Refreshing data in the background. Displayed data may be up to 2h old. Use Shift-Reload to force a data refresh at any time.
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 3021 |  |
Automated PR to update settings | 5mo | 6wk | 4mo |  |
commented member-last send unreviewed
|
|||
| 2436 |  |
Auth api additions | 3y | 6wk |  |
draft new-commits recv-q
|
||||
| 2666 |  |
WIP: Policy lifecycle extensions | 3y | 6wk | |
draft reviewed-with-comment
|
||||
| 2853 |  |
cyberark/migrate-slosilo-gem | 2y | 6wk | |
new-commits
|
||||
| 2551 |  |
Conjur tracing with jaeger |
| 3y | 6wk | 9mo |   |
assigned assignee-updated commented member-last new-commits send
|
||
| 2893 |  |
Add read-only configuration | 2y | 6wk | 5mo | |
commented draft member-last reviewed-with-comment send
|
|||
| 2522 | |
Auth persist api |
4
|
3y | 6wk | 3y |  |
commented reviewed-with-comment
|
||
| 2640 |  |
Prevent status webservices from being returned on the providers endpoint | 3y | 6wk | 3y |  |
commented reviewed-with-comment send
|
|||
| 2836 |  |
Solution Design: CyberArk Conjur Provider for Secret Store CSI Driver |
2
|
2y | 6wk | 9mo |    |
commented draft member-last new-commits send
|
||
| 2863 | |
WIP: Early Policy factory POC | 2y | 6wk |
draft unreviewed
|
|||||
| 2807 | |
WIP: Add reset password rake task | 2y | 6wk | 9mo | |
commented draft member-last new-commits send
|
|||
| 2439 | |
Semantic Logging (with metrics) | 3y | 6wk | 3y | |
commented draft member-last reviewed-with-comment send
|
|||
| 2587 | |
Update k8s test app base image |
| 3y | 6wk | 5mo | |
kind/enhancement
dependencies
|
assigned commented draft member-last send unreviewed
|
|
| 2696 | |
Developer documentation | 2y | 6wk |
draft unreviewed
|
|||||
| 2541 | |
Remove `rack-rewrite` gem as it appears it is no longer needed | 3y | 6wk | 5mo | |
commented draft member-last send unreviewed
|
|||
| 2543 | |
Potential Policy workflow for Synchronizer leader election | 3y | 6wk | 3y |  |
commented draft member-last reviewed-with-comment
|
|||
| 2616 | |
Allow OIDC Providers to be available via local socket | 3y | 6wk | |
draft new-commits
|
||||
| 2631 | |
add logging if send message fails | 3y | 6wk | |
draft reviewed-with-comment
|
||||
| 2634 | |
Adds authenticator support for passing OIDC token via body or authorization header | 3y | 6wk | 3y | |
commented draft member-last new-commits send
|
|||
| 2714 | |
Policy Template Factory | 2y | 6wk |
draft unreviewed
|
|||||
| 2734 | |
Authn-JWT Refactor | 2y | 6wk | 9mo | |
commented member-last new-commits send similar
|
|||
| 2829 | |
Replace Conjur Auth Token with a valid JWT token | 2y | 6wk |
draft unreviewed
|
|||||
| 2946 | |
Use context variable instead of instance variable for certs | 2y | 6wk |
draft unreviewed
|
|||||
| 2999 | |
Authenticator refactor v2 | 2y | 6wk |
draft unreviewed
|
|||||
| 2944 | |
Log warning of dropped updates to existing resources in policy POST | 2y | 6wk |
draft unreviewed
|
|||||
| 2896 | |
PoC for managing write-only permission at the Sequel level | 2y | 6wk |
draft unreviewed
|
|||||
| 2953 | |
Add OIDC proxy integration tests | 2y | 6wk |
draft unreviewed
|
|||||
| 2990 | |
Authn jwt refactor v5 | 2y | 6wk | 9mo | |
commented draft member-last send similar unreviewed
|
|||
| 2699 | |
Fix broken tests by refershing materalized views | 2y | 5mo | 5mo | |
commented draft member-last send unreviewed
|
|||
| 2565 | |
Add annotation based user search | 3y | 3y | 3y | |
commented member-last new-commits send
|
|||
| 1443 | |
SSH connector improvements | 3y | 3y | |
draft unreviewed
|
||||
| 953 | |
improved ssh service connector | 6y | 3y |
draft unreviewed
|
|||||
| 1223 | |
POC: Auto generation of troubleshooting guide | 5y | 3y | |
draft new-commits
|
||||
| 1340 | |
WIP: mongodb connector |
| 5y | 3y |
assigned draft unreviewed
|
||||
| 1379 | |
WIP: Robust testing of AWS using feature-rich mock server |
2
|
4y | 3y | 4y |  |
commented draft member-last new-commits
|
||
| 186 |  |
Add resource values for nginx and postgres |
| 2y | 14d | 14d | |
kind/enhancement
contributor
|
assigned assignee-updated commented member-last send unreviewed
|
|
| 184 | |
Make Postgres FIPS compliant |
|
2y | 2y | 2y |   |
commented draft unreviewed
|
||
| 183 |  |
Add option from datakey to be provided from existing secret |
|
2
|
2y | 2y | 2y | |
kind/enhancement
contributor
|
assigned assignee-updated commented member-last reviewed-with-comment send
|
| 214 | |
Allow deployment of stable Conjur version |
| 3y | 9mo | 9mo | |
assigned commented draft member-last send unreviewed
|
||
| 220 | |
Added new routes for OIDC functionality | 3y | 9mo | 9mo | |
commented member-last send unreviewed
|
|||
| 51 |  |
Added dry-run parameter on policy methods | 8mo | 5wk | 5wk | |
enhancement
kind/community
kind/enhancement
|
commented member-last send unreviewed
|
||
| 527 | |
Add telemetry toggles | 2y | 2y |
draft unreviewed
|
|||||
| 553 |  |
Run in standalone mode |
|
8mo | 4mo | 4mo | |
commented new-commits recv
|
||
| 552 | |
leverage file temaplates with k8s-secret targets | 8mo | 8mo | 8mo |
recv unreviewed
|
||||
| 551 | |
improve error handling batch retrieve | 8mo | 8mo | 8mo |
recv unreviewed
|
||||
| 550 | |
retrieve k8s secrets based on label | 8mo | 8mo | 8mo |
recv unreviewed
|
||||
| 75 |  |
POC to add security context values |
| 3y | 6wk | 6wk | |
assigned commented draft member-last send unreviewed
|
||
| 153 | |
Scan for and remove internal URLs | 2y | 9mo | 9mo | |
commented draft member-last send unreviewed
|
|||
| 106 | |
TEST SELECTIVER REPLICATON - Sel rep codi | 3y | 2y |
draft unreviewed
|
|||||
| 109 | |
Host factory example | 2y | 2y |
draft unreviewed
|
|||||
| 104 | |
Example of a synchronizer "audit" role | 3y | 3y |
draft unreviewed
|
|||||
| 214 |  |
[Snyk] Security upgrade ubuntu from 24.04 to 24.10 | 7wk | 7wk |
unreviewed
|
|||||
| 213 | |
[Snyk] Security upgrade ubuntu from 24.04 to 24.10 | 3mo | 3mo |
unreviewed
|
|||||
| 212 | |
[Snyk] Security upgrade ubuntu from 24.04 to 24.10 | 3mo | 3mo |
unreviewed
|
|||||
| 206 | |
Sanity test fixes | 10mo | 10mo |
draft unreviewed
|
|||||
| 205 |  |
Fix the Sanity Test for Ansible 2.16 version | 1y | 1y |
