C&I Projects Daily Triage :: Triage Party

queue to be emptied once a day

Daily Triage

419 unique items

Completion ETA: ~2060-11-02

Assi	Unprioritized issues older than 7 days	Uncommented older than 7 days	Important soon, but no updates in 90 days	Important longterm, but no updates in 180 days	Pull Requests: Review Ready	Unkinded Issues	Unprioritized Recent Issues	Uncommented Recent Issues	New, has multiple reactions, but not important-soon	New, has multiple commenters, but not important-soon	needs information, has update	Recently updated issue has a question
	conjur#2046 Should raise informative log error in case role not exist in k8s inject_client_cert 🌊
	conjur#1673 Migrate conjur-policy-parser locally 🌊
	conjur#1530 Separate orchestrator config from policy_version model 🌊
	conjur#1177 (GA) Test if encryptions of k8s secrets is working 🌊 conjur#1159 (CA) Add log level configuration 🌊 conjur#1082 Investigate permission problems in master startup 🌊 conjur#1077 Map persistence locations in appliance image 🌊 conjur#1075 Replace deployment config with stateful set 🌊 conjur#1070 Play with master inside minishift 🌊 conjur#1066 OAuth 2 Device Grant - Spike 🌊
	conjur#1096 A central location exists for Conjur Log docs 🌊
	conjur-api-go#183 Conjur attempts to create .netrc file 🌊 secrets-provider-for-k8s#549 Secrets rotation improvements 🌊 ansible-conjur-collection#215 Using Git as an collection source fails, `VERSION` file missing 🌊 ansible-conjur-collection#210 Validate compatibility with ansible-core 2.19 🌊
	kubernetes-conjur-demo#89 Repo's use of bash-lib means you can't run the scripts individually 🌊
					secretless-broker#1340 WIP: mongodb connector 🌊
nobody	conjur#2430 Policy Permit Privileges without brackets doesn't produce an error conjur#2380 Better handling of malformed Kubernetes service account token for Kubernetes authenticator conjur#2245 Add minimum thread count to puma configuration conjur#2181 Kubernetes Authenticator Websocket Client doesn't support Server Name Indication (SNI) conjur#2133 Fix ApplicationController complexity conjur#2117 Fix all Conjur CC issues conjur#2108 Update release workflow to include API version conjur#2081 Add tests for no STDIN but `--password-from-stdin` option is provided conjur#2067 Non-empty policy variable values should apply and take precedence for Kubernetes authenticator conjur#2062 A test setup exists for testing simplified authn client config conjur#2000 Validation for restricted to setting while loading a policy conjur#1980 Update .dockerignore to include deb file exclusions conjur#1964 Update upgrade process: separate schema and data restoration conjur#1959 There is a draft plan for improving Conjur sidecar automation in Kubernetes / OpenShift conjur#1958 Adding recursive permit statements conjur#1956 Support debugging authn-k8s in dev env conjur#1945 Nil error in authn_k8s/inject_client_cert.rb conjur#1922 Variable Content Validation conjur#1920 Hosts can acquire valid password via password change conjur#1863 Support validating host annotations for authentication while loading a policy conjur#1765 Cucumber - Remove audit keyword from log step conjur#1757 Authentication token available in OAuth format conjur#1753 Conjur policy reload does not update annotations in APPEND mode conjur#1718 Configure SSL certs/keys and postgres ssl_mode conjur#1700 CIDR Restriction - invalid cidr value DB Error conjur#1696 Consider refactoring request IP tests to smaller units under test conjur#1679 CIDR Support Proxy - Remove validate_origin from Authenticate conjur#1651 Conjur Account change to Space conjur#1618 Load empty policy cause to 403 in creating host from token conjur#1611 Implicit database dependency in credentials command classes conjur#1604 Update landing page jquery to 3.3.1-dfsg or higher conjur#1603 Update landing page bootstrap to 3.4.1 or later conjur#1587 Refactor `./start` conjur#1557 Extend rake task to get next available trackable log message code conjur#1524 Querying resources as a role without specifying the fully qualified ID leads to a 403 response conjur#1519 Adds info endpoint for server/follower ID and version for debugging conjur#1503 Update audit private enterprise number conjur#1502 Update private enterprise number contact conjur#1488 CI pipeline never exercises "environments/production.rb" conjur#1478 Conjur CI workflow is documented conjur#1467 Improve security by