v0.10.3

Image: ghcr.io/external-secrets/external-secrets:v0.10.3
Image: ghcr.io/external-secrets/external-secrets:v0.10.3-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.3-ubi-boringssl

What's Changed

• release: update helm charts to version v0.10.2 by @Skarlso in #3846
• Use Conjur API's built in JWT functions by @szh in #3771
• fix: set grpc resolver explicitly in yandex by @stek29 in #3838
• Add values.schema.json generation to Helm chart by @PrateekKumar1709 in #3774
• fix: only replace data if it is in the middle of the path by @Skarlso in #3852
• fix: bitwarden API url to point to the correct default location by @Skarlso in #3848
• feat: update bitwarden server sdk chart version by @Skarlso in #3850
• chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot in #3855
• chore(deps): bump actions/setup-python from 5.1.1 to 5.2.0 by @dependabot in #3856
• chore(deps): bump mkdocs-material from 9.5.33 to 9.5.34 in /hack/api-docs by @dependabot in #3857
• chore(deps): bump mkdocs from 1.6.0 to 1.6.1 in /hack/api-docs by @dependabot in #3858
• chore(deps): bump watchdog from 4.0.2 to 5.0.0 in /hack/api-docs by @dependabot in #3861
• chore(deps): bump certifi from 2024.7.4 to 2024.8.30 in /hack/api-docs by @dependabot in #3859
• chore(deps): bump zipp from 3.20.0 to 3.20.1 in /hack/api-docs by @dependabot in #3860
• chore: update dependencies by @eso-service-account-app in #3862
• Add blog post about ESO and IBM Secrets Manager by @sali2801 in #3867
• Removed duplicate and deprecated API spec page by @7Pawns in #3868
• Delinea provider is listed twice on the documentation page, and Delin… by @oscerd in #3874
• Updated supported versions table for 0.10 release by @shazib-summar in #3873
• feat: adds scarf to docs by @gusfcarvalho in #3876
• docs: Update sponsors by @gusfcarvalho in #3877
• chore: add eso tools page by @Sn0rt in #3870
• New Generator for UUIDs by @aschaber1 in #3296
• fix: update uuids.generator shortname by @Skarlso in #3883
• chore(deps): bump alpine from 0a4eaa0 to beefdbd in /hack/api-docs by @dependabot in #3884
• chore(deps): bump alpine from 0a4eaa0 to beefdbd by @dependabot in #3886
• chore(deps): bump distroless/static from ce46866 to 95eb83a by @dependabot in #3887
• chore(deps): bump golang from 1.23.0 to 1.23.1 by @dependabot in #3888
• chore(deps): bump golang from 1.23.0-bookworm to 1.23.1-bookworm in /e2e by @dependabot in #3889
• chore(deps): bump alpine from 3.20.2 to 3.20.3 in /e2e by @dependabot in #3890
• chore(deps): bump watchdog from 5.0.0 to 5.0.2 in /hack/api-docs by @dependabot in #3891
• chore(deps): bump platformdirs from 4.2.2 to 4.3.2 in /hack/api-docs by @dependabot in #3892
• chore: update dependencies by @eso-service-account-app in #3893

New Contributors

• @stek29 made their first contribution in #3838
• @sali2801 made their first contribution in #3867
• @7Pawns made their first contribution in #3868
• @oscerd made their first contribution in #3874
• @Sn0rt made their first contribution in #3870

Full Changelog: v0.10.2...v0.10.3

helm-chart-0.10.3

External secret management for Kubernetes

v0.10.2

Image: ghcr.io/external-secrets/external-secrets:v0.10.2
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi-boringssl

What's Changed

• release: update helm charts to version v0.10.1 by @Skarlso in #3842
• fix: add watch to validatingwebhookconfigs by @gusfcarvalho in #3845

