v0.6.0

• Support "cluster wide" secrets, that are not restricted to the original namespace
  • Set sealedsecrets.bitnami.com/cluster-wide: "true" annotation
  • Warning: cluster-wide SealedSecrets can be decrypted by anyone who can create a SealedSecret in your cluster
• Move to client-go v5.0
• Move to bitnami-labs github org
• Fix bug in schema validation for k8s 1.9

v0.5.1

Note: this version moves TPR/CRD definition into a separate file. To install, you need controller.yaml and either sealedsecret-tpr.yaml or sealedsecret-crd.yaml

• Add CRD definition and TPR->CRD migration documentation
• Add kubeseal --fetch-cert to dump server cert to stdout, for later offline use with kubeseal --cert
• Better sanitisation of input object to kubeseal

(v0.5.1 fixes a travis/github release issue with v0.5.0)

v0.4.0

• controller: deployment security hardening: non-root uid and read-only rootfs
• kubeseal: Include oidc and gcp auth provider plugins
• kubeseal: Add support for YAML output

v0.3.1

• Add controller-norbac.yaml to the release build. This is controller.yaml without RBAC rules and related service account - for environments where RBAC is not yet supported, like Azure.
• Fix missing controller RBAC ClusterRoleBinding in v0.3.0

v0.3.0

Rename everything to better represent project scope. Better to do this early (now) and apologies for the disruption.

• Rename repo and golang import path -> bitnami/sealed-secrets
• Rename cli tool -> kubeseal
• Rename SealedSecret apiGroup -> bitnami.com

v0.2.1

• Fix invalid field resourceName in v0.2.0 controller.yaml (thanks @Globegitter)

Second alpha release

• Client tool has better defaults, and can fetch the certificate automatically from the controller.
• Improve release process to include pre-built Linux and OSX x86-64 binaries.

Initial alpha release

Basic functionality is complete.

v0.0.1: Drive docker release from travis-ci

- Clean up controller.jsonnet
- Switch to quay.io (docker hub doesn't offer robot accounts??)
- Add deploy section to .travis.yml