Once every quarter, look for stale issues, reprioritize, and de-duplicate.

Quarterly Scrub

173 unique items

Completion ETA: ~2032-06-20

Assi Issues nearing expiration Features that deserve a follow-up comment Features that have not been commented on within 90 days Bugs that deserve a follow-up comment Bugs that have not been commented on within 60 days Items that deserve a follow-up comment Items that have not been commented on within 60 days
nobody
conjur#1753 Conjur policy reload does not update annotations in APPEND mode
secretless-broker#704 fs_watcher has a goroutine leak
conjur-oss-helm-chart#177 Conjur does not start with an external Postgres database due to OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode
conjur-oss-helm-chart#133 Instructions fail when LoadBalancer service defines a hostname instead of an IP for the LB ingress
conjur-oss-helm-chart#130 Failure in Conjur schema migrations of external DB can't recover
conjur-oss-helm-chart#68 Helm deployment instructions (README) include architecture diagrams
conjur#2181 Kubernetes Authenticator Websocket Client doesn't support Server Name Indication (SNI)
conjur#1524 Querying resources as a role without specifying the fully qualified ID leads to a 403 response
conjur#1488 CI pipeline never exercises "environments/production.rb"
conjur#813 Host Factory created hosts don't have the policy namespace of their layer
secretless-broker#1112 MSSQL connector reports "unsupported version" when backend can't be contacted
secrets-provider-for-k8s#555 secrets-provider breaks base64 encoded pkcs12 files stored in Conjur
conjur#2245 Add minimum thread count to puma configuration
conjur#2117 Fix all Conjur CC issues
conjur#2081 Add tests for no STDIN but `--password-from-stdin` option is provided
conjur#2062 A test setup exists for testing simplified authn client config
conjur#1964 Update upgrade process: separate schema and data restoration
conjur#1959 There is a draft plan for improving Conjur sidecar automation in Kubernetes / OpenShift
conjur#1958 Adding recursive permit statements
conjur#1718 Configure SSL certs/keys and postgres ssl_mode
conjur#1602 Tags and successful image publishes trigger builds of downstream projects
conjur#1587 Refactor `./start`
conjur#1557 Extend rake task to get next available trackable log message code
conjur#1467 Improve security by permitting only expected params
conjur#1327 Conjur README is clear and approachable
conjur#1265 Kubernetes authenticator supports container-level application identity
conjur#1191 Architecture Diagram for DB off OpenShift
conjur#844 Policy reloading when an integration that auto-loads policy is used has passed XA
conjur#840 Kubernetes authenticator has a service account token option
conjur#812 Conjur k8s tests can be run on minikube
conjur#614 Cucumber tests should run in random order
conjur#582 Can't permit on a nested list of resources using policy
conjur#482 Document maximum policy size
secretless-broker#1347 Secretless component quality levels move from alpha/beta/GA to community/trusted/certified
secretless-broker#1342 Migrate to a new method for running the Secretless health check
secretless-broker#1336 There should be capabilities in `secretless.yml` to supply custom settings to providers
secretless-broker#1324 Generic HTTP Connector: OAuth1 supports different signature hashing methods
secretless-broker#1312 Create a Docker CLI Connector for Secretless
secretless-broker#1283 There is an example generic HTTP connector config for Salesforce
secretless-broker#1279 There is an example generic HTTP connector config for the Kubernetes API
secretless-broker#1262 There is an example generic HTTP connector config for the Google Cloud SDK
secretless-broker#1241 There exists a Cassandra TCP Connector with username and password based authentication
secretless-broker#1225 There is a central set of tests that validate the SSL configuration of the TLS connectors
secretless-broker#1222 Secretless has a Cassandra DB connector
secretless-broker#1213 Secretless has a DB2 connector
secretless-broker#1205 TLS Connectors share a structure for connection details
secretless-broker#1201 Determine how Secretless responds to DB server TLS renegotiation
secretless-broker#1182 Secretless configuration files support ssl configuration information
secretless-broker#1178 Secretless optionally supports encryption for the client-to-Secretless connection