unreviewed
|
|||||
| 185 |  |
ONYX-26897 To reuse the token | 2y | 2y | 2y | |
commented member-last new-commits
|
|||
| 186 | |
Onyx 26897 retry | 2y | 2y |
unreviewed
|
|||||
| 178 | |
Implement support for JWT authentication | 3y | 3y |
draft unreviewed
|
|||||
| 121 |  |
ReadMe Update and pointing to new version of conjur API go | 2y | 2mo | 2y |    |
commented member-last reviewed-with-comment send
|
|||
| 126 | |
Readme updated and unit test, acceptance testing, conjur-api-go version update | 2y | 2mo |
approved
|
|||||
| 10 | |
Add Tracer creation functions | 2y | 2y |
unreviewed
|
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 2494 | |
Dev environment supports hot reloading | 3y | 3y | ||||||
| 2430 | |
Policy Permit Privileges without brackets doesn't produce an error | 3y | 3y |
kind/bug
|
|||||
| 2380 | |
Better handling of malformed Kubernetes service account token for Kubernetes authenticator | 4y | 4y |
kind/enhancement
component/conjur
|
|||||
| 2245 |  |
Add minimum thread count to puma configuration | 4y | 4y | 4y |
recv
|
||||
| 2181 | |
Kubernetes Authenticator Websocket Client doesn't support Server Name Indication (SNI) | 4y | 5mo | 5mo | |
kind/bug
kind/support
|
commented member-last send
|
||
| 2133 | |
Fix ApplicationController complexity | 4y | 4y |
kind/enhancement
component/conjur
|
|||||
| 2117 | |
Fix all Conjur CC issues | 4y | 4y | 4y |
kind/technical-debt
|
recv
|
|||
| 2108 | |
Update release workflow to include API version | 4y | 4y |
kind/enhancement
component/conjur
|
|||||
| 2081 | |
Add tests for no STDIN but `--password-from-stdin` option is provided | 4y | 4y | 4y |
recv
|
||||
| 2067 | |
Non-empty policy variable values should apply and take precedence for Kubernetes authenticator | 4y | 4y |
kind/bug
component/conjur
|
|||||
| 2062 |  |
A test setup exists for testing simplified authn client config | 4y | 4y | 4y | |
kind/enhancement
component/conjur
|
contributor-last recv
|
||
| 2046 |  |
Should raise informative log error in case role not exist in k8s inject_client_cert |
| 4y | 4y |
kind/enhancement
component/conjur
|
assigned
|
|||
| 2000 |  |
Validation for restricted to setting while loading a policy | 4y | 4y | ||||||
| 1980 | |
Update .dockerignore to include deb file exclusions | 4y | 4y |
kind/cleanup
severity/medium
|
|||||
| 1964 | |
Update upgrade process: separate schema and data restoration | 5y | 4y | 5y |  |
kind/enhancement
component/conjur
|
contributor-last recv recv-q
|
||
| 1959 | |
There is a draft plan for improving Conjur sidecar automation in Kubernetes / OpenShift | 5y | 5y | 5y | |
component/k8s
kind/spike
|
contributor-last recv
|
||
| 1958 |  |
Adding recursive permit statements |
6
|
5y | 4y | 5y |  |
kind/enhancement
component/conjur
internal-contributor
|
recv
|
|
| 1956 |  |
Support debugging authn-k8s in dev env | 5y | 7mo | |
kind/enhancement
component/conjur
rnd-boost
|
contributor-last open-milestone
|
|||
| 1945 |  |
Nil error in authn_k8s/inject_client_cert.rb | 5y | 5y | |
kind/bug
component/conjur
|
contributor-last recv-q
|
|||
| 1922 | |
Variable Content Validation |
|
5y | 5y |
kind/enhancement
component/conjur
|
||||
| 1920 | |
Hosts can acquire valid password via password change | 5y | 7mo |
kind/bug
component/conjur
|
|||||
| 1863 | |
Support validating host annotations for authentication while loading a policy | 5y | 5y |  |
kind/enhancement
component/conjur
Epic
|
contributor-last
|
|||
| 1787 | |
Conjur debian package is updated to exclude irrelevant files and directories | 
| 5y | 5y | 5y | |
component/appliance
kind/enhancement
component/conjur
|
assigned contributor-last recv
|
|
| 1765 |  |
Cucumber - Remove audit keyword from log step | 5y | 4y |
component/authenticators
rnd-boost
|
open-milestone
|
||||
| 1757 | |
Authentication token available in OAuth format | 5y | 5y |
kind/enhancement
component/conjur
|
|||||
| 1753 | |
Conjur policy reload does not update annotations in APPEND mode | 5y | 5y | 5y | |
kind/bug
component/conjur
severity/critical
source/salesforce
|
recv recv-q
|
||
| 1718 |  |
Configure SSL certs/keys and postgres ssl_mode | 5y | 4y | 5y |   |
kind/enhancement
component/conjur
contributor
has-idea
|
recv recv-q
|
||
| 1700 | |
CIDR Restriction - invalid cidr value DB Error | 5y | 5y |
kind/bug
component/conjur
severity/low
support/moderate
|
|||||
| 1696 | |
Consider refactoring request IP tests to smaller units under test | 5y | 5y |
kind/technical-debt
kind/testing
|
|||||
| 1679 | |
CIDR Support Proxy - Remove validate_origin from Authenticate | 5y | 5y |
kind/technical-debt
|
|||||
| 1673 | |
Migrate conjur-policy-parser locally |
| 5y | 5mo | 5mo | |
assigned commented member-last send
|
||
| 1651 |  |
Conjur Account change to Space | 5y | 2y |
Epic
|
|||||
| 1618 |  |
Load empty policy cause to 403 in creating host from token | 5y | 5y |
kind/bug
component/conjur
severity/high
|
open-milestone
|
||||
| 1611 | |
Implicit database dependency in credentials command classes | 5y | 5y |
kind/technical-debt
|
|||||
| 1604 | |
Update landing page jquery to 3.3.1-dfsg or higher | 5y | 5y |
kind/technical-debt
severity/medium
|
|||||
| 1603 | |
Update landing page bootstrap to 3.4.1 or later | 5y | 5y |
kind/technical-debt
severity/high
|
|||||
| 1602 | |
Tags and successful image publishes trigger builds of downstream projects | 5y | 5y | 5y |
triage/needs-info
kind/technical-debt
component/suite
|
recv
|
|||
| 1587 | |
Refactor `./start` | 5y | 5y | 5y |
kind/cleanup
|
recv
|
|||
| 1562 | |
Baseline functionality for "Testing Best Practices" has been established |
| 5y | 4y | 4y |  |
kind/technical-debt
component/conjur
|
assigned commented member-last send
|
|
| 1559 |  |
authn_k8s:inject_client_cert: Make client cert path configurable |
4
15
|
5y | 4y | 5y |   |
component/k8s
triage/needs-info
kind/enhancement
contributor
has-idea
|
commented recv-q send
|
|
| 1557 | |
Extend rake task to get next available trackable log message code | 5y | 5y | 5y |
kind/enhancement
component/conjur
|
recv
|
|||
| 1530 | |
Separate orchestrator config from policy_version model |
| 5y | 5y |
kind/cleanup
component/conjur
|
assigned
|
|||
| 1524 | |
