Features

• Added support for version-less key/certificate identifiers (#181).

  Previously, a versioned key ID was required (when signing):

  notation sign $IMAGE --plugin azure-kv --id https://x.vault.azure.net/certificates/self-signed-pem/a2c329545a934f0aaf434afe64bb392d
  

  Currently, a version-less key ID is also accepted, and it will automatically choose the latest one.

  notation sign $IMAGE --plugin azure-kv --id https://x.vault.azure.net/certificates/self-signed-pem
  

Other Changes

• Improved error messages (#181)
• Bumped up dependencies

Detailed Commits

• doc: update README for v1.1.0 by @JeyJeyGao in #174
• build(deps): bump xunit from 2.7.1 to 2.8.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #176
• build(deps): bump xunit.runner.visualstudio from 2.5.8 to 2.8.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #175
• build(deps): bump Azure.Identity from 1.11.2 to 1.11.3 in /Notation.Plugin.AzureKeyVault by @dependabot in #177
• build(deps): bump Microsoft.NET.Test.Sdk from 17.9.0 to 17.10.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #179
• feat: add versionless key identifier support by @JeyJeyGao in #181
• build(deps): bump xunit from 2.8.0 to 2.8.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #183
• build(deps): bump xunit.runner.visualstudio from 2.8.0 to 2.8.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #182

Full Changelog: v1.1.0...v1.2.0

Features

• Added support for selecting credential types through plugin configuration. (#157)

Other Changes

• Updated the Azure.Identity library to 1.11.2 (#171, #173)
• Enabled .NET AOT feature to optimize the size and execution time of the binary (#156)
• Enabled GitHub Dependabot to automatically update dependencies. (#159)
• Updated dependencies for .NET and GitHub workflow actions.

Detailed Commits

• docs: update README for v1.0.2 by @JeyJeyGao in #152
• bump,ci,fix: bump up dependencies and enable AOT by @JeyJeyGao in #156
• bump(ci): update ci actions by @JeyJeyGao in #158
• ci: add dependabot by @JeyJeyGao in #159
• build(deps): bump super-linter/super-linter from 5 to 6 by @dependabot in #161
• build(deps): bump actions/setup-dotnet from 3 to 4 by @dependabot in #160
• feat: add credential_type plugin config by @JeyJeyGao in #157
• fix(ci): test and release pipeline by @JeyJeyGao in #163
• fix: dependabot exception when parsing .csproj by @JeyJeyGao in #165
• fix: update credential type logic by @JeyJeyGao in #164
• build(deps): bump Azure.Identity from 1.10.4 to 1.11.0 in /Notation.Plugin.AzureKeyVault by @dependabot in #171
• build(deps): bump xunit.runner.visualstudio from 2.5.4 to 2.5.8 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #168
• build(deps): bump xunit from 2.6.2 to 2.7.1 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #166
• build(deps): bump Moq from 4.20.69 to 4.20.70 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #170
• build(deps): bump Microsoft.NET.Test.Sdk from 17.8.0 to 17.9.0 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #167
• build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 in /Notation.Plugin.AzureKeyVault.Tests by @dependabot in #169
• build(deps): bump Azure.Identity from 1.11.0 to 1.11.2 in /Notation.Plugin.AzureKeyVault by @dependabot in #173

Full Changelog: v1.0.2...v1.1.0

Changes

• Updated Azure.identity to v1.10.4 (#145 )
• Updated to dotnet 8.0 (#145 )
• E2E test on Linux, Windows, macOS and Mariner container (#143, #149)
• Support for Azure CBL Mariner container images

Bug Fixes

• Improved error messages (#150 )

Detailed Commits

• doc: update readme for v1.0.1 by @JeyJeyGao in #138
• test: e2e test by @JeyJeyGao in #143
• build: bump up donet 8 by @JeyJeyGao in #145
• fix&test(e2e): mariner containerized e2e test by @JeyJeyGao in #149
• fix: improve RequestFailedException error message by @JeyJeyGao in #150
• test: add unit test for RequestFailedException by @JeyJeyGao in #153

Full Changelog: v1.0.1...v1.0.2

Bug Fixes

• The tarball structure is not consistent between Linux and macOS. (#127)
• Azure Key Vault imported PKCS12 certificate doesn't work on macOS (#133)
• Azure Key Vault imported PKCS12 certificate chain with leaf-to-root certificate order doesn't work (#136)

Detailed Commits

• fix: update help doc by @JeyJeyGao in #130
• ci: update tarball structure by @JeyJeyGao in #129
• doc: update set policy by @JeyJeyGao in #131
• fix: macOS PKCS12 confidential mode = None & Integrity mode = Password(null) by @JeyJeyGao in #134
• ci: add windows and macos test pipeline by @JeyJeyGao in #137
• fix: certificate path construction by @JeyJeyGao in #135

Full Changelog: v1.0.0...v1.0.1

Azure Key Vault plugin v1.0.0 for Notation

notation-azure-kv is a Notation signing plugin using Azure Key Vault managed certificates and keys, implementing the plugin contract of Notary Project Specifications v1.0.0.