permitting only expected params conjur#1466 fetchCertificate and pdf/fetchCertificate consist of hard coded path to httpclient conjur#1370 Cyberark DAP Host Policy docs are updated to include the `api_key_enabled` attribute conjur#1369 Cyberark DAP User Policy docs are updated to include the `api_key_enabled` attribute conjur#1368 Cyberark Conjur Host Policy docs are updated to include the `api_key_enabled` attribute conjur#1367 Cyberark Conjur User Policy docs are updated to include the `api_key_enabled` attribute conjur#1366 Changing a User/Host api_key_enabled attribute to true generates an API key conjur#1365 Changing a User/Host api_key_enabled attribute to false removes the API key conjur#1364 Logging into the default authenticator with a User/Host with disabled API keys fails conjur#1363 Rotating a User/Host with disabled API key results in an error conjur#1362 An API key is not generated when api_key_enabled attribute is true conjur#1361 An API key is generated when api_key_enabled attribute is true conjur#1327 Conjur README is clear and approachable conjur#1265 Kubernetes authenticator supports container-level application identity conjur#1258 Add GKE testing section to README conjur#1191 Architecture Diagram for DB off OpenShift conjur#1163 Switch UTs from Convey to testify in k8s authn client conjur#1154 Tests a 504 response code in OIDC conjur#1142 Conjur authn-k8s client user inputs can be provided as CMD args along as env vars conjur#1132 Audit batch retrieve secret should be performed on full success only conjur#1115 Logs in `production` env should include severity, timestamp & pid conjur#1112 Executing docker run on Conjur image produces useful error conjur#1101 Decide on permissions to webservice conjur#1097 Authenticators API conjur#1093 We understand the testing currently performed in the cyberark/conjur repo conjur#1092 Value objects should not interact with the DB conjur#1089 Convert FetchOidcSecrets to OidcVariable conjur#1053 `/authenticators/available` API returns the authenticators which are available for configuration - DRAFT conjur#1051 `/authenticators` API returns authenticators that are ready for authentication conjur#984 No indication of missing rotator conjur#930 Can't load a delegation policy for a variable contains colon (:) in name conjur#898 cucumber steps can be shared between profiles conjur#844 Policy reloading when an integration that auto-loads policy is used has passed XA conjur#843 Secrets can be retrieved with variable prefix conjur#835 Replace Ruby Sass conjur#824 Authenticate controller logs error message correctly conjur#813 Host Factory created hosts don't have the policy namespace of their layer conjur#812 Conjur k8s tests can be run on minikube conjur#793 authn-k8s can't authenticate pods controlled by DeploymentConfig conjur#746 Authenticator "origin" parameter should be more clearly named conjur#735 ci/test script referenes cucumber/cucumber.yml conjur#734 Sequel log level is set to :warn conjur#690 Possible Future CA Development conjur#688 Conjur CA Services are documented conjur#675 OpenShift events are displayed in the UI's audit log conjur#670 Conjur is tested under continuous loads conjur#649 Conjur can rotate Oracle database connections conjur#648 SSH public key rotation exists in Conjur conjur#647 SSH key pair rotation is available in Conjur conjur#646 S3 based Host Factory Token rotation has been ported conjur#645 GCP Service Account rotator has been ported conjur#644 Rotators have been migrated from V4 conjur#640 Conjur Docker image follows the standard version naming convention conjur#621 Host CIDR restriction can be set using host factory token conjur#620 CIDR Authentication Restriction for Users and Hosts is Documented conjur#614 Cucumber tests should run in random order conjur#607 A user sees the Audit events are visible to them conjur#599 Use of !include causes better error message conjur#582 Can't permit on a nested list of resources using policy conjur#540 Deprecate the route GET /resources/:account conjur#527 Multi-Domain LDAP Authentication conjur#513 64bit OS required for Docker on Linux, but Docker doesn't validate architecture and will pass `hello-world` successfully on 32bit conjur#509 Error msg unclear when loading policy with multiple unnamed hostfactory configurations conjur#482 Document maximum policy size conjur#426 Site assets are minified in production