Querying resources as a role without specifying the fully qualified ID leads to a 403 response | 5y | 9mo | 9mo | |
kind/bug
component/conjur
|
commented member-last send
|
||
| 1519 | |
Adds info endpoint for server/follower ID and version for debugging |
|
5y | 5y | 5y |  |
kind/enhancement
component/conjur
|
commented member-last send
|
|
| 1503 | |
Update audit private enterprise number | 5y | 5y |
kind/technical-debt
component/conjur
|
similar
|
||||
| 1502 | |
Update private enterprise number contact | 5y | 5y |
similar
|
|||||
| 1488 | |
CI pipeline never exercises "environments/production.rb" | 5y | 4y | 5y | |
kind/bug
component/conjur
rnd-boost
|
commented member-last open-milestone send
|
||
| 1478 | |
Conjur CI workflow is documented | 5y | 5y |
kind/technical-debt
|
|||||
| 1467 | |
Improve security by permitting only expected params | 5y | 5y | 5y |
kind/technical-debt
component/conjur
|
recv
|
|||
| 1466 |  |
fetchCertificate and pdf/fetchCertificate consist of hard coded path to httpclient | 5y | 4y |
kind/bug
component/conjur
rnd-boost
|
open-milestone
|
||||
| 1370 | |
Cyberark DAP Host Policy docs are updated to include the `api_key_enabled` attribute
|
5y | 5y |
kind/documentation
component/conjur
support/serious
|
similar
|
||||
| 1369 | |
Cyberark DAP User Policy docs are updated to include the `api_key_enabled` attribute
|
5y | 5y |
kind/documentation
component/conjur
support/serious
|
similar
|
||||
| 1368 | |
Cyberark Conjur Host Policy docs are updated to include the `api_key_enabled` attribute
|
5y | 5y |
kind/documentation
component/conjur
support/serious
|
similar
|
||||
| 1367 | |
Cyberark Conjur User Policy docs are updated to include the `api_key_enabled` attribute
|
5y | 5y |
kind/documentation
component/conjur
support/serious
|
similar
|
||||
| 1366 | |
Changing a User/Host api_key_enabled attribute to true generates an API key | 5y | 5y |
kind/enhancement
component/conjur
support/serious
|
similar
|
||||
| 1365 | |
Changing a User/Host api_key_enabled attribute to false removes the API key | 5y | 5y |
kind/enhancement
component/conjur
support/serious
|
similar
|
||||
| 1364 | |
Logging into the default authenticator with a User/Host with disabled API keys fails | 5y | 5y |
kind/enhancement
component/conjur
support/serious
|
|||||
| 1363 | |
Rotating a User/Host with disabled API key results in an error | 5y | 5y |
kind/enhancement
component/conjur
support/serious
|
|||||
| 1362 | |
An API key is not generated when api_key_enabled attribute is true | 5y | 5y |
kind/enhancement
component/conjur
support/serious
|
similar
|
||||
| 1361 | |
An API key is generated when api_key_enabled attribute is true | 5y | 5y |
kind/enhancement
component/conjur
support/serious
|
similar
|
||||
| 1327 | |
Conjur README is clear and approachable | 5y | 5mo | 5y | |
kind/documentation
kind/technical-debt
good-first-issue
|
contributor-last recv
|
||
| 1269 |  |
Test log output for application identity in GKE |
| 5y | 4y |
component/authenticators
kind/enhancement
rnd-boost
|
assigned open-milestone
|
|||
| 1265 | |
Kubernetes authenticator supports container-level application identity |
|
5y | 5y | 5y |  |
component/k8s
kind/enhancement
component/conjur
|
contributor-last recv
|
|
| 1258 | |
Add GKE testing section to README | 5y | 5y |
kind/documentation
kind/enhancement
|
|||||
| 1213 | |
No indication for the user when providing a wrong Conjur data key |
| 6y | 4mo | 4mo | |
triage/support
component/conjur
good-first-issue
kind/quality
rnd-boost
|
assigned commented member-last open-milestone
|
|
| 1198 | |
Audit atomicity | 
| 6y | 6y |
assigned
|
||||
| 1191 |  |
Architecture Diagram for DB off OpenShift | 6y | 6y | 6y |
recv
|
||||
| 1177 | |
(GA) Test if encryptions of k8s secrets is working |
| 6y | 4y |
component/k8s
kind/spike
rnd-boost
|
assigned open-milestone
|
|||
| 1163 | |
Switch UTs from Convey to testify in k8s authn client | 6y | 4y |
component/k8s
kind/testing
rnd-boost
|
open-milestone
|
||||
| 1161 | |
(CA) Challenge conjur-map format and parsing |
| 6y | 4y |
component/authenticators
component/k8s
kind/enhancement
rnd-boost
|
assigned open-milestone
|
|||
| 1159 | |
(CA) Add log level configuration |
| 6y | 4y |
component/authenticators
component/k8s
kind/enhancement
rnd-boost
|
assigned open-milestone
|
|||
| 1154 | |
Tests a 504 response code in OIDC | 6y | 4y |
component/authn-oidc
kind/testing
rnd-boost
|
open-milestone
|
||||
| 1142 | |
Conjur authn-k8s client user inputs can be provided as CMD args along as env vars | 6y | 4y |
component/k8s
kind/enhancement
rnd-boost
|
open-milestone
|
||||
| 1132 | |
Audit batch retrieve secret should be performed on full success only | 6y | 4y |
rnd-boost
|
open-milestone
|
||||
| 1115 | |
Logs in `production` env should include severity, timestamp & pid | 6y | 5y |
kind/bug
component/conjur
severity/low
good-first-issue
|
open-milestone
|
||||
| 1112 | |
Executing docker run on Conjur image produces useful error | 6y | 4y |
rnd-boost
|
open-milestone
|
||||
| 1101 | |
Decide on permissions to webservice | 6y | 4y |
kind/enhancement
component/conjur
rnd-boost
|
open-milestone
|
||||
| 1097 | |
Authenticators API | 6y | 6y |
Epic
|
|||||
| 1096 |  |
A central location exists for Conjur Log docs |
| 6y | 2y | 6y |
kind/developer-experience
|
assigned recv
|
||
| 1093 | |
We understand the testing currently performed in the cyberark/conjur repo | 6y | 6y | ||||||
| 1092 | |
Value objects should not interact with the DB | 6y | 6y |
component/authenticators
kind/enhancement
|
|||||
| 1089 | |
Convert FetchOidcSecrets to OidcVariable | 6y | 6y |
kind/enhancement
component/authn-oidc
|
|||||
| 1088 | |
Convert Command class call methods to explicit mode |
| 6y | 4y |
component/authenticators
kind/enhancement
rnd-boost
|
assigned open-milestone
|
|||
| 1082 | |
Investigate permission problems in master startup |
| 6y | 5y | 5y | |
component/k8s
kind/spike
|
assigned commented member-last send
|
|
| 1077 | |
Map persistence locations in appliance image |
| 6y | 4y |
component/k8s
kind/spike
rnd-boost
|
assigned open-milestone
|
|||
| 1075 | |
Replace deployment config with stateful set |
| 6y | 6y |