Features

• Enable the notation CLI to generate signatures using Azure Key Vault managed certificates and keys
• Support self-signed certificates as well as Certificate Authority (CA) issued certificates

What's Changed Since RC.3

Bug Fixes

• Fix #126: PKCS12 ephemeral key and non-encrypted MAC are not supported on macOS

Other Changes

• Update quote format for documents

Detailed Commits

• doc: update quote note by @JeyJeyGao in #122
• doc: update README for v1.0.0 by @JeyJeyGao in #123
• fix: PKCS12 ephemeral key and non-encrypted MAC are not supported macOS by @JeyJeyGao in #124

Full Changelog: v1.0.0-rc.3...v1.0.0

New Features

• Added self_signed argument in plugin configuration to get self-signed certificate with Certificates Get permission (#119)

Deprecations

• BREAKING CHANGE: removed as_secret argument (#119)

Bug Fixes

• Eliminated OpenSSL dependency for enhanced compatibility (#117)

Detailed Commits

• doc: update for v1.0.0-rc.2 by @JeyJeyGao in #115
• fix: remove X509Chain.Build to avoid compatibility issue by @JeyJeyGao in #117
• doc: update ca signed workflow by @JeyJeyGao in #118
• feat: add self_signed pluginConfig by @JeyJeyGao in #119
• doc: update docs for new features by @JeyJeyGao in #120
• doc: release v1.0.0-rc.3 by @JeyJeyGao in #121

Full Changelog: v1.0.0-rc.2...v1.0.0-rc.3

Bug Fixes

• Fixed the input reading issue (#112)
• Optimized the error message for incorrect certificate bundle (#113)

Other Changes

• Built-in codesign for macOS binary
• Optimized the JSON serializer to avoid runtime reflection to reduce binary load time and improve the performance (#111)

Detailed Commits

• doc: update artifact version in readme by @JeyJeyGao in #106
• doc: update version for README by @JeyJeyGao in #107
• doc: add macOS codesign by @JeyJeyGao in #108
• feat: optimize JSON serializer by @JeyJeyGao in #111
• ci: update release ci to use macOS by @JeyJeyGao in #110
• fix: check command before read input by @JeyJeyGao in #112
• fix: optimize the error message for unmatchable certificate bundle by @JeyJeyGao in #113

Full Changelog: v1.0.0-rc.1...v1.0.0-rc.2

New Features

• Support PKCS12 format for Azure Key Vault Certificate
• Support several new credential method for Azure Key Vault

Other Changes

• BREAKING CHANGE: Removed environment variable AKV_AUTH_FROM_MI. The managed identity credential will be used automatically
• BREAKING CHANGE: The entire plugin is re-written in dotnet

Detailed Commits

• doc: update scripts by @shizhMSFT in #88
• feat: implement get-plugin-metadata & describe-key command in dotnet by @JeyJeyGao in #89
• feat: add .NET verion generate-signature command by @JeyJeyGao in #91
• feat: add as_secret feature by @JeyJeyGao in #92
• test&ci: add test for get-plugin-metadata command & add test CI by @JeyJeyGao in #96
• ci: add .NET release CI by @JeyJeyGao in #94
• chore: remove files for go version by @JeyJeyGao in #99
• doc: add openssl generated certificate by @JeyJeyGao in #100
• refactor: refactor for unit test by @JeyJeyGao in #97
• fix: update Notation brand name by @JeyJeyGao in #101
• ci: set codecov target by @JeyJeyGao in #103
• doc: update readme by @JeyJeyGao in #102
• fix: update readme by @JeyJeyGao in #104
• ci: update release ci runtime name & add release checklist by @JeyJeyGao in #105

Full Changelog: v0.6.0...v1.0.0-rc.1

What's Changed

• fix: pem cert chain parsing issue by @JeyJeyGao in #57
• feat: complete cert chain by certbundle plugin config by @JeyJeyGao in #59
• fix: update error message by @JeyJeyGao in #61
• build: update go version 1.20 by @JeyJeyGao in #69
• build(deps): bump github.com/notaryproject/notation-go from 1.0.0-rc.1 to 1.0.0-rc.3 by @dependabot in #68
• fix: add self-signed cert validation by @JeyJeyGao in #71
• feat: remove autorest package dependency by @JeyJeyGao in #70
• build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 by @dependabot in #75
• feat: remove urfave cli framework by @JeyJeyGao in #74
• feat: align release assets by @JeyJeyGao in #77
• feat: update to use GetCertificate instead of GetSecret by @JeyJeyGao in #76
• test: add keyvault & get metadata unit test by @JeyJeyGao in #79
• test: add code coverage by @JeyJeyGao in #81
• ci: update workflow to trigger when pushing commit to main by @JeyJeyGao in #82
• test: add unit test for crypto package by @JeyJeyGao in #80
• feat: refactor describe-key command & add unit test by @JeyJeyGao in #83
• fix: update Makefile test by @JeyJeyGao in #86
• doc: update README by @JeyJeyGao in #84

New Contributors

• @JeyJeyGao made their first contribution in #57
• @dependabot made their first contribution in #68

Full Changelog: v0.5.0-rc.1...v0.6.0

What's Changed

• remove outdated quick start by @FeynmanZhou in #44
• build: updated to notation RC.1 by @patrickzheng200 in #47
• build: upgrade go version to 1.19 by @shizhMSFT in #48
• update: updated version to v1.0.0-rc.1 by @patrickzheng200 in #49
• updated version to 0.5.0-rc.1 by @patrickzheng200 in #50
• update the version to v0.5.0-rc.1 by @FeynmanZhou in #51
• build: upgrade version by @shizhMSFT in #52

New Contributors

• @patrickzheng200 made their first contribution in #47

Full Changelog: v0.4.0-beta.1...v0.5.0-rc.1