build conjur#181 String ids considered harmful conjur#2494 Dev environment supports hot reloading secretless-broker#1417 Running juxtaposer on release is automated secretless-broker#1403 provide ability to intercept sigquit (kill -3) to generate current execution stack snapshots for all active tasks secretless-broker#1372 Error codes for improved troubleshooting secretless-broker#1371 aws connector should have integration tests secretless-broker#1348 Release MacOS DMG file with compressed SecretlessBroker.app secretless-broker#1347 Secretless component quality levels move from alpha/beta/GA to community/trusted/certified secretless-broker#1342 Migrate to a new method for running the Secretless health check secretless-broker#1337 Support multi-value dynamic credentials secretless-broker#1336 There should be capabilities in `secretless.yml` to supply custom settings to providers secretless-broker#1324 Generic HTTP Connector: OAuth1 supports different signature hashing methods secretless-broker#1312 Create a Docker CLI Connector for Secretless secretless-broker#1283 There is an example generic HTTP connector config for Salesforce secretless-broker#1279 There is an example generic HTTP connector config for the Kubernetes API secretless-broker#1262 There is an example generic HTTP connector config for the Google Cloud SDK secretless-broker#1252 Reconcile MSSQL and (MySQL+PG) integration testing strategies secretless-broker#1251 better UX for test infrastructure secretless-broker#1241 There exists a Cassandra TCP Connector with username and password based authentication secretless-broker#1229 A mechanism exists to redact sensitive values in logs secretless-broker#1225 There is a central set of tests that validate the SSL configuration of the TLS connectors secretless-broker#1222 Secretless has a Cassandra DB connector secretless-broker#1213 Secretless has a DB2 connector secretless-broker#1205 TLS Connectors share a structure for connection details secretless-broker#1201 Determine how Secretless responds to DB server TLS renegotiation secretless-broker#1182 Secretless configuration files support ssl configuration information secretless-broker#1179 Service Connector for MarkLogic secretless-broker#1171 Add Unix socket flow to Kubernetes tutorial secretless-broker#1152 Proxyservice package is unit tested secretless-broker#1132 JDBC Jar is built at runtime for integration tests secretless-broker#1097 Database clients receive a meaningful error when a new connection request has bad credentials secretless-broker#1094 Secretless has configurable connection timeouts for connectors secretless-broker#1083 Example plugin uses Secretless logger secretless-broker#1042 Conjur provider has improved automated tests secretless-broker#1036 Unit tests validate service connector plugin error handling secretless-broker#1021 Add a Security Model to the connector plugin README secretless-broker#1011 ForceSSL defaults to true secretless-broker#994 Use our logger implementation for signal/reload listener secretless-broker#993 Use our logger implementation for health check output secretless-broker#992 Reintroduce back some logging messages we lost in refactoring secretless-broker#980 Secretless transmits packets after authentication without transforming them secretless-broker#979 Add `--allow-builtin-plugin-overrides` CLI argument secretless-broker#971 secretless plugin test harness exists secretless-broker#957 Re-evaluate ConnectionManager API secretless-broker#941 Remove URL parsing logic from `internal/proxyservice/proxy_service.go` secretless-broker#940 Add better logic when we can't open a tcp socket secretless-broker#937 Replace XXXFunc with values in AvailablePlugins UTs secretless-broker#934 Tests are added for external_plugins.go secretless-broker#902 secretless.Logger is simplified with cleaner tests secretless-broker#875 Logger tests use mocks for simplicity secretless-broker#836 Improve support for configuration CRDs secretless-broker#834 Secretless supports plugin types besides connectors secretless-broker#822 Make our plugin system work on windows secretless-broker#774 Remove Secretless website from project and put in its own repository secretless-broker#715 CRDs are updated to use v2 configuration format secretless-broker#704 fs_watcher has a goroutine leak secretless-broker#701 Best practices recommendations exist for writing new DB handlers