Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 06:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/changes
History
Jonathan Rudenberg 48760fec58
Add support for reading private_key from AWS Secrets Manager (#31134) 
Adds support for reading server `private_key` from AWS Secrets Manager.
Combined with #31075, this should allow removing all common sensitive
secrets from the environment/config (if I missed any let me know). This
works with localstack for local development (set
`AWS_ENDPOINT_URL=$LOCALSTACK_URL`, `AWS_ACCESS_KEY_ID=test`, and
`AWS_SECRET_ACCESS_KEY=test`).

I did not include config options for `AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY` because they are a bad practice vs role
credentials and defeat the purpose of this feature which is to remove
secrets from the environment/config.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Scott Gress <scott@fleetdm.com>
2025-09-09 16:56:35 -05:00
..
.keep Issue 1009 calculate diff software (#1305) 2021-07-08 13:57:43 -03:00
1812-aws-rds-iam-auth Feat 1817 add iam auth to mysql and redis (#32488) 2025-09-04 10:08:47 -05:00
4498-return-empty-software 4498 empty software (#31940) 2025-08-19 10:38:53 -04:00
21754-fleetctl-api-body-support [fleetctl] api command: support request body, including file uploads (#30806) 2025-07-29 08:15:23 -05:00
25025-dedup-vuln-count Fleet UI: Fix vulns from being counted multiple times in vuln count (#32044) 2025-08-18 17:09:44 -04:00
25636-fma-gitops Add support for install/uninstall script overrides, pre-install query, post-install script in FMA GitOps (#31803) 2025-08-13 07:48:36 -05:00
26382-slsa-attestation-updates SLSA attestation updates (#31833) 2025-08-14 14:52:16 -04:00
26404-stale-false-positive Switch vulns cron false positive clear to clear vulns based on when the vulns run started, rather than based on periodicity (#31364) 2025-07-29 10:14:14 -05:00
27902-linux-last-opened Add support for last opened time for DEB and RPM packages (#31638) 2025-08-12 15:46:04 -07:00
28642-deadlocks-during-gitops-run Refactor ApplyQueries to improve performance (#32394) 2025-09-03 12:54:02 -04:00
28713-gitops-checkbox-status-replica-env Updating App config should use primary (#32428) 2025-08-29 14:02:59 -04:00
28974-add-hydrant-and-request-cert-api Hydrant CA Feature Branch (#31807) 2025-09-04 12:39:41 -04:00
29250-force-filevault-on-login-for-manual-enrollments Enforce FileVault at login when manually enrolled (#31170) 2025-08-01 15:15:11 +02:00
29554-gitops-mode-invalid-url Validate gitops url in frontend and backend (#31243) 2025-08-08 17:08:07 -07:00
29596-labels-platform-change Clear label membership when label platform changes. (#31726) 2025-08-11 21:35:22 +02:00
29769-windows-profiles-with-cdata-escape-fails-to-verify fix windows configuration profile failing to verify if using CDATA escape (#31564) 2025-08-04 17:04:59 +02:00
29795-deleted-policies-still-showing Refactor failing policies total on Host endpoint (#31906) 2025-08-19 13:39:32 -04:00
29833-do-not-log-error-for-missing-eula Do not log error if missing EULA (#31598) 2025-08-05 16:39:49 +02:00
29894-fix-deb-auto-install-query Don't pass the default deb auto-install policy if install status is e.g. uninstalled (#32005) 2025-08-18 17:37:06 -05:00
29909-yara-rules-performance Improved performance when modifying config with a large number of yara rules (#32696) 2025-09-08 10:24:22 -05:00
