releases.shpreview
HashiCorp/Boundary/v0.11.1

v0.11.1

November 29, 2022BoundaryView original ↗
$npx -y @buildinternet/releases show rel_co1wYwTEq5tvf9baHbszC

0.11.1 (2022/11/30)

New and Improved

  • Vault Parameter Templating: In vault credential libraries, the paths and any POST bodies can contain templated parameters using Go template syntax (similar to Consul-Template). The following template parameters are supported (note that account values are tied to the account associated with the token making the call):

    • {{ .User.Id }}: the user's ID
    • {{ .User.Name }}: the user's name (from the user resource)
    • {{ .User.FullName }}: the user's name (from the account corresponding to the primary auth method in the user's scope; this may not be populated or maybe different than the account name in the template)
    • {{ .User.Email }}: the user's email address (same caveat as FullName)
    • {{ .Account.Id }}: the account's ID
    • {{ .Account.Name }}: the account's name (from the account resource)
    • {{ .Account.LoginName }}: the account's login name (if used by that type of account)
    • {{ .Account.Subject }}: the account's subject (if used by that type of account)
    • {{ .Account.Email }}: the account's email (if used by that type of account)

    Additionally, there is currently a single function that strips the rest of a string after a specified substring; this is useful for pulling an user/account name from an email address. In the following example it uses the account email can be any other parameter:

    • {{ truncateFrom .Account.Email "@" }}: this would turn foo@example.com into foo

  • Per-scope key lifecycle management: You can now manage the lifecycles of both Key Encryption Keys (KEKs) and Data Encryption Keys (DEKs) using the new key rotation and key version destruction functionality. To learn more about this new feature, refer to the documentation.

    Upgrade notice: If the Database purpose DEK for a scope is destroyed, you must use the API to cancel any sessions that predate the upgrade. (PR)

  • workers: PKI Worker daemons now get disconnected from upstreams when their corresponding resource is deleted (PR)

Bug Fixes

  • sessions: Fix workers not being in random order when returned to clients at authorize-session time, which could allow one worker to bear the majority of sessions (PR)
  • workers: In some error conditions when sending status to controllers, errors could be written to stdout along with a message that they could not successfully be evented instead of being written to the event log (PR)
  • workers: Fixed a panic that can happen in certain situations (PR)
  • sessions: Fixed a panic in a controller when a worker is deleted while sessions are ongoing (PR)
  • sessions: Fixed a panic in a worker when a user with an active session is deleted (PR)
  • sessions: Fixed a bug where reading a session after its associated project had been deleted would result in an error (PR)
  • config: Fixed a bug where supplying multiple KMS blocks with the same purpose would silently ignore all but the last block (PR)

Deprecations/Changes

  • In order to standardize on the templating format, templates in grants now are documented to use the new capitalization and format; however, the previous style will continue to work.

Fetched April 8, 2026