Full Changelog: v0.10.1...v0.10.2

helm-chart-0.10.2

External secret management for Kubernetes

helm-chart-0.10.1

External secret management for Kubernetes

v0.10.1

Image: ghcr.io/external-secrets/external-secrets:v0.10.1
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi-boringssl

What's Changed

• release: update helm chart to v0.10.0 by @Skarlso in #3758
• doc: add maintainer of the bitwarden secret manager provider by @Skarlso in #3762
• chore(deps): bump mkdocs-material from 9.5.30 to 9.5.31 in /hack/api-docs by @dependabot in #3763
• fix: decrypt remote parameter for SecureString type by @vsantos in #3761
• chore: update dependencies by @eso-service-account-app in #3766
• chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #3765
• chore(deps): bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @dependabot in #3764
• feat: add beyondtrust provider by @btfhernandez in #3683
• chore: add minimal policy for fetching parameters from ssm by @KrisJohnstone in #3770
• Add Grafana Labs to ADOPTERS.md by @Duologic in #3787
• chore(deps): bump golang from 1.22.5 to 1.22.6 by @dependabot in #3778
• chore(deps): bump pyyaml from 6.0.1 to 6.0.2 in /hack/api-docs by @dependabot in #3779
• chore(deps): bump zipp from 3.19.2 to 3.20.0 in /hack/api-docs by @dependabot in #3780
• chore(deps): bump babel from 2.15.0 to 2.16.0 in /hack/api-docs by @dependabot in #3781
• chore(deps): bump golang from 1.22.5-bookworm to 1.22.6-bookworm in /e2e by @dependabot in #3783
• chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #3784
• chore(deps): bump fossas/fossa-action from 1.3.3 to 1.4.0 by @dependabot in #3785
• chore(deps): bump watchdog from 4.0.1 to 4.0.2 in /hack/api-docs by @dependabot in #3782
• chore: update dependencies by @eso-service-account-app in #3786
• chore: update security best practice by @gusfcarvalho in #3794
• feat: add CAProvider to Bitwarden provider by @Skarlso in #3699
• fix: run helm.test.update on main branch by @Skarlso in #3816
• chore: update dependencies by @eso-service-account-app in #3815
• chore(deps): bump importlib-resources from 6.4.0 to 6.4.3 in /hack/api-docs by @dependabot in #3810
• chore(deps): bump markdown from 3.6 to 3.7 in /hack/api-docs by @dependabot in #3811
• Bump helm-docs image version to v1.7.0 in Makefile by @PrateekKumar1709 in #3806
• chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in #3812
• chore(deps): bump golang from 1.22.6-bookworm to 1.23.0-bookworm in /e2e by @dependabot in #3813
• chore: update go version of the project to 1.23 by @Skarlso in #3829
• Use maps package from standard library by @BooleanCat in #3828
• chore: update dependencies by @eso-service-account-app in #3836
• add the resourceNames(git commit -s) by @younaman in #3822
• chore(deps): bump mkdocs-material from 9.5.31 to 9.5.33 in /hack/api-docs by @dependabot in #3830
• chore(deps): bump importlib-metadata from 8.2.0 to 8.4.0 in /hack/api-docs by @dependabot in #3831
• chore(deps): bump paginate from 0.5.6 to 0.5.7 in /hack/api-docs by @dependabot in #3832
• chore(deps): bump golang from 1.22.6 to 1.23.0 by @dependabot in #3814
• chore(deps): bump github/codeql-action from 3.26.2 to 3.26.5 by @dependabot in #3835
• chore(deps): bump idna from 3.7 to 3.8 in /hack/api-docs by @dependabot in #3834
• chore(deps): bump importlib-resources from 6.4.3 to 6.4.4 in /hack/api-docs by @dependabot in #3833
• feat: implement GetSecretMap for Bitwarden provider by @Skarlso in #3800
• Demonstrate new slices/maps packages by @BooleanCat in #3839

New Contributors

• @btfhernandez made their first contribution in #3683
• @KrisJohnstone made their first contribution in #3770
• @PrateekKumar1709 made their first contribution in #3806
• @BooleanCat made their first contribution in #3828
• @younaman made their first contribution in #3822

Full Changelog: v0.10.0...v0.10.1

helm-chart-0.10.0

External secret management for Kubernetes

v0.10.0

⚠️ :red-alert: BREAKING CHANGE :red-alert: ⚠️

• Webhook Generator
  Webhook generator labels have changed from generators.external-secrets.io/type: webhook to external-secrets.io/type: webhook.

