queue to be emptied once a week in a team triage meeting

Weekly Triage

188 unique items

Completion ETA: ~2041-07-20

Assi Important soon, but no updates in 60 days Important longterm, but no updates in 120 days many reactions, low priority many commenters, low priority Screaming into the void Needs information for over 2 weeks Support request over 30 days old Issues nearing expiration Pull requests: Approved and getting old Pull Requests: Stale Overdue answers for a question Updated support requests

conjur#2551 Conjur tracing with jaeger
🌊

conjur-oss-helm-chart#186 Add resource values for nginx and postgres
🌊

conjur-oss-helm-chart#183 Add option from datakey to be provided from existing secret
🌊

conjur-openapi-spec#214 Allow deployment of stable Conjur version
🌊

sidecar-injector#75 POC to add security context values
🌊

conjur#1096 A central location exists for Conjur Log docs
🌊

secretless-broker#380 Broker is easy to develop for
🌊
nobody
conjur#2181 Kubernetes Authenticator Websocket Client doesn't support Server Name Indication (SNI)
conjur#3021 Automated PR to update settings
conjur#2436 Auth api additions
conjur#2666 WIP: Policy lifecycle extensions
conjur#2853 cyberark/migrate-slosilo-gem
conjur#2893 Add read-only configuration
conjur#2522 Auth persist api
conjur#2640 Prevent status webservices from being returned on the providers endpoint
conjur#2836 Solution Design: CyberArk Conjur Provider for Secret Store CSI Driver
conjur#2863 WIP: Early Policy factory POC
conjur#2807 WIP: Add reset password rake task
conjur#2439 Semantic Logging (with metrics)
conjur#2696 Developer documentation
conjur#2541 Remove `rack-rewrite` gem as it appears it is no longer needed
conjur#2543 Potential Policy workflow for Synchronizer leader election
conjur#2616 Allow OIDC Providers to be available via local socket
conjur#2631 add logging if send message fails
conjur#2634 Adds authenticator support for passing OIDC token via body or authorization header
conjur#2714 Policy Template Factory
conjur#2734 Authn-JWT Refactor
conjur#2829 Replace Conjur Auth Token with a valid JWT token
conjur#2946 Use context variable instead of instance variable for certs
conjur#2999 Authenticator refactor v2
conjur#2944 Log warning of dropped updates to existing resources in policy POST
conjur#2896 PoC for managing write-only permission at the Sequel level
conjur#2953 Add OIDC proxy integration tests
conjur#2990 Authn jwt refactor v5
conjur#2699 Fix broken tests by refershing materalized views
conjur#2565 Add annotation based user search
secretless-broker#1443 SSH connector improvements
secretless-broker#953 improved ssh service connector
secretless-broker#1223 POC: Auto generation of troubleshooting guide
secretless-broker#1379 WIP: Robust testing of AWS using feature-rich mock server
conjur-oss-helm-chart#184 Make Postgres FIPS compliant
conjur-openapi-spec#220 Added new routes for OIDC functionality
conjur-api-python#51 Added dry-run parameter on policy methods
conjur-authn-k8s-client#527 Add telemetry toggles
secrets-provider-for-k8s#553 Run in standalone mode
secrets-provider-for-k8s#552 leverage file temaplates with k8s-secret targets
secrets-provider-for-k8s#551 improve error handling batch retrieve
secrets-provider-for-k8s#550 retrieve k8s secrets based on label
kubernetes-conjur-demo#153 Scan for and remove internal URLs
conjur-intro#106 TEST SELECTIVER REPLICATON - Sel rep codi
conjur-intro#109 Host factory example
conjur-intro#104 Example of a synchronizer "audit" role
ansible-conjur-collection#214 [Snyk] Security upgrade ubuntu from 24.04 to 24.10
ansible-conjur-collection#213 [Snyk] Security upgrade ubuntu from 24.04 to 24.10
ansible-conjur-collection#212 [Snyk] Security upgrade ubuntu from 24.04 to 24.10
ansible-conjur-collection#206 Sanity test fixes
ansible-conjur-collection#205 Fix the Sanity Test for Ansible 2.16 version
ansible-conjur-collection#185 ONYX-26897 To reuse the token
ansible-conjur-collection#186 Onyx 26897 retry
ansible-conjur-collection#178 Implement support for JWT authentication
terraform-provider-conjur#121 ReadMe Update and pointing to new version of conjur API go
terraform-provider-conjur#126 Readme updated and unit test, acceptance testing, conjur-api-go version update
conjur-opentelemetry-tracer#10 Add Tracer creation functions
conjur#1753 Conjur policy reload does not update annotations in APPEND mode
conjur#1718 Configure SSL certs/keys and postgres ssl_mode
conjur#1559 authn_k8s:inject_client_cert: Make client cert path configurable
