What's Changed
🎁 New features
- cli: allow specifying custom qcnl config when installing MarbleRun by @daniel-weisse in #851
- security: update P256 elliptic keys to P384 by @daniel-weisse in #857
- recovery: enable clients to send encrypted recovery secrets by @daniel-weisse in #878
- Enable recovery using a subset of recovery keys by @daniel-weisse in #879
- coordinator: HSM seal key wrapping by @daniel-weisse in #885
- Enable FIPS 140 crypto for Go binaries by @thomasten in #897
- coordinator: allow updates to recovery secrets by @daniel-weisse in #893
- coordinator: build with symcrypt for FIPS crypto by @thomasten in #896
- coordinator: allow access to secrets of previous manifest cycle by @daniel-weisse in #899
🐛 Bug fixes
- api: ensure backwards compatbility on update apply by @daniel-weisse in #860
🔧 Other changes
- coordinator: seal with 32 byte key by @daniel-weisse in #850
- Merge enterprise code by @daniel-weisse in #877
- coordinator: reduce grpc logging noise by default by @daniel-weisse in #880
- cli: remove --wait because not waiting isn't supported anymore in helm v4 by @thomasten in #907
📖 Documentation
- markdown: fix redirects and outdated links by @daniel-weisse in #887
- docs: Azure HSM sealing integration by @daniel-weisse in #886
- docs: explain RecoveryThreshold config option by @daniel-weisse in #900
- docs: add note about changing recovery secrets by @daniel-weisse in #901
- docs: explain air-gapped recovery workflow by @daniel-weisse in #902
- docs: root key rotation by @daniel-weisse in #903
New Contributors
Full Changelog: v1.8.0...v1.9.0
Contributors
thomasten, msanft, and daniel-weisse