component/k8s
kind/spike
|
assigned
|
|||
| 1070 | |
Play with master inside minishift |
| 6y | 6y |
component/k8s
kind/spike
|
assigned
|
|||
| 1066 | |
OAuth 2 Device Grant - Spike |
| 6y | 6y |
component/authenticators
kind/spike
|
assigned
|
|||
| 1053 | |
`/authenticators/available` API returns the authenticators which are available for configuration - DRAFT | 6y | 6y |
component/authenticators
|
|||||
| 1051 | |
`/authenticators` API returns authenticators that are ready for authentication | 6y | 6y |
component/authenticators
|
|||||
| 984 | |
No indication of missing rotator | 6y | 6y | 6y | |
commented member-last
|
|||
| 943 | |
Conjur Certificate Authorities support signing intermediate certificate authorities |
| 6y | 6y |
kind/enhancement
component/conjur
blocked
component/pki
on-hold
in progress
|
assigned
|
|||
| 930 |  |
Can't load a delegation policy for a variable contains colon (:) in name | 6y | 4y |
kind/bug
component/conjur
severity/low
rnd-boost
|
open-milestone
|
||||
| 923 | |
Conjur Certificate Authorities support signing SSH RSA public keys in PEM format |
| 6y | 6y |
kind/enhancement
component/conjur
component/pki
on-hold
|
assigned
|
|||
| 920 | |
Add error injection to Command class in oidc |
| 6y | 6y |
kind/enhancement
merged
component/authn-oidc
in progress
|
assigned
|
|||
| 918 | |
CommandClass can receive errors directly |
| 6y | 6y | |
assigned assignee-updated contributor-last
|
|||
| 898 | |
cucumber steps can be shared between profiles | 6y | 6y |
kind/enhancement
component/cucumber
|
|||||
| 844 | |
Policy reloading when an integration that auto-loads policy is used has passed XA | 6y | 6y | 6y | |
component/ldap-sync
component/pcf
kind/XA
|
contributor-last recv
|
||
| 843 | |
Secrets can be retrieved with variable prefix |
2
|
6y | 6y | 6y |  |
kind/enhancement
component/api
|
commented member-last
|
|
| 840 | |
Kubernetes authenticator has a service account token option | 6y | 6y | 6y |
component/k8s
triage/needs-info
kind/enhancement
|
recv
|
|||
| 835 | |
Replace Ruby Sass | 6y | 8mo | 8mo | |
commented member-last
|
|||
| 824 | |
Authenticate controller logs error message correctly | 7y | 5y | 5y | |
commented member-last send
|
|||
| 813 | |
Host Factory created hosts don't have the policy namespace of their layer |
|
7y | 2y | 4y |   |
kind/bug
component/conjur
severity/medium
|
commented recv-q
|
|
| 812 | |
Conjur k8s tests can be run on minikube | 7y | 7y | 7y |
kind/technical-debt
component/conjur
kind/developer-experience
|
recv
|
|||
| 806 | |
LDAP Authenticator behavior is verified for users loaded to policy locations other than root | 7y | 7y |
component/appliance
component/ldap-sync
component/authenticators
triage/needs-info
kind/technical-debt
|
|||||
| 793 | |
authn-k8s can't authenticate pods controlled by DeploymentConfig | 7y | 4y |
kind/bug
component/openshift
severity/medium
|
|||||
| 780 | |
LDAP Authenticator supports mutual TLS |
|
7y | 6y | 6y | |
triage/duplicate
component/authenticators
kind/enhancement
|
commented member-last send
|
|
| 746 | |
Authenticator "origin" parameter should be more clearly named | 7y | 4y |  |
kind/technical-debt
rnd-boost
|
contributor-last open-milestone
|
|||
| 735 | |
ci/test script referenes cucumber/cucumber.yml | 7y | 4y |
rnd-boost
|
open-milestone
|
||||
| 734 | |
Sequel log level is set to :warn | 7y | 4y | |
rnd-boost
|
contributor-last open-milestone
|
|||
| 690 | |
Possible Future CA Development | 7y | 7y | ||||||
| 688 | |
Conjur CA Services are documented | 7y | 7y |
kind/documentation
component/conjur
|
|||||
| 678 |  |
authenticator prints useful error on 400 response | 7y | 4y | 5y | |
component/openshift
component/k8s
triage/needs-info
rnd-boost
|
commented member-last open-milestone send
|
||
| 677 | |
docs mention SPIFFE | 7y | 7y |
component/openshift
component/k8s
triage/needs-info
kind/documentation
|
|||||
| 675 | |
OpenShift events are displayed in the UI's audit log | 7y | 7y |
component/openshift
|
|||||
| 670 | |
Conjur is tested under continuous loads | 7y | 7y |
component/conjur
|
|||||
| 650 | |
A K8s/OpenShift version support matrix is available |
| 7y | 7y | 7y | |
component/k8s
kind/epic
kind/documentation
|
assigned commented member-last send
|
|
| 649 | |
Conjur can rotate Oracle database connections | 7y | 7y |
component/rotators
component/conjur
|
|||||
| 648 | |
SSH public key rotation exists in Conjur | 7y | 7y |
component/rotators
component/conjur
|
|||||
| 647 | |
SSH key pair rotation is available in Conjur | 7y | 7y |
component/rotators
component/conjur
|
|||||
| 646 | |
S3 based Host Factory Token rotation has been ported | 7y | 7y |
component/rotators
component/conjur
|
|||||
| 645 | |
GCP Service Account rotator has been ported | 7y | 7y |
component/rotators
component/conjur
|
|||||
| 644 | |
Rotators have been migrated from V4 | 7y | 6y |
component/rotators
kind/epic
component/conjur
|
|||||
| 640 | |
Conjur Docker image follows the standard version naming convention | 7y | 5y | 5y | |
kind/enhancement
|
commented member-last send
|
||
| 621 | |
Host CIDR restriction can be set using host factory token | 7y | 7y | ||||||
| 620 | |
CIDR Authentication Restriction for Users and Hosts is Documented | 7y | 5y |
kind/documentation
component/conjur
source/salesforce
|
|||||
| 614 |  |
Cucumber tests should run in random order | 7y | 7y | 7y |
recv
|
||||
| 607 | |
A user sees the Audit events are visible to them | 7y | 5y | 5y | |
commented member-last send
|
|||
| 599 | |
Use of !include causes better error message | 7y | 7y | ||||||
| 582 |  |
Can't permit on a nested list of resources using policy | 7y | 7y | 7y |  |
contributor-last recv
|
|||
| 540 | |
Deprecate the route GET /resources/:account | 7y | 6y | 7y | |
component/conjur
|
commented member-last send
|
||
| 527 | |
Multi-Domain LDAP Authentication |
|
7y | 7y | |
contributor-last
|
|||
| 513 |  |
64bit OS required for Docker on Linux, but Docker doesn't validate architecture and will pass `hello-world` successfully on 32bit | 7y | 7y | ||||||
| 509 |  |
Error msg unclear when loading policy with multiple unnamed hostfactory configurations | 7y | 2y | 2y |  |
kind/enhancement