• Webhook Provider
  Webhook provider now can only use secrets that are labeled with external-secrets.io/type: webhook. This enforces explicit setup for webhook secrets by users.

Fixing the issue:

add the label for the secret used by the webhook:

apiVersion: v1
kind: Secret
metadata:
  name: your-secret
  labels:
    external-secrets.io/type: webhook ### <<<<<<<<<<<<< ADD THIS
data:
...

Image: ghcr.io/external-secrets/external-secrets:v0.10.0
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi-boringssl

What's Changed

• chore: bump to 0.9.20 by @gusfcarvalho in #3660
• chore(deps): bump golang from 1.22.4 to 1.22.5 by @dependabot in #3662
• chore(deps): bump distroless/static from 4197211 to ce46866 by @dependabot in #3663
• chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in #3665
• chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @dependabot in #3666
• chore(deps): bump mkdocs-material from 9.5.27 to 9.5.28 in /hack/api-docs by @dependabot in #3667
• chore(deps): bump certifi from 2024.6.2 to 2024.7.4 in /hack/api-docs by @dependabot in #3668
• chore(deps): bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /e2e by @dependabot in #3669
• chore: update dependencies by @eso-service-account-app in #3670
• sets eso-service-account for creating e2e comments by @gusfcarvalho in #3678
• use github token for the actions check by @gusfcarvalho in #3679
• Add support for Delinea Secret Server by @pacificcode in #3468
• Fix: Only URL encode data being passed to URLs (#3652) by @ryanmeans in #3674
• Commenting secrets manifest from hashicorp vault integration #3661 by @jeffmachado in #3680
• docs: Fix namespaceRegexes in full-cluster-secret-store.yaml by @excalq in #3681
• Support for Oracle PushSecret.property #2911 by @Aeyk in #3577
• support for adding headers in vault provider by @abhinav1708 in #3677
• chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #3688
• chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #3691
• chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in #3690
• chore(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @dependabot in #3689
• chore(deps): bump golang from 8c9183f to 8c9183f by @dependabot in #3687
• chore(deps): bump mkdocs-material from 9.5.28 to 9.5.29 in /hack/api-docs by @dependabot in #3692
• fix: aws secretmanager's SecretExists returns true for non-existent secrets by @mintbomb27 in #3684
• chore: update dependencies by @eso-service-account-app in #3693
• Added 2 articles I wrote on AWS secrets injection and ESO templating by @alinadir44 in #3707
• Update docs for namespaceSelectors usage and namespaceSelector deprecation by @mtougeron in #3695
• fix: add namespace to path and route construction by @Skarlso in #3632
• chore(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.8 by @dependabot in #3708
• chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #3709
• Update bitwarden-secrets-manager.md by @zazathomas in #3710
• chore: update dependencies by @eso-service-account-app in #3711
• feat: add PushSecret support for Pulumi ESC by @dirien in #3597
• remove redundant parameter grab call, we already have the data by @rumenvasilev in #3722
• chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #3729
• chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #3727
• chore(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in #3728
• chore(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by @dependabot in #3731
• chore(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in #3730
• chore(deps): bump alpine from 77726ef to 0a4eaa0 by @dependabot in #3733
• chore(deps): bump golang from 8c9183f to 0d3653d by @dependabot in #3732
• feat: increase verbosity of error message during validation by @Skarlso in #3742
• chore(deps): bump golang from 6c27802 to af9b40f in /e2e by @dependabot in #3734
• chore(deps): bump alpine from 3.20.1 to 3.20.2 in /e2e by @dependabot in #3735
• chore(deps): bump alpine from b89d9c9 to 0a4eaa0 in /hack/api-docs by @dependabot in #3736
• chore(deps): bump regex from 2024.5.15 to 2024.7.24 in /hack/api-docs by @dependabot in #3737
• chore(deps): bump mkdocs-material from 9.5.29 to 9.5.30 in /hack/api-docs by @dependabot in #3738
• chore(deps): bump importlib-metadata from 8.0.0 to 8.2.0 in /hack/api-docs by @dependabot in #3739
• chore(deps): bump pymdown-extensions from 10.8.1 to 10.9 in /hack/api-docs by @dependabot in #3740
• docs: Remove references to pemCertificate and pemPrivateKey functions by @trenslow in #3744
• chore: update dependencies by @eso-service-account-app in #3741
• docs: Improvements in the ExternalSecret comments in API section by @c-neto in #3725
• feat: add prefix definition to all secret keys for aws parameter store by @Skarlso in #3718
• feat: do not modify the secret in case of a NotModified by @Skarlso in #3746
• feat: webhook secrets must be labeled by @gusfcarvalho in #3753
• feat: support pkcs12 with chain in pushsecret to Azure KeyVault by @mysteq in #3747
• docs: document fullPemToPkcs12 and fullPemToPkcs12Pass helper functions by @mysteq in #3749