30095-gitops Apply relevant cleanup suggested by CodeRabbit in #32245 for GitOps update work (#32482) 2025-09-03 13:52:25 -05:00
30154-add-custom-vars-ui UI for managing custom variables (#31875) 2025-08-15 08:24:55 -05:00
30197-automatic-install-policies Automatic install policies in ListHostSoftware (#31469) 2025-08-01 10:22:14 -05:00
30238-add-open-instructions-for-apps-programs Fleet UI: Add self-service opening instructions to apps and programs (#32169) 2025-08-26 11:02:30 -04:00
30248-custom-cvss-scores Fleet UI: Add custom CVSS scores input fields (#31456) 2025-08-05 16:29:55 -04:00
30357-all-teams-dd-bug Fleet UI: VPP Token All teams option bug fix (#31587) 2025-08-07 09:00:51 -04:00
30384-new-global-activity-when-key-escrowed Added new global activity when disk encryption key is escrowed (#31634) 2025-08-08 12:14:48 -04:00
30390-cert-country Fixed issue ingesting certs with long country codes. (#31443) 2025-07-31 23:06:36 +02:00
30403_fix_host_count_discrepancy #30403 Fix fleet installed host count discrepancy (#32455) 2025-09-02 15:05:42 -04:00
30455-errorstore-panic Fixed potential panic in error handler when Redis is down. (#31643) 2025-08-06 17:14:31 +02:00
30526-update-run-script-modal UI for scheduling batch scripts (#31885) 2025-08-14 10:10:45 -05:00
30565-cron-errors Skip software installers for which we can't, or don't need to, parse package IDs/create uninstall scripts (#31347) 2025-07-28 13:58:19 -05:00
30660-enforce-idp-authentication-for-byod-enrollment IdP Authentication before BYOD (#32017) 2025-08-18 18:31:53 +02:00
30746-remove-unintended-broken-sort Fleet UI: Remove unintended broken sort on type column (#31264) 2025-07-28 09:08:34 -04:00
30803-os-icon-bug-fix Fleet UI: Fix OS vs. Software icon bug (#31911) 2025-08-14 13:18:24 -04:00
30849-multipkg-gitops Support providing multiple packages per software package file in GitOps (#32503) 2025-09-05 08:38:00 -05:00
30853-fail-unknown-declaration-type-ddm-errors Fail DDM profiles if response is UnknownDeclarationType (#31606) 2025-08-06 14:38:25 +02:00
30853-gitops-secrets-validation Removed fleet secret validation during gitops dry runs (#31402) 2025-07-30 13:12:39 -05:00
30854-fix-string-concat-in-sql-parser Allow string concat in LIKE op in query editor (#32254) 2025-08-26 14:08:49 -05:00
30857-pending-script-unlock-cancellation-not-respected Fix pending unlock not going away after canceling unlock script (#31644) 2025-08-06 14:38:50 +02:00
30879-host-uuid-for-windows-profiles Added support of $FLEET_VAR_HOST_UUID in Windows MDM configuration profiles (#31695) 2025-08-10 12:24:38 +02:00
30918-calendar-webhook-authz Speculative fix for calendar/webhook authz issue (#31642) 2025-08-07 17:30:56 +02:00
31055-secrets-in-ui-backend Add backend APIs for adding, deleting and listing secret variables (#31936) 2025-08-14 19:33:47 -03:00
31106-macos-cis-updates Updating CIS policies for macOS 15, 14, and 13 (#31553) 2025-08-07 08:24:01 +02:00
31143-hosts-gets-configured-before-profiles-are-sent Wait for expected profiles to be sent before releasing device (#31381) 2025-07-31 17:50:57 +02:00
31167-surface-user-scoped-profiles 31167: SUSP api (#32163) 2025-08-26 11:31:06 -04:00
31173-fix-policy-deadlocks Prevent deadlocks by adding FOR UPDATE locks (#32173) 2025-08-22 12:36:03 -05:00
31173-fix-policy-deadlocks-frontend When updating multiple policies in the UI, the policies are now updated in series to reduce server/DB load. (#32212) 2025-08-25 10:02:52 -05:00