conjur#813 Host Factory created hosts don't have the policy namespace of their layer
secretless-broker#260 Add MongoDB handler/listener
ansible-conjur-collection#191 Unable to run cyberark.conjur.conjur_host_identity role.
conjur#2245 Add minimum thread count to puma configuration
conjur#2117 Fix all Conjur CC issues
conjur#2081 Add tests for no STDIN but `--password-from-stdin` option is provided
conjur#1958 Adding recursive permit statements
conjur#1602 Tags and successful image publishes trigger builds of downstream projects
conjur#1587 Refactor `./start`
conjur#1557 Extend rake task to get next available trackable log message code
conjur#1467 Improve security by permitting only expected params
conjur#1191 Architecture Diagram for DB off OpenShift
conjur#840 Kubernetes authenticator has a service account token option
conjur#812 Conjur k8s tests can be run on minikube
conjur#614 Cucumber tests should run in random order
conjur#482 Document maximum policy size
secretless-broker#1347 Secretless component quality levels move from alpha/beta/GA to community/trusted/certified
secretless-broker#1324 Generic HTTP Connector: OAuth1 supports different signature hashing methods
secretless-broker#1312 Create a Docker CLI Connector for Secretless
secretless-broker#1283 There is an example generic HTTP connector config for Salesforce
secretless-broker#1279 There is an example generic HTTP connector config for the Kubernetes API
secretless-broker#1262 There is an example generic HTTP connector config for the Google Cloud SDK
secretless-broker#1225 There is a central set of tests that validate the SSL configuration of the TLS connectors
secretless-broker#1201 Determine how Secretless responds to DB server TLS renegotiation
secretless-broker#1178 Secretless optionally supports encryption for the client-to-Secretless connection
secretless-broker#1171 Add Unix socket flow to Kubernetes tutorial
secretless-broker#1152 Proxyservice package is unit tested
secretless-broker#1132 JDBC Jar is built at runtime for integration tests
secretless-broker#1097 Database clients receive a meaningful error when a new connection request has bad credentials
secretless-broker#1094 Secretless has configurable connection timeouts for connectors
secretless-broker#1083 Example plugin uses Secretless logger
secretless-broker#1065 Broker can delegate basic sanity checks on `credentials` keys to plugins
secretless-broker#1042 Conjur provider has improved automated tests
secretless-broker#1036 Unit tests validate service connector plugin error handling
secretless-broker#1021 Add a Security Model to the connector plugin README
secretless-broker#1011 ForceSSL defaults to true
secretless-broker#994 Use our logger implementation for signal/reload listener
secretless-broker#993 Use our logger implementation for health check output
secretless-broker#980 Secretless transmits packets after authentication without transforming them
secretless-broker#979 Add `--allow-builtin-plugin-overrides` CLI argument
secretless-broker#957 Re-evaluate ConnectionManager API
secretless-broker#941 Remove URL parsing logic from `internal/proxyservice/proxy_service.go`
secretless-broker#940 Add better logic when we can't open a tcp socket
secretless-broker#937 Replace XXXFunc with values in AvailablePlugins UTs
secretless-broker#934 Tests are added for external_plugins.go
secretless-broker#902 secretless.Logger is simplified with cleaner tests
secretless-broker#875 Logger tests use mocks for simplicity
secretless-broker#834 Secretless supports plugin types besides connectors
secretless-broker#822 Make our plugin system work on windows
secretless-broker#715 CRDs are updated to use v2 configuration format
secretless-broker#704 fs_watcher has a goroutine leak
secretless-broker#701 Best practices recommendations exist for writing new DB handlers
secretless-broker#681 Tutorial progress bar position is fixed
secretless-broker#680 Abstraction exists in tutorial to accept multiple tutorials as parameter
secretless-broker#671 A good way to prevent log leaks has been agreed upon
secretless-broker#657 K8s tutorial scripts use correct method for waiting on containers
secretless-broker#640 Cleanup and document code for autogenerating test secretless.yml
secretless-broker#625 SSL util functions for handlers have correct interface and clean code
secretless-broker#624 Use structured representation of options for Pg Handler
secretless-broker#623 MySQL Handler has good code quality and all required tests
secretless-broker#617 Credentials are consistently zeroized after use