secretless-broker#692 generalise SSL cert mounting instructions for postgres secretless-broker#690 design document exists for supported and future handlers secretless-broker#686 evaluate http.Client timeout in secretless-broker and conjur provider secretless-broker#681 Tutorial progress bar position is fixed secretless-broker#680 Abstraction exists in tutorial to accept multiple tutorials as parameter secretless-broker#671 A good way to prevent log leaks has been agreed upon secretless-broker#657 K8s tutorial scripts use correct method for waiting on containers secretless-broker#645 Jekyll can create foldable content from markdown secretless-broker#640 Cleanup and document code for autogenerating test secretless.yml secretless-broker#629 A method exists for encoding HandshakeV10 as bytes secretless-broker#625 SSL util functions for handlers have correct interface and clean code secretless-broker#624 Use structured representation of options for Pg Handler secretless-broker#623 MySQL Handler has good code quality and all required tests secretless-broker#620 Comment mysql handler unit tests to increase readability secretless-broker#619 a test matrix exists with a variety of clients for any given handler secretless-broker#618 Use structured representation of options for MySQL Handler secretless-broker#617 Credentials are consistently zeroized after use secretless-broker#608 Improve dev flow on tests, test documentation, and test infrastructure secretless-broker#607 MySQL/PG/SSL tests have been refactored secretless-broker#592 Simplify ConfigureBackend in database handlers secretless-broker#591 Add README to the integration tests secretless-broker#585 An explicit test exists for TLS between secretless and backend secretless-broker#559 Build scripts and docker caching have been evaluated secretless-broker#558 Investigate the impact of TLS between Secretless and backend server secretless-broker#556 Evaluate support for multiple mysql auth plugins secretless-broker#514 Providers retrieve secret values per connection in batches if possible secretless-broker#510 AWS Secrets credential provider has integration tests secretless-broker#507 Secretless has AWS Secrets Provider secretless-broker#506 Config watcher is tested secretless-broker#505 Secretless watches for config file changes secretless-broker#498 Unit tests should not require mercurial secretless-broker#483 PostgreSQL handler protocol has unit tests secretless-broker#477 Secretless quick start demo instructions are clear about flow secretless-broker#473 Secretless optionally retries connections secretless-broker#467 HTTP response times are measured secretless-broker#466 SSH throughput is measured secretless-broker#465 MySQL query response times are measured secretless-broker#409 Website has performance page secretless-broker#404 a test suite exists for the generic sidecar injector secretless-broker#403 sidecar injector allows mounting a volume with statically compiled summon secretless-broker#400 Broker documentation is improved secretless-broker#383 Broker is secure secretless-broker#381 Broker has additional configuration options secretless-broker#379 Performance metrics are published secretless-broker#374 A pass-through listener exists secretless-broker#342 sidecar-injector should allow sharing of secretless domain sockets via volume mounts secretless-broker#270 SSH agent only keeps loaded keys for the duration of connection secretless-broker#265 Secretless has option to configure response when provider fails to resolve a variable secretless-broker#264 Secretless optionally supports secrets caching secretless-broker#260 Add MongoDB handler/listener secretless-broker#220 README should reflect GKE setup established initially in k8s demo dir helm-charts#16 Helm charts are published to Helm artifact hub and helm/hub helm-charts#12 Helm charts repo is updated after new helm chart release oss-template#1 Add a code vulnerability checker conjur-oss-helm-chart#177 Conjur does not start with an external Postgres database due to OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode conjur-oss-helm-chart#167 Add nodeSelector to list of Chart Parameters conjur-oss-helm-chart#145 Static sub-resource names conjur-oss-helm-chart#142 Add check/warning for pre-existing ClusterRole in Kubernetes example scripts conjur-oss-helm-chart#141 Clarify compatible database versions in README conjur-oss-helm-chart#136 