1.0.5

✨ Enhancements

• Support Python 3.13.

🐛 Fixes

• Resolved the issue where trailing backslashes could disrupt the output format in Poetry.
• Updated compatibility to support pydantic 2.10 and httpx 0.28.

🧪 Experimental Features

• Tweak the argument for Kubectl Provider and 1Password CLI provider.

Full Changelog: v1.0.4...v1.0.5

1.0.4

✨ Enhancements

• Suppress error messages during the internal trial run of the Teleport provider to prevent user confusion.

🧪 Experimental Features

• Add experimental support for Kubectl Provider.
• Add experimental support for 1Password CLI provider.

Full Changelog: v1.0.3...v1.0.4

1.0.3

✨ Enhancements

• Add type check on Vault’s auth field.
  The field was lazy evaluated and we could not tell the trivial mistakes in the configuration file.

• Improve the error message for Vault KV Provider to display the permission denied error.

• Add internal helper module secrets_env.realms.subprocess to handle subprocess interactions.

🚧 Changes

• Refactor internal HTTP server implementation (secrets_env.realms.server). No behavior change.

1.0.2

✨ Enhancements

• Prevent saving Vault token to token helper for root user.

• Use the provider type name as default instance name.

  sources:
    # This source will be named as `plain`
    - type: plain
  
  secrets:
    - name: DEMO
      source: plain
      value: Hello, world!

• Set the provider as default when only one is installed.

  This simplifies the configuration file when only one provider is installed:

  sources:
    - name: ExampleSource
      type: plain
  
  secrets:
    # This secret will be fetched from `ExampleSource`
    - name: DEMO
      value: Hello, world!

📄 Docs

• Move the changelog to Sphinx documentation

Full Changelog: v1.0.1...v1.0.2

1.0.0

🚨 Breaking changes

• Command group keyring is merged into set password

✨ Enhancements

• Introduce show command to parses and displays the configuration file's contents without executing any commands.

  This command helps users understand how secrets.env interprets the configuration file and identifies critical errors.

• Set environment variable SECRETS_ENV_ACTIVE and use it to prevent recursive execution of secrets.env.

• Add command shell that spawns a shell with the environment variables loaded by secrets.env.

  Users can interact with the shell and use the environment variables.

• Add command set to store username and password in user space.

• Add support for Kubernetes auth method in Vault provider.

  The Kubernetes auth method allows users to authenticate with Vault using a Kubernetes service account token.

🚧 Internal changes

• Use shellingham to detect the shell type.
• Refactor console module.

Full Changelog: v0.29.1...v1.0.0

0.29.1

✨ Enhancements

• Vault provider now integrates with Vault's token helper

• Shifted some alerts to the warnings module to minimize the warning notifications displayed to the user.

Full Changelog: v0.29.0...v0.29.1

0.29.0

🚨 Breaking changes

• Vault userpass auth adapter got renamed from basic to userpass.

  This change is to align the naming with the Vault's auth method.

• Vault token auth adapter no longer reads token from keyring.

  Vault only provide short-lived tokens, so it is not practical to store them in keyring.

✨ Enhancements

• The secrets section in the config file now supports list as well as dictionary.

  secrets:
    - name: secret1
      source: vault
      path: secret/sample
      field: token
    - name: secret2
      source: plaintext
      value: example

• Deprecate the teleport+vault keyword

  This keyword was used to configure the Teleport-integrated Vault secret provider.
  It is now covered by vault.

• Command keyring set now accepts password from stdin

🚧 Internal changes

• Revise the documentation to ensure consistency across different providers.
• Refactor the configuration parser. Internally switch from using dict to Pydantic models.
• Refactor layout of the adapter classes to make the code more extensible.