secretless-broker#1171 Add Unix socket flow to Kubernetes tutorial
secretless-broker#1132 JDBC Jar is built at runtime for integration tests
secretless-broker#1097 Database clients receive a meaningful error when a new connection request has bad credentials
secretless-broker#1094 Secretless has configurable connection timeouts for connectors
secretless-broker#1083 Example plugin uses Secretless logger
secretless-broker#1065 Broker can delegate basic sanity checks on `credentials` keys to plugins
secretless-broker#1063 Broker does early verification of plugin parameters
secretless-broker#1042 Conjur provider has improved automated tests
secretless-broker#1036 Unit tests validate service connector plugin error handling
secretless-broker#1021 Add a Security Model to the connector plugin README
secretless-broker#1011 ForceSSL defaults to true
secretless-broker#994 Use our logger implementation for signal/reload listener
secretless-broker#993 Use our logger implementation for health check output
secretless-broker#992 Reintroduce back some logging messages we lost in refactoring
secretless-broker#980 Secretless transmits packets after authentication without transforming them
secretless-broker#979 Add `--allow-builtin-plugin-overrides` CLI argument
secretless-broker#957 Re-evaluate ConnectionManager API
secretless-broker#941 Remove URL parsing logic from `internal/proxyservice/proxy_service.go`
secretless-broker#940 Add better logic when we can't open a tcp socket
secretless-broker#937 Replace XXXFunc with values in AvailablePlugins UTs
secretless-broker#934 Tests are added for external_plugins.go
secretless-broker#902 secretless.Logger is simplified with cleaner tests
secretless-broker#875 Logger tests use mocks for simplicity
secretless-broker#836 Improve support for configuration CRDs
secretless-broker#834 Secretless supports plugin types besides connectors
secretless-broker#822 Make our plugin system work on windows
secretless-broker#715 CRDs are updated to use v2 configuration format
secretless-broker#701 Best practices recommendations exist for writing new DB handlers
secretless-broker#681 Tutorial progress bar position is fixed
secretless-broker#680 Abstraction exists in tutorial to accept multiple tutorials as parameter
secretless-broker#671 A good way to prevent log leaks has been agreed upon
secretless-broker#657 K8s tutorial scripts use correct method for waiting on containers
secretless-broker#645 Jekyll can create foldable content from markdown
secretless-broker#640 Cleanup and document code for autogenerating test secretless.yml
secretless-broker#625 SSL util functions for handlers have correct interface and clean code
secretless-broker#624 Use structured representation of options for Pg Handler
secretless-broker#623 MySQL Handler has good code quality and all required tests
secretless-broker#617 Credentials are consistently zeroized after use
secretless-broker#608 Improve dev flow on tests, test documentation, and test infrastructure
secretless-broker#607 MySQL/PG/SSL tests have been refactored
secretless-broker#592 Simplify ConfigureBackend in database handlers
secretless-broker#591 Add README to the integration tests
secretless-broker#514 Providers retrieve secret values per connection in batches if possible
secretless-broker#510 AWS Secrets credential provider has integration tests
secretless-broker#507 Secretless has AWS Secrets Provider
secretless-broker#506 Config watcher is tested
secretless-broker#505 Secretless watches for config file changes
secretless-broker#498 Unit tests should not require mercurial
secretless-broker#493 Conjur authentication logic is removed from the provider
secretless-broker#483 PostgreSQL handler protocol has unit tests
secretless-broker#477 Secretless quick start demo instructions are clear about flow
secretless-broker#473 Secretless optionally retries connections
secretless-broker#467 HTTP response times are measured
secretless-broker#466 SSH throughput is measured
secretless-broker#465 MySQL query response times are measured
secretless-broker#451 Secretless has an Azure Key Vault credential provider
secretless-broker#449 Microsoft Love - Support for Microsoft/Azure tools
secretless-broker#409 Website has performance page
secretless-broker#400 Broker documentation is improved
secretless-broker#383 Broker is secure
secretless-broker#381 Broker has additional configuration options
secretless-broker#379 Performance metrics are published
