v1.5.1

Changelog

• bc01c1e changelog: add 1.5.1 entry (config fixes, debug, tests, CI)
• a7ad31b initial commit: add keymaster binary
• 098bd3e vscode: hide built keymaster binary from explorer/search
• 215b5e3 gitignore: stop ignoring cmd/keymaster; keep top-level binary ignores
• 50b5b87 cmd/keymaster: add debug command (debugCmd) for runtime diagnostics
• 4b96e8e Refactor code structure for improved readability and maintainability
• f29e889 Refactor SSH key tests for improved readability and error handling
• ffe0fcb Add comprehensive tests for SSH key parsing and validation
• cece10b automated testing on checkins
• 2559290 Improve error logging for invalid YAML configuration and add test for parse errors
• 23d9e60 unit tests for config file loading
• 5a4d7aa Enhance config loading with improved diagnostics and error handling
• 8819c99 add keymaster binary to .gitignore
• 2fa2c6e Merge pull request #50 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-a3a4ccec5e
• 37cbfbb Bump the gomod-patch-and-minor group across 1 directory with 3 updates
• 8002e58 Merge pull request #46 from ToeiRei/dependabot/github_actions/actions/upload-artifact-6
• 56f356b Merge pull request #47 from ToeiRei/dependabot/github_actions/actions/cache-5
• 76d6c76 Merge pull request #48 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-3402fee0b7
• 17caeec Bump the gomod-patch-and-minor group with 3 updates
• ee39a2f Bump actions/cache from 4 to 5
• b320c7e Bump actions/upload-artifact from 5 to 6
• bd40ff7 backup/restore test
• a1e63cf Some more unit tests
• f14a8bd Merge pull request #45 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-f0625c8c5c
• 3488bd5 Bump github.com/spf13/cobra in the gomod-patch-and-minor group
• e8908ee Potential fix for code scanning alert no. 7: Workflow does not contain permissions
• 78ebdef Merge pull request #44 from ToeiRei/dependabot/github_actions/actions/setup-go-6
• 7cb334d Merge pull request #43 from ToeiRei/dependabot/github_actions/actions/checkout-6
• aa7c9b1 Bump actions/setup-go from 5 to 6
• ad84658 Bump actions/checkout from 4 to 6
• fac2931 Merge pull request #42 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-5b4a49ac63
• 13ce18f Bump the gomod-patch-and-minor group with 3 updates
• 4a1c881 version reporting fixes
• d1692e4 Some Love for the README
• 91dbe96 Add db-maintain command for database maintenance tasks and implement RunDBMaintenance function with timeout support
• 5873159 Refactor database initialization to prevent re-initialization and enhance account insertion for better DB compatibility
• 9437d92 Enhance timestamp handling in audit log import for MySQL compatibility and adjust PostgreSQL driver mapping in DSN initialization
• 6a228a3 fix db problems on tests
• d3f51ee retry
• f209060 Fix health check command syntax in DB integration workflow and adjust schema migration table creation for MySQL
• ab79b95 ignore coverage reports
• 639b6fc test db integration runners
• cd2220f Add database connection pool configuration with environment variable support
• 36fba98 Do some more test coverage
• 1f10027 Refactor database error handling to use MapDBError and remove deprecated NewStore function
• 3d1748c Make a migration to not brick current DBs
• 3971bee remove migrate (tidy)
• 7046488 Bump.
• 8bfd7c3 Refactor RunMigrations function to improve error handling and migration application logic
• c87d9cf Refactor database initialization to use NewStoreFromDSN for improved abstraction and error handling
• e62de1d Refactor database error handling and add MapDBError function for better error mapping
• e555ac7 Merge pull request #39 from ToeiRei/dependabot/github_actions/actions/setup-go-6
• 57d418f Bump actions/setup-go from 4 to 6
• b5a599f Merge pull request #40 from ToeiRei/dependabot/github_actions/actions/upload-artifact-5
• cdc19a5 Merge pull request #41 from ToeiRei/dependabot/github_actions/actions/checkout-6
• bda2ecd Bump actions/checkout from 4 to 6
• d4a6192 Bump actions/upload-artifact from 4 to 5

v1.5.0

This release marks a major overhaul of the data layer for improved reliability and maintainability, along with significant enhancements to the build and CI process.