New Contributors

• @ryanmeans made their first contribution in #3674
• @jeffmachado made their first contribution in #3680
• @excalq made their first contribution in #3681
• @Aeyk made their first contribution in #3577
• @abhinav1708 made their first contribution in #3677
• @mintbomb27 made their first contribution in #3684
• @alinadir44 made their first contribution in #3707
• @mtougeron made their first contribution in #3695
• @zazathomas made their first contribution in #3710
• @rumenvasi...

v0.9.20

Image: ghcr.io/external-secrets/external-secrets:v0.9.20
Image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi-boringssl

What's Changed

• bump 0.9.19 by @knelasevero in #3553
• Fix typo: temaplate --> template by @lindhe in #3554
• Oracle Vault Provider Documentation by @anders-swanson in #3551
• feat: add location to GCP push secret by @Skarlso in #3502
• add log.level and log.encoding to all components by @KyriosGN0 in #3558
• chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in #3561
• chore(deps): bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 by @dependabot in #3562
• chore(deps): bump tornado from 6.4 to 6.4.1 in /hack/api-docs by @dependabot in #3563
• chore(deps): bump packaging from 24.0 to 24.1 in /hack/api-docs by @dependabot in #3564
• chore(deps): bump mkdocs-material from 9.5.25 to 9.5.26 in /hack/api-docs by @dependabot in #3565
• chore(deps): bump zipp from 3.19.1 to 3.19.2 in /hack/api-docs by @dependabot in #3566
• chore(deps): bump ubi8/ubi-minimal from 9e458f4 to 5f1cd34 by @dependabot in #3568
• chore(deps): bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /e2e by @dependabot in #3569
• chore(deps): bump golang from 1.22.3 to 1.22.4 by @dependabot in #3567
• Infisical provider by @akhilmhdh in #3477
• feat: kick github actions on main by @Skarlso in #3572
• feat: add support to set Type for AWS parameter store by @vsantos in #3576
• Remove shuheiktgw from maintainers by @shuheiktgw in #3573
• Add device42 provider by @smcavallo in #3571
• ref: parameter store should be called only once by @Skarlso in #3584
• chore: update dependencies by @eso-service-account-app in #3570
• feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache by @toVersus in #3588
• Support glob for namespaces condition in ClusterSecretStore by @speedfl in #2920
• Fix typo privatKey in multiple files by @IdanAdar in #3578
• chore(deps): bump mkdocs-material from 9.5.26 to 9.5.27 in /hack/api-docs by @dependabot in #3595
• chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in #3591
• chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by @dependabot in #3592
• chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #3590
• chore: update dependencies by @eso-service-account-app in #3596
• chore(deps): bump golang from aec4784 to 9678844 in /e2e by @dependabot in #3593
• chore(deps): bump golang from 9bdd569 to 6522f0c by @dependabot in #3594
• feat(chart): Enable partial cache for certcontroller when installCRDs=true by @toVersus in #3589
• Add skip unmanaged store logic for push secret controller by @Bude8 in #3123