secretless-broker#608 Improve dev flow on tests, test documentation, and test infrastructure
secretless-broker#607 MySQL/PG/SSL tests have been refactored
secretless-broker#591 Add README to the integration tests
secretless-broker#514 Providers retrieve secret values per connection in batches if possible
secretless-broker#510 AWS Secrets credential provider has integration tests
secretless-broker#507 Secretless has AWS Secrets Provider
secretless-broker#506 Config watcher is tested
secretless-broker#505 Secretless watches for config file changes
secretless-broker#493 Conjur authentication logic is removed from the provider
secretless-broker#483 PostgreSQL handler protocol has unit tests
secretless-broker#477 Secretless quick start demo instructions are clear about flow
secretless-broker#473 Secretless optionally retries connections
secretless-broker#467 HTTP response times are measured
secretless-broker#466 SSH throughput is measured
secretless-broker#465 MySQL query response times are measured
secretless-broker#451 Secretless has an Azure Key Vault credential provider
secretless-broker#409 Website has performance page
secretless-broker#400 Broker documentation is improved
secretless-broker#383 Broker is secure
secretless-broker#381 Broker has additional configuration options
secretless-broker#374 A pass-through listener exists
secretless-broker#265 Secretless has option to configure response when provider fails to resolve a variable
secretless-broker#31 Use a dot foo.bar scheme to access nested data from HashiCorp Vault
helm-charts#16 Helm charts are published to Helm artifact hub and helm/hub
helm-charts#12 Helm charts repo is updated after new helm chart release
conjur-oss-helm-chart#177 Conjur does not start with an external Postgres database due to OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode
conjur-oss-helm-chart#167 Add nodeSelector to list of Chart Parameters
conjur-oss-helm-chart#142 Add check/warning for pre-existing ClusterRole in Kubernetes example scripts
conjur-oss-helm-chart#141 Clarify compatible database versions in README
conjur-oss-helm-chart#139 Make conjur proxy container optional and configurable
conjur-oss-helm-chart#136 Add option to auto-create a Conjur data encryption key
conjur-oss-helm-chart#135 Add deprecation warnings to NOTES.txt
conjur-oss-helm-chart#134 Deprecated features to consider for removal for next major release (3.0.0)
conjur-oss-helm-chart#133 Instructions fail when LoadBalancer service defines a hostname instead of an IP for the LB ingress
conjur-oss-helm-chart#132 Add authn-k8s demo app E2E test based on KinD GitHub actions
conjur-oss-helm-chart#130 Failure in Conjur schema migrations of external DB can't recover
conjur-oss-helm-chart#104 Reorganize README.md KinD example to make it more of a Getting Started guide
conjur-oss-helm-chart#86 Document use of or add subchart for bitnami/postgresql
conjur-oss-helm-chart#68 Helm deployment instructions (README) include architecture diagrams
conjur-oss-helm-chart#57 Pipeline validates upgrade instructions
conjur-oss-helm-chart#46 Adds TLS between Conjur and posgres pod
conjur-oss-helm-chart#28 Documentation is updated to clarify setup steps
conjur-oss-helm-chart#9 CI pipeline runs kubesec
conjur-oss-helm-chart#7 Conjur Helm chart has published shasums
summon#260 Multi-line secrets.
sidecar-injector#93 TLS handshake error when following README in local cluster
conjur-intro#31 The demo flows have automated tests
ansible-conjur-collection#49 Add other ways to specify Conjur / DAP identity in `cyberark.conjur.conjur_variable`
ansible-conjur-collection#47 The UX of configuring the lookup plugin and role has been evaluated
ansible-conjur-collection#46 Roles are tested with Molecule
ansible-conjur-collection#45 The log output of the conjur-role without "no_log" set to true has been reviewed
ansible-conjur-collection#43 Documentation is clear that input variable path should not be urlencoded
ansible-conjur-collection#42 Expand Ansible Collection to include Conjur Role
conjur-puppet#258 Error with self signed certificate
terraform-provider-conjur#132 Add an ability to update Conjur secret
terraform-provider-conjur#53 Add Windows instructions to README

conjur#2587 Update k8s test app base image
🌊

secretless-broker#1340 WIP: mongodb connector
🌊

secretless-broker#354 Istio can be used with an external DB
🌊

secretless-broker#325 Secretless can be deployed with a sidecar injector
🌊

secretless-broker#82 AWS handler has test suite with documentation
🌊
Triage Party v1.4.0