Add option to auto-create a Conjur data encryption key conjur-oss-helm-chart#135 Add deprecation warnings to NOTES.txt conjur-oss-helm-chart#134 Deprecated features to consider for removal for next major release (3.0.0) conjur-oss-helm-chart#133 Instructions fail when LoadBalancer service defines a hostname instead of an IP for the LB ingress conjur-oss-helm-chart#132 Add authn-k8s demo app E2E test based on KinD GitHub actions conjur-oss-helm-chart#131 Eliminate redundant Kubernetes service for Conjur conjur-oss-helm-chart#130 Failure in Conjur schema migrations of external DB can't recover conjur-oss-helm-chart#104 Reorganize README.md KinD example to make it more of a Getting Started guide conjur-oss-helm-chart#86 Document use of or add subchart for bitnami/postgresql conjur-oss-helm-chart#68 Helm deployment instructions (README) include architecture diagrams conjur-oss-helm-chart#61 Helm pipeline runs `helm package` on tags and auto-adds the artifact to a GitHub release conjur-oss-helm-chart#57 Pipeline validates upgrade instructions conjur-oss-helm-chart#54 Automated end-to-end testing suite conjur-oss-helm-chart#46 Adds TLS between Conjur and posgres pod conjur-oss-helm-chart#28 Documentation is updated to clarify setup steps conjur-oss-helm-chart#27 The Helm chart supports custom value for the PostgreSQL container UID conjur-oss-helm-chart#9 CI pipeline runs kubesec conjur-oss-helm-chart#7 Conjur Helm chart has published shasums conjur-api-go#60 GoLang SDK correctly handles Users/Hosts with `api_key_enabled` conjur-api-java#42 Add code coverage to conjur-api-java summon#260 Multi-line secrets. summon#259 The `providers` link in the README 404s summon-keyring#29 The Keyring provider does not work on Windows summon-keyring#7 Add CI pipeline summon-keyring#5 Convert ring.py to Python 3 summon-aws-secrets#48 Tests exist for `main.go` summon-aws-secrets#44 Ability to specify versions of secrets to retrieve summon-aws-secrets#17 Option to base64 encode secrets values summon-s3#22 Apple silicon is not supported for this provider secrets-provider-for-k8s#555 secrets-provider breaks base64 encoded pkcs12 files stored in Conjur sidecar-injector#93 TLS handshake error when following README in local cluster kubernetes-conjur-deploy#171 Close ports for the conjur follower kubernetes-conjur-deploy#168 Need to run retry mechanism for delete namespace command kubernetes-conjur-deploy#162 Openshift password should be given/pulled from summon kubernetes-conjur-deploy#161 Auto Enrollment Secrets Add should be part of the script kubernetes-conjur-deploy#160 Image pull backoff in OC4.5 because image url is external when using start.sh kubernetes-conjur-deploy#119 Migrate secrets provider repo to use the helm chart for deploying conjur in automation kubernetes-conjur-deploy#117 Unbound variable error on stop kubernetes-conjur-deploy#116 Repo needs a CHANGELOG kubernetes-conjur-deploy#74 Deployment Flow with Seed Fetcher is tested in CI kubernetes-conjur-deploy#62 Deploy Scripts don't work on current Minishift Version kubernetes-conjur-deploy#61 Deploy can be performed w/ non-cluster admin user kubernetes-conjur-deploy#60 Standby and follower seeding encrypts key files kubernetes-conjur-deploy#48 Followers are configured to be distributed across nodes kubernetes-conjur-deploy#31 the check dep script is checking for OSHIFT_CONJUR_ADMIN_USERNAME but the scripts are using OPSHIFT_CLUSTER_ADMIN_USERNAME kubernetes-conjur-deploy#21 configure nodePort for haproxy to provide external access to Conjur Master service kubernetes-conjur-deploy#20 add script to delete deployments kubernetes-conjur-deploy#19 developer user needs access to internal registry kubernetes-conjur-deploy#18 data key should be stored as a secret kubernetes-conjur-demo#135 Add validator host ID to allow authn-k8s config to be validated kubernetes-conjur-demo#130 Automated tests only run against annotation-based identities kubernetes-conjur-demo#115 Add DeploymentConfigs as app identity in Jenkins OpenShift CI kubernetes-conjur-demo#113 Replace use of sed for yaml templating with Yaml.sh or helm charts kubernetes-conjur-demo#66 --dry-run option kubernetes-conjur-demo#52 CI takes too long kubernetes-conjur-demo#38 Automated tests validate demos against Conjur OSS kubernetes-conjur-demo#32 Scripts check conditions rather than sleeping kubernetes-conjur-demo#29 sidecar injector is