component/cli
component/conjur
|
commented member-last send
|
||
| 482 | |
Document maximum policy size | 8y | 5mo | 8y |
kind/documentation
good-first-issue
rnd-boost
|
open-milestone recv
|
|||
| 426 | |
Site assets are minified in production build | 8y | 7mo | ||||||
| 181 | |
String ids considered harmful | 8y | 5y | 5y | |
commented member-last send
|
|||
| 1417 | |
Running juxtaposer on release is automated | 4y | 4y |
kind/enhancement
component/secretless-broker
|
|||||
| 1403 |  |
provide ability to intercept sigquit (kill -3) to generate current execution stack snapshots for all active tasks | 4y | 4y |
kind/enhancement
component/secretless-broker
|
|||||
| 1372 | |
Error codes for improved troubleshooting | 4y | 4y |
kind/enhancement
component/secretless-broker
|
|||||
| 1371 | |
aws connector should have integration tests | 4y | 4y |
kind/enhancement
component/secretless-broker
|
|||||
| 1348 |  |
Release MacOS DMG file with compressed SecretlessBroker.app | 5y | 5y |
kind/enhancement
component/secretless-broker
|
|||||
| 1347 | |
Secretless component quality levels move from alpha/beta/GA to community/trusted/certified | 5y | 5y | 5y |
kind/documentation
component/secretless-broker
|
recv
|
|||
| 1342 | |
Migrate to a new method for running the Secretless health check | 5y | 5y | 5y | |
kind/enhancement
component/secretless-broker
|
contributor-last recv
|
||
| 1337 |  |
Support multi-value dynamic credentials |
6
|
5y | 4y | 5y | |
kind/enhancement
component/secretless-broker
contributor
has-idea
|
commented send
|
|
| 1336 | |
There should be capabilities in `secretless.yml` to supply custom settings to providers |
|
5y | 5y | 5y | |
kind/enhancement
component/secretless-broker
|
contributor-last recv
|
|
| 1335 | |
Support Vault AppRole auth method in provider |
|
4
|
5y | 4y | 5y | |
kind/enhancement
component/secretless-broker
implementing
contributor
has-idea
|
assigned assignee-updated commented send
|
| 1324 | |
Generic HTTP Connector: OAuth1 supports different signature hashing methods | 5y | 5y | 5y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 1312 | |
Create a Docker CLI Connector for Secretless | 5y | 5y | 5y |
kind/enhancement
component/secretless-broker
component/secretless-connectors
|
recv
|
|||
| 1283 |  |
There is an example generic HTTP connector config for Salesforce | 5y | 5y | 5y |
kind/enhancement
component/secretless-broker
|
recv similar
|
|||
| 1279 | |
There is an example generic HTTP connector config for the Kubernetes API | 5y | 5y | 5y |
kind/enhancement
component/secretless-connectors
|
recv similar
|
|||
| 1262 | |
There is an example generic HTTP connector config for the Google Cloud SDK | 5y | 5y | 5y |
kind/enhancement
component/secretless-connectors
|
recv
|
|||
| 1252 | |
Reconcile MSSQL and (MySQL+PG) integration testing strategies | 5y | 5y |
kind/spike
component/secretless-broker
|
|||||
| 1251 | |
better UX for test infrastructure | 5y | 5y |
kind/enhancement
component/secretless-broker
|
|||||
| 1241 |  |
There exists a Cassandra TCP Connector with username and password based authentication |
|
5y | 5y | 5y | |
kind/spike
component/secretless-broker
|
contributor-last recv recv-q
|
|
| 1229 | |
A mechanism exists to redact sensitive values in logs | 5y | 5y |
kind/enhancement
component/secretless-broker
|
|||||
| 1225 | |
There is a central set of tests that validate the SSL configuration of the TLS connectors | 5y | 5y | 5y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 1222 | |
Secretless has a Cassandra DB connector |
2
|
5y | 5y | 5y |  |
kind/enhancement
component/secretless-broker
component/secretless-connectors
|
commented contributor-last recv similar
|
|
| 1213 | |
Secretless has a DB2 connector |
2
|
5y | 5y | 5y |  |
kind/enhancement
component/secretless-broker
component/secretless-connectors
|
commented contributor-last recv recv-q similar
|
|
| 1205 | |
TLS Connectors share a structure for connection details | 5y | 5y | 5y | |
kind/enhancement
component/secretless-broker
component/secretless-connectors
|
contributor-last recv
|
||
| 1201 | |
Determine how Secretless responds to DB server TLS renegotiation | 5y | 5y | 5y |
kind/spike
component/secretless-broker
|
recv
|
|||
| 1182 | |
Secretless configuration files support ssl configuration information | 5y | 5y | 5y | |
kind/enhancement
|
contributor-last recv recv-q
|
||
| 1179 |  |
Service Connector for MarkLogic | 5y | 5y | |
kind/enhancement
component/secretless-broker
good-first-issue
|
contributor-last
|
|||
| 1178 | |
Secretless optionally supports encryption for the client-to-Secretless connection | 5y | 5y | 5y |
triage/needs-info
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 1171 | |
Add Unix socket flow to Kubernetes tutorial | 5y | 5y | 5y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 1152 | |
Proxyservice package is unit tested | 5y | 5mo | 5y |
kind/enhancement
component/secretless-broker
kind/technical-debt
good-first-issue
kind/quality
|
recv
|
|||
| 1132 | |
JDBC Jar is built at runtime for integration tests | 5y | 5y | 5y |
recv
|
||||
| 1112 | |
MSSQL connector reports "unsupported version" when backend can't be contacted | 5y | 5y | 5y | |
kind/bug
triage/scoping
component/secretless-broker
component/secretless-plugins
triage/needs-epic
severity/low
|
commented member-last send
|
||
| 1097 | |
Database clients receive a meaningful error when a new connection request has bad credentials | 5y | 5y | 5y |
kind/enhancement
component/secretless-connectors
|
recv
|
|||
| 1094 | |
Secretless has configurable connection timeouts for connectors | 5y | 5y | 5y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 1083 | |
Example plugin uses Secretless logger | 5y | 5y | 5y |
component/secretless-broker
kind/developer-experience
|
recv
|
|||
| 1065 | |
Broker can delegate basic sanity checks on `credentials` keys to plugins | 5y | 5y | 5y |
kind/enhancement
triage/scoping
component/secretless-broker
component/secretless-plugins
triage/needs-epic
kind/ux
|
recv
|
|||
| 1063 | |
Broker does early verification of plugin parameters | 5y | 5y | 5y | |
kind/enhancement
triage/scoping
component/secretless-broker
component/secretless-plugins