• fix(vault): Fix crash when caching is enabled and a token expires by @agunnerson-elastic in #3598
• Remove the use of "golang.org/x/crypto/pkcs12" by @yihuaf in #3601
• Make UBI more tolerable from OS vulnerabilities by @IdanAdar in #3607
• fix: explicitly fetch status subresource due to inconsistencies by @moolen in #3608
• Adds codepath for removing finalizers by @lllamnyp in #3610
• chore: update dependencies by @eso-service-account-app in #3624
• chore(deps): bump alpine from 3.20.0 to 3.20.1 in /e2e by @dependabot in #3622
• chore(deps): bump alpine from 77726ef to b89d9c9 in /hack/api-docs by @dependabot in #3621
• chore(deps): bump golang from 6522f0c to ace6cc3 by @dependabot in #3620
• chore(deps): bump urllib3 from 2.2.1 to 2.2.2 in /hack/api-docs by @dependabot in #3618
• chore(deps): bump importlib-metadata from 7.1.0 to 7.2.1 in /hack/api-docs by @dependabot in #3617
• chore(deps): bump livereload from 2.6.3 to 2.7.0 in /hack/api-docs by @dependabot in #3616
• chore(deps): bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by @dependabot in #3615
• chore(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 by @dependabot in #3614
• Fix ACR External Secret example by @ellenfieldn in #3626
• feat: add bitwarden secret manager support by @Skarlso in #3603
• fix: e2e installation of ESO needs to update dependencies first by @Skarlso in #3635
• added secretserver env vars to e2e.yml by @pacificcode in #3636
• docs: fix dataFrom.find in ExternalSecret api example by @sboschman in #3633
• chore: update dependencies by @eso-service-account-app in #3641
• chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #3640
• chore(deps): bump importlib-metadata from 7.2.1 to 8.0.0 in /hack/api-docs by @dependabot in #3639
• add AuthRef to kubernetes provider fixes #3627 by @kaedwen in #3628
• fix: implement handling for pushing whole k8s secret to gcsm by @thejosephstevens in #3644
• bump e2e pipeline by @gusfcarvalho in #3646
• fix e2e permissions by @gusfcarvalho in #3647
• bump docs with e2e commands by @gusfcarvalho in #3648
• also needs pull-requests by @gusfcarvalho in #3649
• use github token to allow comment by @gusfcarvalho in #3651
• fix(webhook): perform conversion of data by @cardoe in #3638
• feat: implement pushing whole k8s secret to Azure Keyvault by @CCOLLOT in #3650
• fix(vault): Treat tokens expiring in <60s as expired by @agunnerson-elastic in #3637
• Allow specifying the same namespace for SecretStores by @shuheiktgw in #3555
• docs: add proposal for PushSecret metadata by @moolen in #3612
• fix github credentials by @gusfcarvalho in #3656
• docs: updated k8s support for ESO v0.9 by @shazib-summar in #3659

New Contributors

• @lindhe made their first contribution in #3554
• @KyriosGN0 made their first contribution in #3558
• @akhilmhdh made their first contribution in #3477
• @smcavallo made their first contribution in #3571
• @toVersus made their first contribution in #3588
• @speedfl made their first c...

helm-chart-0.9.20

External secret management for Kubernetes