incorporated into kubernetes-conjur-demo kubernetes-conjur-demo#11 conjur-authenticator rolebinding requires elevated privileges to create kubernetes-conjur-demo#10 test app is deployed using helm chart cloudfoundry-conjur-demo#35 Demo has a CI pipeline for the tile cloudfoundry-conjur-demo#22 Demo should run w/o internet access after it is built cloudfoundry-conjur-demo#11 change to ./stop instead of ./bin/stop conjur-intro#73 Certificates can easily be generated/regenerated for DAP cluster conjur-intro#61 Add jenkins conjur plugin test conjur-intro#35 Review Follower Setup Instructions for AWS Cluster Demo conjur-intro#34 AWS Cluster Demo Script adhere to Shell Script Guidelines conjur-intro#31 The demo flows have automated tests conjur-intro#22 A demo exists for host factory tokens conjur-intro#7 Auto-failover demo only shows cluster setup ansible-conjur-collection#191 Unable to run cyberark.conjur.conjur_host_identity role. ansible-conjur-collection#146 Support JWT Authentication for Ansible ansible-conjur-collection#145 Support JWT Authentication for Ansible ansible-conjur-collection#74 Bring ansible-conjur-collection to Certified level ansible-conjur-collection#73 Troubleshoot Ansible Conjur installation on 2.9 ansible-conjur-collection#72 Troubleshoot Ansible Conjur installation on 2.9 ansible-conjur-collection#56 Collection is published to Automation Hub ansible-conjur-collection#49 Add other ways to specify Conjur / DAP identity in `cyberark.conjur.conjur_variable` ansible-conjur-collection#47 The UX of configuring the lookup plugin and role has been evaluated ansible-conjur-collection#46 Roles are tested with Molecule ansible-conjur-collection#45 The log output of the conjur-role without "no_log" set to true has been reviewed ansible-conjur-collection#44 Roles and plugins share a build stage and test directory structure ansible-conjur-collection#43 Documentation is clear that input variable path should not be urlencoded ansible-conjur-collection#42 Expand Ansible Collection to include Conjur Role ansible-conjur-host-identity#30 Migrate this Ansible role to the Conjur Ansible collection ansible-conjur-host-identity#26 conjur_variable lookup plugin can be improved ansible-conjur-host-identity#22 Add code coverage to ansible-conjur-host-identity ansible-conjur-host-identity#5 CA cert content is dumped to stdout ansible-conjur-host-identity#4 The parameter `conjur_ssl_certificate` requires cert as a string, not a file. ansible-conjur-host-identity#3 Parameter `conjur_validate_certs should be `True` by default ansible-conjur-host-identity#2 Deprecation warning when role is run conjur-puppet#258 Error with self signed certificate conjur-puppet#201 Investigate (and possibly implement) ability to check if we can validate that agent credentials are valid conjur-puppet#65 Use OpenAPI spec to generate the client code conjur-puppet#29 WinCred resource and provider are separated to their own Puppet Module terraform-provider-conjur#138 Support for Ephemeral Secrets terraform-provider-conjur#134 Documentation Bug in README in Build From Source section terraform-provider-conjur#132 Add an ability to update Conjur secret terraform-provider-conjur#99 Provider is not up to date and does not support CONJUR_AUTHN_TOKEN that is included in conjur-api-go terraform-provider-conjur#94 Manifest example in provider's documentation is wrong. terraform-provider-conjur#60 Add unit tests terraform-provider-conjur#53 Add Windows instructions to README conjur-quickstart#64 Can the setup work using podman-compose?	conjur#1602 Tags and successful image publishes trigger builds of downstream projects conjur#840 Kubernetes authenticator has a service account token option secretless-broker#1178 Secretless optionally supports encryption for the client-to-Secretless connection secretless-broker#1065 Broker can delegate basic sanity checks on `credentials` keys to plugins secretless-broker#1063 Broker does early verification of plugin parameters secretless-broker#493 Conjur authentication logic is removed from the provider secretless-broker#451 Secretless has an Azure Key Vault credential provider secretless-broker#449 Microsoft Love - Support for Microsoft/Azure tools secretless-broker#31 Use a dot foo.bar scheme to access nested data from HashiCorp Vault conjur-oss-helm-chart#139 Make conjur proxy container optional and configurable kubernetes-conjur-deploy#99 