triage/needs-epic
severity/medium
kind/developer-experience
kind/ux
|
contributor-last recv
|
||
| 1042 | |
Conjur provider has improved automated tests | 5y | 5y | 5y |
component/secretless-providers
kind/technical-debt
|
recv
|
|||
| 1036 | |
Unit tests validate service connector plugin error handling | 5y | 5y | 5y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 1021 | |
Add a Security Model to the connector plugin README | 6y | 6y | 6y |
kind/documentation
kind/developer-experience
component/secretless-connectors
|
recv
|
|||
| 1011 | |
ForceSSL defaults to true | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 994 | |
Use our logger implementation for signal/reload listener | 6y | 6y | 6y |
component/secretless-broker
kind/ux
|
recv
|
|||
| 993 | |
Use our logger implementation for health check output | 6y | 6y | 6y |
component/secretless-broker
kind/ux
|
recv
|
|||
| 992 | |
Reintroduce back some logging messages we lost in refactoring | 6y | 5y | 6y | |
component/secretless-broker
kind/cleanup
component/secretless-plugins
kind/technical-debt
severity/medium
kind/ux
|
contributor-last recv
|
||
| 980 | |
Secretless transmits packets after authentication without transforming them | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 979 | |
Add `--allow-builtin-plugin-overrides` CLI argument | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
component/secretless-plugins
security/low
|
recv
|
|||
| 971 | |
secretless plugin test harness exists | 6y | 7mo | |
kind/enhancement
component/secretless-connectors
|
contributor-last recv-q
|
|||
| 957 | |
Re-evaluate ConnectionManager API | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
component/secretless-plugins
kind/technical-debt
|
recv
|
|||
| 941 | |
Remove URL parsing logic from `internal/proxyservice/proxy_service.go` | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
defined
|
recv
|
|||
| 940 | |
Add better logic when we can't open a tcp socket | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
kind/ux
|
recv
|
|||
| 937 | |
Replace XXXFunc with values in AvailablePlugins UTs | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 934 | |
Tests are added for external_plugins.go | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
kind/technical-debt
defined
|
recv
|
|||
| 902 | |
secretless.Logger is simplified with cleaner tests | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 875 | |
Logger tests use mocks for simplicity | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 836 | |
Improve support for configuration CRDs | 6y | 6y | 6y | |
kind/enhancement
component/secretless-broker
|
contributor-last recv
|
||
| 834 | |
Secretless supports plugin types besides connectors | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 822 | |
Make our plugin system work on windows | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 774 | |
Remove Secretless website from project and put in its own repository | 6y | 6y |
kind/enhancement
component/secretless-broker
|
|||||
| 772 | |
secretless can validate config files from CLI |
| 6y | 5y | |
kind/enhancement
component/secretless-broker
on-hold
|
assigned assignee-updated contributor-last
|
||
| 771 | |
Reduce MySQL handler noise |
| 6y | 6y | 6y | |
kind/technical-debt
component/secretless-connectors
|
assigned assignee-updated contributor-last recv
|
|
| 715 | |
CRDs are updated to use v2 configuration format | 6y | 6y | 6y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 704 | |
fs_watcher has a goroutine leak | 6y | 6y | 6y |
kind/bug
component/secretless-broker
|
recv
|
|||
| 701 | |
Best practices recommendations exist for writing new DB handlers | 6y | 6y | 6y |
kind/epic
component/secretless-broker
|
recv
|
|||
| 692 | |
generalise SSL cert mounting instructions for postgres | 6y | 6y |
kind/documentation
|
|||||
| 690 | |
design document exists for supported and future handlers | 6y | 6y |
kind/documentation
component/secretless-broker
|
|||||
| 686 | |
evaluate http.Client timeout in secretless-broker and conjur provider | 6y | 6y |
kind/technical-debt
good-first-issue
|
|||||
| 681 | |
Tutorial progress bar position is fixed | 6y | 6y | 6y |
component/secretless-broker
kind/XA
|
recv
|
|||
| 680 | |
Abstraction exists in tutorial to accept multiple tutorials as parameter | 6y | 6y | 6y |
component/secretless-broker
kind/XA
|
recv
|
|||
| 671 | |
A good way to prevent log leaks has been agreed upon | 6y | 6y | 6y |
kind/spike
component/secretless-broker
|
recv
|
|||
| 657 | |
K8s tutorial scripts use correct method for waiting on containers | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
good-first-issue
|
recv
|
|||
| 645 | |
Jekyll can create foldable content from markdown |
|
6y | 6y | 6y | |
kind/enhancement
component/secretless-site
|
contributor-last recv
|
|
| 640 | |
Cleanup and document code for autogenerating test secretless.yml |
|
6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
|
recv
|
||
| 629 | |
A method exists for encoding HandshakeV10 as bytes | 6y | 7mo |
in progress
component/mysql-handler
kind/technical-debt
on-hold
implementing
|
|||||
| 625 | |
SSL util functions for handlers have correct interface and clean code | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 624 | |
Use structured representation of options for Pg Handler | 6y | 6y | 6y |
component/pg-handler
kind/technical-debt
|
recv similar
|
|||
| 623 | |
MySQL Handler has good code quality and all required tests | 6y | 6y | 6y |
in progress
kind/epic
component/secretless-broker
kind/technical-debt
on-hold
|
recv
|
|||
| 620 | |
Comment mysql handler unit tests to increase readability | 6y | 6y |
kind/documentation
component/mysql-handler
|
|||||
| 619 | |
a test matrix exists with a variety of clients for any given handler | 6y | 6y |
component/secretless-broker
kind/technical-debt
|
|||||
| 618 | |
Use structured representation of options for MySQL Handler | 6y | 5y |
component/mysql-handler
kind/technical-debt
|
similar
|
||||
| 617 | |
Credentials are consistently zeroized after use | 6y | 6y | 6y |
kind/epic
component/secretless-broker
security/medium
|
recv
|
|||
| 608 | |