Added

• Enhanced Build Information: The build process now embeds the Git commit SHA and build date into the binary. A new version subcommand was added to display this information, providing better traceability for builds.
• CI/CD Pipeline: Implemented a GitHub Actions workflow for automated testing and building on each push, improving code quality and release automation.
• Database Unit Tests: Added a comprehensive suite of unit tests for the new Bun-based database operations, ensuring the reliability and correctness of the data layer.

Changed

• Database Layer Overhaul: The entire database layer was refactored to use the Bun ORM instead of raw sql.DB calls. This simplifies queries, improves type safety, and unifies the implementation across SQLite, PostgreSQL, and MySQL.
• Dependency Updates: Upgraded golang.org/x/crypto to v0.45.0 and other minor dependencies.

Fixed

• CLI Flag Redefinition: Corrected an issue where CLI flags could be defined multiple times during command setup (especially in tests), preventing panics caused by duplicate flag definitions.
• CI Workflow Permissions: Addressed a security code scanning alert by specifying correct permissions in the GitHub Actions workflow.

Changelog

• 3cc0156 drop temp. file
• c9feab6 fix up changelog writing.
• fcfa618 I only support latest unless I get a few maintainers onboard
• 4228735 write changelog in preparation for 1.5.0
• adb101f Merge branch 'main' of github.com:ToeiRei/Keymaster
• 5aae72f Potential fix for code scanning alert no. 4: Workflow does not contain permissions
• 07f917a Potential fix for code scanning alert no. 4: Workflow does not contain permissions
• febfe0b Refactor RunMigrations to handle driver creation errors and clean up unused code in bun_probe
• 6bbf640 Refactor database store implementations to remove direct SQL.DB references and streamline usage of Bun ORM
• f07fcf2 add some unit tests for bun
• 66fa2c1 Refactor AssignKeyToAccount and UnassignKeyFromAccount methods to use Bun ORM for fetching key and account details
• fc4c4c0 Refactor database store implementations to utilize Bun ORM
• 4b17f1b Start migrating MySQL and Postgres over to bun
• 75aefda Integrate Bun ORM for MySQL and PostgreSQL support; update database store implementations
• 8be8359 Enhance build process to include git commit SHA and build date in binary; update version command to display additional metadata
• eafb855 Add version subcommand and CI workflow for automated testing and builds
• 718fffd Add comprehensive test suite for Bun integration in database operations
• 4248bb2 Refactor database interactions to utilize Bun integration; update BootstrapSession model to use time.Time for date fields
• c97eef3 Add Bun integration for audit log and backup functionalities; refactor SQLite store methods for improved data handling
• b395111 Refactor database interaction to improve code clarity and efficiency; add new debug export tool for account management testing
• 4978cb1 Refactor SQLite store methods to use Bun integration for account management
• 8569418 Add Bun integration for SQLite store and refactor key management functions
• 6b07e2f Refactor flag definitions to prevent duplicate entries in command setup
• e42af28 Merge pull request #38 from ToeiRei/dependabot/go_modules/golang.org/x/crypto-0.45.0
• f2d6123 Bump golang.org/x/crypto from 0.43.0 to 0.45.0
• da57c4b Merge pull request #37 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-7afa10394a
• 38e6245 Bump modernc.org/sqlite in the gomod-patch-and-minor group

v1.4.4

Changelog

• 09d6e82 Merge pull request #36 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-f165bf9721
• 7530c8c Bump github.com/pkg/sftp in the gomod-patch-and-minor group
• 33310a5 Merge pull request #35 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-44dada3c9b
• 8813ca9 Bump github.com/klauspost/compress in the gomod-patch-and-minor group

v1.4.3

This release focuses on improving the user experience for encrypted system keys and fixing a number of bugs in the TUI workflow.

Added

• Interactive Passphrase Prompts: The TUI will now gracefully prompt for a password when a deployment or audit is attempted with an encrypted system key, rather than failing. This works for single-host, fleet, and tag-based operations.
• Tag Autocompletion: The "Add/Edit Account" form now correctly provides autocomplete suggestions for tags based on existing tags in the database.

Changed

• Authentication Flow: The SSH connection logic now correctly falls back to using the SSH agent if an encrypted system key is present but no passphrase is provided.

Fixed

• Account Editing: Fixed a bug that prevented changes from being saved when editing an account.
• UI State: Resolved several UI bugs where the application would get stuck or return to the wrong screen after completing an operation (e.g., after a fleet deployment).
• Status Messages: Corrected misleading status messages that would appear after a successful fleet deployment.