31180-add-ability-to-determine-pin-compliance Added ability to determine if TPM PIN is set (#31622) 2025-08-07 13:55:44 -04:00
31193-turn-on-ability-to-set-tpm-pin Ability to set TPM PIN protector policy on host. (#31484) 2025-08-01 13:32:19 -04:00
31202-allow-special-chars-in-generated-gitops-files Allow emoji in team names (#32491) 2025-09-04 16:12:09 -05:00
31212-surface-linux-kernel-vulns Fleet UI: Add Linux kernel vulns card/table (#31840) 2025-08-14 09:30:49 -04:00
31224-scripts-page-updates UI for scheduling batch scripts (#31885) 2025-08-14 10:10:45 -05:00
31226-batch-script-run-detail-page UI: Batch script run detail page (#32333) 2025-08-29 09:37:05 -06:00
31240-omit-batch-scripts-from-feed Omit batch host script executions from global activities (#31617) 2025-08-11 16:43:20 -04:00
31267-no-team-automations Added Primo migration for failing policies automation. (#32515) 2025-09-04 10:12:27 -05:00
31268-last-opened Show "Never" or "Not supported" on last opened time on software as appropriate (#31603) 2025-08-13 13:14:09 -05:00
31282-add-incompatible-filter-for-hosts Add "incompatible with script" filter for hosts (#31868) 2025-08-14 11:55:19 -05:00
31286-package-upgrade-fix Move 31286 changes file. (#31327) 2025-07-30 07:24:43 +02:00
31291-linux-lock-script On lock, drop GDM Ubuntu into text mode to work around blank/unresponsive screen. (#32100) 2025-08-21 13:55:00 -05:00
31297-installer-status-improvements Fleet UI: Surface timestamp VPP device user page, remove vpp acknowledged tooltip (#32732) 2025-09-08 14:14:52 -04:00
31343-blank-email-on-failed-login-activity Use proper prefix for user_failed_login activity (#32092) 2025-08-20 17:39:57 -04:00
31372-host-identity-cert-renewal Host identity cert renewal (#31372) 2025-07-30 16:46:36 +02:00
31379-ui-issue-with-activity-feed Fixed UI issue in Dashboard page around Software card. (#32105) 2025-08-25 13:52:25 -04:00
31432-live-query-campaigns Add CleanupCompletedCampaignTargets to cleanup old campaign targets. (#32385) 2025-08-28 11:04:05 -05:00
31444-strict-sql-mode Updated SQL modes in tests to match production. (#31445) 2025-08-03 08:18:13 +02:00
31474-remove-incorrect-cves #31474 MSRC has incorrectly named CVEs. This PR removes them from the generated file. (#31851) 2025-08-21 12:41:53 -04:00
31477-secrets-in-macos-profiles Fix GitOps dry run issue with validating profiles with secrets (#32104) 2025-08-22 09:37:12 -05:00
31521-batch-script-cron-schedule Batch script cron schedule (#31808) 2025-08-14 14:44:47 -04:00
31532-cancel-batch-activity Cancel batch execution API (#31757) 2025-08-11 15:17:57 -04:00
31536-add-script-host-results-api Add "batch script host results" API (#32174) 2025-08-27 16:39:43 -05:00
31567-allow-canceling-from-modal UI for scheduling batch scripts (#31885) 2025-08-14 10:10:45 -05:00
31571-fix-panic-all-teams-software Fix server panic with all teams software titles (#31746) 2025-08-08 17:49:32 -03:00
31580-duplicate-scripts Fixed error when updating a script to exactly match the contents of another script. (#32438) 2025-08-29 12:38:37 -05:00
31581-output-from-packages-only 31581 Fix packages_only flag to only show items with software_package (#32284) 2025-08-26 21:53:46 -04:00
31592-improve-offline-indicator Fixes to the offline indicator (#31685) 2025-08-07 16:24:13 -03:00
31601-remove-inaccurate-timestamp Fleet UI: Remove inaccurate updated never timestamp (#32425) 2025-08-29 11:08:04 -04:00