Improve dev flow on tests, test documentation, and test infrastructure | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
good-first-issue
|
recv
|
|||
| 607 | |
MySQL/PG/SSL tests have been refactored | 6y | 6y | 6y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 592 | |
Simplify ConfigureBackend in database handlers | 6y | 6y | 6y | |
kind/enhancement
component/secretless-broker
kind/technical-debt
on-hold
|
contributor-last recv recv-q
|
||
| 591 | |
Add README to the integration tests | 6y | 6y | 6y |
kind/documentation
component/secretless-broker
kind/technical-debt
on-hold
good-first-issue
|
recv similar
|
|||
| 585 | |
An explicit test exists for TLS between secretless and backend | 6y | 6y |
kind/enhancement
component/secretless-broker
kind/technical-debt
|
|||||
| 559 | |
Build scripts and docker caching have been evaluated | 7y | 6y |
component/secretless-broker
kind/technical-debt
|
|||||
| 558 | |
Investigate the impact of TLS between Secretless and backend server | 7y | 6y | 6y | |
component/secretless-broker
kind/technical-debt
|
commented member-last
|
||
| 556 | |
Evaluate support for multiple mysql auth plugins | 7y | 7mo | |
kind/enhancement
component/mysql-handler
component/secretless-broker
|
contributor-last recv-q
|
|||
| 546 | |
Stories should have acceptance criteria for security | 7y | 6y | |
kind/enhancement
component/secretless-broker
triage/needs-epic
|
contributor-last recv-q
|
|||
| 514 | |
Providers retrieve secret values per connection in batches if possible | 7y | 6y | 7y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 510 | |
AWS Secrets credential provider has integration tests | 7y | 6y | 7y |
kind/enhancement
component/secretless-broker
|
recv
|
|||
| 507 | |
Secretless has AWS Secrets Provider | 7y | 6y | 7y |
kind/epic
|
recv
|
|||
| 506 | |
Config watcher is tested | 7y | 6y | 7y |
component/secretless-broker
kind/technical-debt
good-first-issue
|
recv
|
|||
| 505 | |
Secretless watches for config file changes | 7y | 6y | 7y |
kind/epic
component/secretless-broker
|
recv
|
|||
| 498 | |
Unit tests should not require mercurial |
|
7y | 6y | 7y | |
component/secretless-broker
kind/technical-debt
|
contributor-last recv recv-q
|
|
| 493 |  |
Conjur authentication logic is removed from the provider | 7y | 6y | 7y |
kind/enhancement
component/secretless-broker
triage/needs-epic
|
recv
|
|||
| 483 | |
PostgreSQL handler protocol has unit tests | 7y | 6y | 7y |
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 477 | |
Secretless quick start demo instructions are clear about flow | 7y | 7y | 7y |
kind/documentation
kind/enhancement
to do
component/demos
component/secretless-broker
|
recv
|
|||
| 475 | |
Make localhost socket use info more prominent |
| 7y | 6y | 7y | |
kind/documentation
component/secretless-broker
security/low
selected
|
assigned assignee-updated contributor-last recv recv-q
|
|
| 473 | |
Secretless optionally retries connections | 7y | 6y | 7y |
kind/enhancement
component/secretless-providers
component/secretless-broker
|
recv
|
|||
| 467 | |
HTTP response times are measured | 7y | 6y | 7y |
kind/enhancement
to do
component/secretless-broker
good-first-issue
|
recv
|
|||
| 466 | |
SSH throughput is measured | 7y | 6y | 7y |
kind/enhancement
to do
component/secretless-broker
good-first-issue
|
recv
|
|||
| 465 | |
MySQL query response times are measured | 7y | 6mo | 7y |
kind/enhancement
component/secretless-broker
on-hold
implementing
|
recv
|
|||
| 451 | |
Secretless has an Azure Key Vault credential provider |
|
7y | 7y | 7y |
triage/scoping
kind/epic
component/secretless-providers
|
recv
|
||
| 449 |  |
Microsoft Love - Support for Microsoft/Azure tools |
2
|
7y | 7y | 7y | |
triage/needs-epic
|
contributor-last recv recv-q
|
|
| 409 | |
Website has performance page | 7y | 7y | 7y |
kind/documentation
to do
component/secretless-site
|
recv
|
|||
| 404 | |
a test suite exists for the generic sidecar injector | 7y | 7y |
kind/enhancement
|
|||||
| 403 | |
sidecar injector allows mounting a volume with statically compiled summon | 7y | 6y | |
kind/enhancement
component/summon
|
contributor-last
|
|||
| 400 | |
Broker documentation is improved | 7y | 6y | 7y |
to do
kind/epic
component/secretless-broker
|
recv
|
|||
| 383 | |
Broker is secure | 7y | 6y | 7y |
in progress
kind/enhancement
kind/epic
component/secretless-broker
|
recv
|
|||
| 381 | |
Broker has additional configuration options | 7y | 6mo | 7y |
kind/enhancement
kind/epic
component/secretless-broker
|
recv
|
|||
| 380 | |
Broker is easy to develop for |
| 7y | 6y | 7y |
kind/epic
component/secretless-broker
kind/technical-debt
|
assigned recv
|
||
| 379 | |
Performance metrics are published |
|
7y | 6y | 7y | |
kind/enhancement
to do
kind/epic
component/secretless-broker
|
contributor-last recv
|
|
| 374 | |
A pass-through listener exists | 7y | 6mo | 7y |
kind/enhancement
to do
component/secretless-broker
kind/technical-debt
|
recv
|
|||
| 354 | |
Istio can be used with an external DB |
| 7y | 7y | 7y |
kind/spike
to do
component/secretless-broker
|
assigned recv
|
||
| 342 | |
sidecar-injector should allow sharing of secretless domain sockets via volume mounts | 7y | 7y |
kind/enhancement
to do
|
|||||
| 325 | |
Secretless can be deployed with a sidecar injector |
| 7y | 6y | 7y |
triage/scoping
kind/epic
|
assigned recv
|
||
| 270 | |
SSH agent only keeps loaded keys for the duration of connection | 7y | 6y | 7y | |
kind/enhancement
component/secretless-broker
kind/technical-debt
security/low
on-hold
|
contributor-last recv
|
||
| 265 | |
Secretless has option to configure response when provider fails to resolve a variable | 7y | 6y | 7y |
component/secretless-broker
|
recv
|
|||
| 264 | |
Secretless optionally supports secrets caching |
2
|
7y | 6y | 7y | |
component/secretless-providers
component/secretless-broker
|
contributor-last recv recv-q
|
|
| 260 | |
Add MongoDB handler/listener |
6
|
7y | 7mo | 7y |  |
kind/enhancement
kind/epic
component/secretless-connectors
|
recv recv-q
|
|
| 249 | |
Secrets do not remain in the sidecar memory |
| 7y | 6y | 7y | |
kind/epic
requested-by/cyberark-pm
|
assigned assignee-updated contributor-last recv recv-q
|
|
| 220 | |