Changelog

• f46204c write the changelog
• 6525cd8 unbreak tag autocompletition
• 29b6525 fix account saving logic once more
• 10fd5f9 update languages
• 32985ad TUI message fix on deployment
• 68e2c87 implement the same logic from deployment to auditing (NeedPassword)
• 37c5798 make sure PW is cleared after use on auditing as well
• 41a42c2 implement passphrase handling for encrypted system keys and update deployment UI
• cacb0fa wire in key rotation on the tui side correctly
• ebb13d8 fix config quirks (again)
• f5748e5 avoid translation on CLI for now
• 490b02a implement password store on prepared deployments
• 6147ed3 implement a basic password cache
• da06d2d refactor: update NewDeployer to accept an optional passphrase parameter
• 0e1ab53 add password param to cli
• e42a172 prepare private key generation for password protection
• f3fd1b7 Merge pull request #33 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-b79ae7860b
• 0d35123 Bump the gomod-patch-and-minor group with 3 updates

v1.4.2

Changelog

• abadf00 fix backup / restore
• 8bcbbd1 Merge pull request #32 from ToeiRei/dependabot/go_modules/gomod-patch-and-minor-0d714acb37
• 6c7d8b0 Bump github.com/klauspost/compress in the gomod-patch-and-minor group
• 76a8417 Merge pull request #31 from ToeiRei/1.4
• 69bae01 Merge pull request #28 from ToeiRei/main

v1.4.1

Changelog

• 089b5b5 Refactor config handling to improve flag validation and path resolution
• a801d5c Merge pull request #30 from Jannes-Dailidow/config-rework
• 5f775b8 removed some dead code
• f4623bb integrated config loader to all commands and reworked flag provisioning
• 25a9bdc Merge pull request #29 from Jannes-Dailidow/config-rework
• 541b088 fixed some weird alerting bug in vscode when using the git ui
• 0cea902 integrated new config loader into most of the main logic (untested)
• 9a74825 updated config loader for flexibility
• 3030d5c commented out some tests that would get in the way of a rewrite
• a1f9bbc added extension to recomendations so everyone can hate me for all the todo comments
• 7617f4a added package for working with yml files
• 5e1cd15 Merge branch 'ToeiRei:main' into config-rework
• fbd9a47 format fix
• 115d555 Move translation widget to where it belongs
• 06b8e04 fix typo and add translation widget
• 60a94ff fix up dashboard view with proper padding
• 1fc2016 Pull in first Weblate TLC
• 71cf4d8 fix up leading spaces on translations in the English langauge -> template
• 5d90370 beat the translations in shape using weblate
• 11fe706 fix ellipsis for ... in english
• 6a3622e add a missing string for weblate
• f4fa739 Merge pull request #27 from ToeiRei/1.4
• f223a4b Merge branch 'main' into 1.4
• 81faf12 Fix release.yml for go 1.25.1
• 9fdc411 implemented recomendation of not using the singleton instance shipped with viper
• b592fb4 started adoption of new config loader
• 4526fcb implemented config loader
• f2eb796 Chore: run go mod tidy

v1.4.0

This is a major feature release that introduces powerful database management capabilities, a more resilient and user-friendly bootstrap process, and significant enhancements to the dashboard and configuration handling.

Added

• Database Portability:
  • backup command to create a full, Zstandard-compressed JSON backup of the database.
  • restore command to restore from a backup, with both non-destructive (integrate) and full (wipe) modes.
  • migrate command to seamlessly migrate all data from one database backend to another (e.g., SQLite to PostgreSQL).
• Resilient Bootstrap Workflow:
  • The "Add Account" flow now provides a one-liner command to securely bootstrap a new host using a temporary key.
  • Implemented crash recovery to find and clean up orphaned temporary keys on application startup.
  • A background "reaper" goroutine now automatically cleans up expired bootstrap sessions.
• Decommission Command: New decommission command in both the CLI and TUI to securely remove an account by cleaning up its remote authorized_keys file before deleting it from the database.
• Dashboard Enhancements:
  • "Deployment Status" widget shows how many hosts are on the current vs. past system keys.
  • "Security Posture" widget displays a breakdown of the types of public keys in use (e.g., ed25519, ecdsa, rsa).

Changed

• Configuration File Location: Keymaster now respects platform-specific standards for configuration files.
  • The default location is now ~/.config/keymaster/config.yaml on Linux and C:\Users\<user>\AppData\Roaming\keymaster\config.yaml on Windows.
  • The default keymaster.db is also created in this directory.
  • The application maintains backward compatibility by checking for .keymaster.yaml in the current directory if the new config is not found.
• Improved Host Parsing: Hostname and port parsing is now more robust, correctly handling IPv6 addresses and various host:port formats.
• Internationalization: Completed and vetted all German translations.

