin execution_dir configuration parameter is now respected. PR.
  • ui: Fix Users page not updating fields correctly. PR.

Deprecations/Changes

  • Targets: Removes support for credential libraries with respect to Target resources. The library fields and actions were deprecated in Boundary 0.5.0, please use credential sources instead. See changelog referenced above for more details (PR).
  • Credential Libraries: The user_password credential type has been renamed to username_password to remove any inconsistency over what the credential type is. All existing user_password typed credential libraries will be migrated to username_password (PR).
  • controller: Change the default behavior of the session list endpoint to no longer include sessions in a terminated state and introduces a new query parameter/cli flag to include the terminated sessions. This also removes the connection information from the list response. PR.
  • Anonymous user permissions: In order to reduce the risk of accidental and unintended granting of permissions to anonymous users, the permissions system now only allows certain actions on certain resources to be assigned to the anonymous user; currently these are the same permissions as assigned in Boundary's default role permissions. If other use-cases arise this list can be expanded. See the documentation for more details.

Fetched April 8, 2026