31623-add-new-batch-script-endpoints Add "batch script execution status" and "list batch script executions" endpoints (#31689) 2025-08-08 13:24:48 -05:00
31690-windows-discovery-errors Added additional logging information for Windows MDM discovery endpoint. (#31691) 2025-08-07 17:05:15 +02:00
31721-missing-tar-summary-card Fleet UI: Re-add missing tarballs summary card (#32056) 2025-08-18 17:14:20 -04:00
31736-fleetctl-debug-binary-output Don't flood the terminal with binary output when downloading pkg (#32081) 2025-08-20 12:16:53 -04:00
31755-disk-encryption-table-spacing Remove extra spacing from under disk encryption table (#32665) 2025-09-08 10:02:29 -04:00
31876-update-password-validator Update password requirements check when setting up (#32261) 2025-08-26 16:59:05 -05:00
31932-last-opened-at When iterating through softwares LastOpenedAt timestamp is copied as to not modify original records (#31946) 2025-08-15 09:44:01 -05:00
31944-consistent-banner-link-colors Fleet UI: Consistent banner link colors (#32427) 2025-08-29 11:06:59 -04:00
32037-linux-setup-experience UI: Linux setup experience - End user (#32639) 2025-09-05 15:53:01 -07:00
32040-linux-setup-experience-backend Update GET/PUT /api/_version_/fleet/setup_experience/software to match rest-api.md (#32673) 2025-09-05 18:01:00 -03:00
32067-nil-last-opened Change LastOpenedAt logging (#32767) 2025-09-09 13:47:58 -04:00
32274-denylisted-error Downgrade "denylisted" error to warning (#32276) 2025-08-25 13:45:36 -05:00
32296-optimize-list-script-results Optimized GetHostScriptExecutionResults MySQL query for for large numbers of script results. (#32595) 2025-09-04 15:48:18 -05:00
32313-otel-improvements OpenTelemetry minor improvements (#32324) 2025-08-28 19:32:46 -05:00
32550-missing-ticket-options Fixed missing ticket integration options in Policies -> Other workflows modal for teams. (#32551) 2025-09-04 07:25:13 -05:00
32558-new-fma-omnissa Omnissa version fix (#32594) 2025-09-04 13:03:59 -04:00
32571-fix-gcs-support Fixing Google Cloud Storage (GCS) support (#32573) 2025-09-08 13:54:31 -03:00
32624-extra-space-on-DUP UI: Suppress empty element when no DUP banners present (#32627) 2025-09-05 11:34:51 -07:00
308888-add-fullname-idp-fleet-variable Add full name IdP Fleet variable to Apple configuration profiles (#32246) 2025-08-26 17:55:58 +02:00
issue-24706-public-batch-modify-profiles create public endpoint for batch modify mdm config profiles (#32578) 2025-09-08 14:52:30 +01:00
issue-25367-os-updates-page-permissions dont show os updates page for users who are not global admin or the team admin (#31410) 2025-07-31 12:04:06 +01:00
issue-27467-add-cells-to-cert-table add columns to host details and my device certificates table (#31701) 2025-08-13 14:01:38 +01:00
issue-29410-turn-on-mdm-styles change button styles for turn on mdm info banner (#31374) 2025-08-01 15:36:03 +01:00
issue-30944-integrate-cert-auth-api-frontend Hydrant CA Feature Branch (#31807) 2025-09-04 12:39:41 -04:00
issue-31166-add-user-icon-to-profiles add user scope icon to os profiles (#32647) 2025-09-05 14:53:39 +01:00
jve-get-mdm-command-line-output Add --line flag to fleetctl get mdm-command-results (#31473) 2025-08-25 17:04:18 -04:00
private-key-secrets-manager Add support for reading private_key from AWS Secrets Manager (#31134) 2025-09-09 16:56:35 -05:00
update-go-1.24.6 Update Go to 1.24.6 (#31784) 2025-08-12 08:10:05 -03:00