Fixed

• Configuration Loading: Corrected a bug where an existing config.yaml in the new standard location would not be loaded.
• TUI Window Size: The terminal window size is now preserved when switching languages.

Security

• Bootstrap Hardening: The bootstrap cleanup process now requires a host to be trusted, preventing a potential key replacement vulnerability on untrusted hosts.

Changelog

• 3aca67d fix release workflow
• 83b708f Delete gitlog.txt - tmp helper atrifact for writing CHANGELOG
• 93b8d30 Merge branch 'main' of github.com:ToeiRei/Keymaster
• 4dd26e3 fix up CHANGELOG and patch README for proper conifg handling now
• 57086a0 fix up CHANGELOG and patch README for proper conifg handling now
• 983efe3 be a good program and read the config from the new location as well
• 7ae0624 Shove the config file into their proper place. We're not cluttering pwd
• 02180d4 Did I mention that I hate code blocks in vscode?
• e19bab4 another TLC pass on the README
• e53d0ae Update README.md
• f4c3845 restyle readme
• 60dd4b1 single new line at the end of .md for we pretend to care for standards
• 2763473 Merge branch 'main' of github.com:ToeiRei/Keymaster
• 7bd250e take TODO literally.
• 8e4678f update "screenshot" and prep for 1.4
• 6bac872 add new libs to NOTICE (compression)
• 190ea92 Merge pull request #26 from ToeiRei/feat/decommission-host
• 3ff8e4e fix: harden the security by forcing hosts to be trusted for bootstrap cleanup to prevent CWE-322
• 59e0517 fix: the windows size will be preserved on language change
• c178b6d Merge branch 'main' into feat/decommission-host
• 2f559ff feat: added decommission host feature for tui and command
• a5c3462 vet the translations
• 98ff8f1 add a linter for translations
• 20f3803 update translations
• e6702ca add security posture (key type spread)
• 121a210 add host deployment stats to the dashboard
• 45c26de Merge pull request #25 from realM4C/main
• 1213b59 Implement host:port normalization and add tests for host/port parsing functions
• 83e8178 Delete out.json
• ba97145 We do not upload backups into the repo, okay? ;)
• f6e24f0 add restore for the backups + migratiun between databases
• 129d76f add a crude backup function and add zstd compression for backups
• 5022adc Merge pull request #22 from realM4C/main
• 0559625 Refactor AddAccount method to always log account addition and return nil error tautological condition: nil == nil
• 9416036 go mod tidy
• 2ec38c6 Refactor filter status handling in TUI components
• 0bf81de Merge pull request #21 from ToeiRei:dependabot/github_actions/actions/github-script-8
• fe1257c remove obsolete language display
• 414a7e5 document edge case
• d71b59c Bump actions/github-script from 7 to 8
• 67e429e Fix old translation by overloading plain English due to a quirk in the
• 852bd0c Merge branch 'main' of github.com:ToeiRei/Keymaster
• 4f9879e Merge pull request #20 from Jannes-Dailidow/vscode-settings
• 2babfa8 Added vs-code extension recommendations and launch/debug-config
• e311e6d en-olde -> en-ang
• 1574976 Add languages as menu
• edaa034 Merge pull request #19 from ToeiRei/enh/add-server-host-key-verification-modal
• 9d5d033 fix yaml / typos
• 716f59e Add old English translation as an easter egg
• e8da2fc enh: add copy for the fingerprint verify command
• bea8efe enh: add server host key verification modal to prevent insecure ssh trusting for hosts
• 03595f4 Merge pull request #15 from leonhausdorf/enh/add-ssh-timeout-rules
• 801cab6 test: added ssh deployment tests
• 412498c enh: added default timeouts for ssh key deployment
• bd68232 Merge pull request #7 from leonhausdorf/feat/bootstrapping-account-creation
• a19a96d Merge branch 'main' into feat/bootstrapping-account-creation
• c0a4126 feat: added audit logging for bootstrap
• 86cba81 fix: use ssh key deployment instead of custom deployment via bootstrap
• 63f9260 Merge pull request #14 from realM4C/main
• 6b8e9ad cleanup scrollbar function from helpers. Wasn't used properly anyways.
• e45cc9b remove unused function max from accounts
• b705d37 Increase input character limit for public key form to support larger SSH keys
• 9d76365 remove unused function from syles.go
• e29bf63 Merge pull request #12 from realM4C/main
• 1caadc9 Merge branch 'main' of https://github.com/realM4C/Keymaster
• fe8ce8c Implement audit functionality with strict and serial modes, enhancing drift detection and UI for auditing hosts
• 9c2e360 refactor the dashboard rendering logic for the activity log
• 2a89b70 Add function to update an account hostname (important for testing later)
• f293f3c Separate the "deploying the latest" from "generating a specific historical state for comparison" logic
• 43c4118 Refactor the SSH connection logic
• 02bd98f Add basic tests for export-ssh-client-configs
• b70f7fb Update SECURITY.md
• a22ee1b make git guardian aware of our testdata that these are no breaches
• bba1f74 Add unit tests for key rotation
• e3c1562 Add unit tests for config handling
• 7d607c0 Harden viper config a bit more
• 08083ce cobra.OnInitialize can't handle errors -> wrap initConfig.
• 71900ed Extend unit tests for trusting a host for weak keys
• 6ebcd36 Add unit tests for trusting a host (basic ...