secretless-broker#374 A pass-through listener exists
secretless-broker#270 SSH agent only keeps loaded keys for the duration of connection
secretless-broker#265 Secretless has option to configure response when provider fails to resolve a variable
secretless-broker#264 Secretless optionally supports secrets caching
secretless-broker#260 Add MongoDB handler/listener
secretless-broker#31 Use a dot foo.bar scheme to access nested data from HashiCorp Vault
helm-charts#16 Helm charts are published to Helm artifact hub and helm/hub
helm-charts#12 Helm charts repo is updated after new helm chart release
conjur-oss-helm-chart#167 Add nodeSelector to list of Chart Parameters
conjur-oss-helm-chart#142 Add check/warning for pre-existing ClusterRole in Kubernetes example scripts
conjur-oss-helm-chart#141 Clarify compatible database versions in README
conjur-oss-helm-chart#139 Make conjur proxy container optional and configurable
conjur-oss-helm-chart#136 Add option to auto-create a Conjur data encryption key
conjur-oss-helm-chart#135 Add deprecation warnings to NOTES.txt
conjur-oss-helm-chart#134 Deprecated features to consider for removal for next major release (3.0.0)
conjur-oss-helm-chart#132 Add authn-k8s demo app E2E test based on KinD GitHub actions
conjur-oss-helm-chart#131 Eliminate redundant Kubernetes service for Conjur
conjur-oss-helm-chart#104 Reorganize README.md KinD example to make it more of a Getting Started guide
conjur-oss-helm-chart#86 Document use of or add subchart for bitnami/postgresql
conjur-oss-helm-chart#61 Helm pipeline runs `helm package` on tags and auto-adds the artifact to a GitHub release
conjur-oss-helm-chart#57 Pipeline validates upgrade instructions
conjur-oss-helm-chart#54 Automated end-to-end testing suite
conjur-oss-helm-chart#46 Adds TLS between Conjur and posgres pod
conjur-oss-helm-chart#28 Documentation is updated to clarify setup steps
conjur-oss-helm-chart#9 CI pipeline runs kubesec
conjur-oss-helm-chart#7 Conjur Helm chart has published shasums
conjur-intro#61 Add jenkins conjur plugin test
conjur-intro#31 The demo flows have automated tests
ansible-conjur-host-identity#30 Migrate this Ansible role to the Conjur Ansible collection
ansible-conjur-host-identity#26 conjur_variable lookup plugin can be improved
conjur#1559 authn_k8s:inject_client_cert: Make client cert path configurable
conjur#1519 Adds info endpoint for server/follower ID and version for debugging
conjur#984 No indication of missing rotator
conjur#843 Secrets can be retrieved with variable prefix
conjur#835 Replace Ruby Sass
conjur#824 Authenticate controller logs error message correctly
conjur#780 LDAP Authenticator supports mutual TLS
conjur#678 authenticator prints useful error on 400 response
conjur#640 Conjur Docker image follows the standard version naming convention
conjur#607 A user sees the Audit events are visible to them
conjur#540 Deprecate the route GET /resources/:account
conjur#509 Error msg unclear when loading policy with multiple unnamed hostfactory configurations
conjur#181 String ids considered harmful
secretless-broker#1337 Support multi-value dynamic credentials
secretless-broker#558 Investigate the impact of TLS between Secretless and backend server
conjur-api-go#60 GoLang SDK correctly handles Users/Hosts with `api_key_enabled`
conjur-api-java#42 Add code coverage to conjur-api-java

conjur#1787 Conjur debian package is updated to exclude irrelevant files and directories
🌊

conjur#1096 A central location exists for Conjur Log docs
🌊

secretless-broker#354 Istio can be used with an external DB
🌊

secretless-broker#325 Secretless can be deployed with a sidecar injector
🌊

secretless-broker#82 AWS handler has test suite with documentation
🌊

conjur#1213 No indication for the user when providing a wrong Conjur data key
🌊

secretless-broker#771 Reduce MySQL handler noise
🌊

secretless-broker#380 Broker is easy to develop for
🌊

secretless-broker#249 Secrets do not remain in the sidecar memory
🌊

conjur#650 A K8s/OpenShift version support matrix is available
🌊

secretless-broker#475 Make localhost socket use info more prominent
🌊

conjur#1562 Baseline functionality for "Testing Best Practices" has been established
🌊

conjur#1673 Migrate conjur-policy-parser locally
🌊

conjur#1082 Investigate permission problems in master startup
🌊

secretless-broker#1335 Support Vault AppRole auth method in provider
🌊
Triage Party v1.4.0