Don't use separate yamls for OC and K8s where possible kubernetes-conjur-deploy#55 Tests include coverage of master deployment to both GKE and OpenShift			conjur#2436 Auth api additions conjur#2666 WIP: Policy lifecycle extensions conjur#2853 cyberark/migrate-slosilo-gem conjur#2522 Auth persist api conjur#2863 WIP: Early Policy factory POC conjur#2696 Developer documentation conjur#2543 Potential Policy workflow for Synchronizer leader election conjur#2616 Allow OIDC Providers to be available via local socket conjur#2631 add logging if send message fails conjur#2714 Policy Template Factory conjur#2829 Replace Conjur Auth Token with a valid JWT token conjur#2946 Use context variable instead of instance variable for certs conjur#2999 Authenticator refactor v2 conjur#2944 Log warning of dropped updates to existing resources in policy POST conjur#2896 PoC for managing write-only permission at the Sequel level conjur#2953 Add OIDC proxy integration tests secretless-broker#1443 SSH connector improvements secretless-broker#953 improved ssh service connector secretless-broker#1223 POC: Auto generation of troubleshooting guide secretless-broker#1379 WIP: Robust testing of AWS using feature-rich mock server conjur-oss-helm-chart#184 Make Postgres FIPS compliant conjur-authn-k8s-client#527 Add telemetry toggles secrets-provider-for-k8s#553 Run in standalone mode secrets-provider-for-k8s#552 leverage file temaplates with k8s-secret targets secrets-provider-for-k8s#551 improve error handling batch retrieve secrets-provider-for-k8s#550 retrieve k8s secrets based on label conjur-intro#106 TEST SELECTIVER REPLICATON - Sel rep codi conjur-intro#109 Host factory example conjur-intro#104 Example of a synchronizer "audit" role ansible-conjur-collection#214 [Snyk] Security upgrade ubuntu from 24.04 to 24.10 ansible-conjur-collection#213 [Snyk] Security upgrade ubuntu from 24.04 to 24.10 ansible-conjur-collection#212 [Snyk] Security upgrade ubuntu from 24.04 to 24.10 ansible-conjur-collection#206 Sanity test fixes ansible-conjur-collection#205 Fix the Sanity Test for Ansible 2.16 version ansible-conjur-collection#185 ONYX-26897 To reuse the token ansible-conjur-collection#186 Onyx 26897 retry ansible-conjur-collection#178 Implement support for JWT authentication terraform-provider-conjur#126 Readme updated and unit test, acceptance testing, conjur-api-go version update conjur-opentelemetry-tracer#10 Add Tracer creation functions	conjur#678 authenticator prints useful error on 400 response secretless-broker#17 define and create new Summon format (post secretsyml) secretless-broker#16 use viper for standardised configuration (12 factor) kubernetes-conjur-deploy#25 update deploy / demo scripts for v5 OSS
	conjur#1787 Conjur debian package is updated to exclude irrelevant files and directories 🌊
	conjur#1198 Audit atomicity 🌊
	conjur#943 Conjur Certificate Authorities support signing intermediate certificate authorities 🌊 conjur#923 Conjur Certificate Authorities support signing SSH RSA public keys in PEM format 🌊
	secretless-broker#1335 Support Vault AppRole auth method in provider 🌊
	ansible-conjur-collection#202 Retry in conjur_variable lookup not working for errors out of urllib_error.HTTPError or socket.timeout 🌊
	conjur#1269 Test log output for application identity in GKE 🌊
	conjur#1562 Baseline functionality for "Testing Best Practices" has been established 🌊 conjur#918 CommandClass can receive errors directly 🌊 secretless-broker#475 Make localhost socket use info more prominent 🌊
	conjur#1161 (CA) Challenge conjur-map format and parsing 🌊 conjur#1088 Convert Command class call methods to explicit mode 🌊 conjur#920 Add error injection to Command class in oidc 🌊
	conjur#650 A K8s/OpenShift version support matrix is available 🌊 secretless-broker#772 secretless can validate config files from CLI 🌊 secretless-broker#771 Reduce MySQL handler noise 🌊 secretless-broker#380 Broker is easy to develop for 🌊 secretless-broker#249 Secrets do not remain in the sidecar memory 🌊	conjur-puppet#235 Investigate if `puppetlabs-registry` dependency is still needed 🌊
	secretless-broker#354 Istio can be used with an external DB 🌊 secretless-broker#82 AWS handler has test suite with documentation 🌊	secretless-broker#325 Secretless can be deployed with a sidecar injector 🌊
	ansible-conjur-collection#37 There is a demo showing how to use this collection 🌊

Triage Party v1.4.0