v1.3.5

Changelog

• 0c72636 prep for 1.3.5
• dbf4e60 handle SQLite locking more gracefully
• a6601af add copy to clipboard on authorized_keys display
• 6394080 Merge branch 'main' of github.com:ToeiRei/Keymaster
• 3e6e097 Merge pull request #4 from leonhausdorf/fix/migration-format
• 3182daf Merge pull request #5 from leonhausdorf/feat/clipboard-copy-public-keys
• 0e92fdc feat: add clipboard copy functionality for public keys
• 68ad708 fix: correct migration format for golang-migrate by differenciate the files into .up.sql and .down.sql
• 87239b7 prepare 1.3.5
• c29ba23 fix dashboard starting at full height
• 66e087d fix layout with status message
• 5e6f366 fix scrolling on the two panels
• a77810f update accounts and accounts_keys accordingly (and catch a stray translation)
• b39cfa7 style public key management
• 7193c6e fix design with the panels
• 28b2c06 tweak the layout (heights)
• 48ad60a make accounts list scroll (terminal size)
• 9ed6a96 Consolidate the filter into its own helper function
• f373b43 check the CLI for more fmt shenanigans
• 687d707 fix more i18n problems caused by fmt.Sprintf
• 676643a Fix some more i18n issues for the search filter

v1.3.4

[1.3.4] - 2025-09-26

Added

• Internationalization: Completed translations for German, covering all CLI commands and TUI views.

Changed

• Database Migrations: Refactored the database migration system to use separate SQL files for each supported database (SQLite, PostgreSQL, MySQL). This improves reliability and makes adding future schema changes easier.
• CLI Initialization: The root command initialization was refactored for better testability and to ensure consistent behavior.

Fixed

• Message Formatting: Corrected several internationalization string formatting issues in the CLI and TUI to ensure messages display correctly.

---

Changelog

• 653059f prepare 1.3.4
• ff2ad44 Drop unit tests for now
• 2394bca Refactor root command initialization and improve i18n message formatting
• 3495b52 German translation, dashboard spacing fix
• 34b76d6 Split the db creation scripts per database type
• 5bcab3c move tests
• 30ccecd More translation work
• 6f16840 Improve error handling in key generation and rotation functions
• e2af5fe add basic unit testing and see if it works the way I imagine
• 52b362e More translations on public key management
• f7bb1b0 Add some more translations for key rotation
• db202bc Add TUI error messages and status updates for deployment process
• e269705 Add localized help and status messages for key assignment actions in English and German
• fd59b4f Refactor AddAccount method to return account ID and improve error handling across database implementations
• 58ab228 Add localized status messages for account management actions in English and German
• 6a1061f Enhance i18n support by adding CLI translations for deploy, audit, rotate key, import, and trust host commands
• fa47820 Fix string formatting in dashboard view for better localization support
• 6e71191 make T() more robust and wreck tui in the process
• ae3cc5c Refine importCmd Error Handling and Improve trust-host Command Robustness

v1.3.3

Changelog

• d766a5c prep changelog
• 4a85ccd Consolidate Key Generation Logic
• 5bed50b Improve Database Error Handling in the Importer
• 6746aa9 WAL mode for sqlite makes that thing work better
• 8994d4c fix migrator once again - got lost while migrating branches