README should reflect GKE setup established initially in k8s demo dir | 7y | 7y | |
contributor-last recv-q
|
||||
| 82 | |
AWS handler has test suite with documentation |
| 7y | 6y | 7y |
component/aws-handler
|
assigned recv
|
||
| 31 | |
Use a dot foo.bar scheme to access nested data from HashiCorp Vault | 7y | 7y | 7y |
component/vault-provider
triage/needs-epic
|
recv
|
|||
| 17 | |
define and create new Summon format (post secretsyml) | 7y | 7y |
triage/needs-epic
|
|||||
| 16 | |
use viper for standardised configuration (12 factor) | 7y | 6y | |
triage/needs-epic
good-first-issue
|
contributor-last
|
|||
| 16 | |
Helm charts are published to Helm artifact hub and helm/hub | 5y | 5y | 5y |
recv
|
||||
| 12 | |
Helm charts repo is updated after new helm chart release | 5y | 5y | 5y |
component/k8s
kind/enhancement
|
recv
|
|||
| 1 |  |
Add a code vulnerability checker | 7mo | 7mo |
enhancement
|
|||||
| 177 |  |
Conjur does not start with an external Postgres database due to OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode | 2y | 2y | 2y |
kind/bug
contributor
|
recv
|
|||
| 167 |  |
Add nodeSelector to list of Chart Parameters | 4y | 4y | 4y |
kind/enhancement
contributor
|
recv
|
|||
| 145 | |
Static sub-resource names | 4y | 4y |
kind/enhancement
component/conjur
|
|||||
| 142 | |
Add check/warning for pre-existing ClusterRole in Kubernetes example scripts | 4y | 4y | 4y |
kind/enhancement
component/conjur
|
recv
|
|||
| 141 | |
Clarify compatible database versions in README | 4y | 4y | 4y |
component/conjur
kind/documentation
|
recv
|
|||
| 139 | |
Make conjur proxy container optional and configurable |
2
|
4y | 4y | 4y | |
kind/enhancement
triage/needs-info
component/conjur
|
recv
|
|
| 136 | |
Add option to auto-create a Conjur data encryption key | 4y | 4y | 4y |
kind/enhancement
component/conjur
|
recv
|
|||
| 135 | |
Add deprecation warnings to NOTES.txt | 4y | 4y | 4y |
kind/enhancement
component/conjur
|
recv
|
|||
| 134 | |
Deprecated features to consider for removal for next major release (3.0.0) |
|
4y | 4y | 4y |
kind/enhancement
component/conjur
|
recv
|
||
| 133 | |
Instructions fail when LoadBalancer service defines a hostname instead of an IP for the LB ingress | 4y | 4y | 4y |
component/conjur
kind/bug
|
recv
|
|||
| 132 | |
Add authn-k8s demo app E2E test based on KinD GitHub actions | 4y | 4y | 4y |
kind/enhancement
component/conjur
|
recv
|
|||
| 131 | |
Eliminate redundant Kubernetes service for Conjur |
5
|
4y | 4y | 4y | |
kind/enhancement
component/conjur
|
commented contributor-last recv
|
|
| 130 |  |
Failure in Conjur schema migrations of external DB can't recover | 4y | 4y | 4y |
component/conjur
kind/bug
|
recv
|
|||
| 104 | |
Reorganize README.md KinD example to make it more of a Getting Started guide | 5y | 7mo | 5y |
kind/enhancement
component/conjur
good-first-issue
|
recv
|
|||
| 86 | |
Document use of or add subchart for bitnami/postgresql | 5y | 5y | 5y |
kind/enhancement
component/conjur
|
recv
|
|||
| 68 | |
Helm deployment instructions (README) include architecture diagrams | 5y | 5y | 5y |
component/conjur
kind/bug
|
recv
|
|||
| 61 | |
Helm pipeline runs `helm package` on tags and auto-adds the artifact to a GitHub release | 5y | 5y | 5y | |
component/k8s
kind/infrastructure
|
contributor-last recv
|
||
| 57 | |
Pipeline validates upgrade instructions | 5y | 5y | 5y |
component/k8s
kind/infrastructure
|
recv
|
|||
| 54 | |
Automated end-to-end testing suite | 5y | 5y | 5y | |
kind/enhancement
kind/technical-debt
component/k8s
component/conjur
kind/quality
|
contributor-last recv recv-q
|
||
| 46 | |
Adds TLS between Conjur and posgres pod | 5y | 5y | 5y |
kind/enhancement
component/conjur
|
recv
|
|||
| 28 | |
Documentation is updated to clarify setup steps |
|
6y | 6y | 6y |  |
good-first-issue
|
recv
|
|
| 27 | |
The Helm chart supports custom value for the PostgreSQL container UID | 6y | 6y |
kind/enhancement
component/k8s
component/openshift
|
|||||
| 9 | |
CI pipeline runs kubesec | 7y | 6y | 7y |
good-first-issue
|
recv
|
|||
| 7 |  |
Conjur Helm chart has published shasums | 7y | 6y | 7y |
kind/enhancement
component/k8s
component/openshift
|
recv
|
|||
| 183 |  |
Conjur attempts to create .netrc file |
| 2mo | 2mo | 2mo | |
kind/bug
|
assigned assignee-updated commented member-last send
|
|
| 60 | |
GoLang SDK correctly handles Users/Hosts with `api_key_enabled` | 5y | 4mo | 4mo | |
kind/enhancement
support/serious
|
commented member-last send similar
|
||
| 42 | |
Add code coverage to conjur-api-java | 5y | 3mo | 3mo | |
kind/quality
|
commented member-last send
|
||
| 260 |  |
Multi-line secrets. | 7d | 7d | 7d |
kind/user-story
|
recv
|
|||
| 259 |  |
The `providers` link in the README 404s | 4wk | 3wk | 3wk | |
commented member-last send
|
|||
| 29 | |
The Keyring provider does not work on Windows | 2y | 1d | |
kind/bug
stale
|
||||
| 17 | |
Ensure documentation is accurate | 5y | 11d | 11d | |
triage/needs-info
kind/technical-debt
component/summon
kind/documentation
|
commented member-last send
|
||
| 7 | |
Add CI pipeline | 5y | 11d | 11d | |
commented member-last send
|
|||
| 5 | |
Convert ring.py to Python 3 | 6y | 11d | 11d | |
kind/technical-debt
component/summon
severity/medium
implementing
|
commented member-last send
|
||
| 48 | |
Tests exist for `main.go` | 4y | 11d | 11d | |
kind/technical-debt
kind/enhancement
component/summon
|
commented member-last send
|
||
| 44 |  |
Ability to specify versions of secrets to retrieve | 5y | 2d | 5y | |
kind/enhancement
component/summon
contributor
has-idea
stale
|
recv
|
||
| 17 |  |
Option to base64 encode secrets values | 6y | 2d | 6y | |
stale
|
recv
|
||
| 22 |  |
Apple silicon is not supported for this provider |
|
3y | 11d | 11d | |
kind/enhancement
contributor
|
commented member-last send
|
|
| 555 |  |
secrets-provider breaks base64 encoded pkcs12 files stored in Conjur | 3wk | 3wk | 3wk | |
kind/bug
|
commented member-last send
|
||
| 549 | |
Secrets rotation improvements |
|
|
8mo | 4d | 5wk |  |
kind/enhancement
|
assigned assignee-updated commented send
|
| 93 |  |
TLS handshake error when following README in local cluster |
|
2y | 14d | 6wk | |
kind/bug
|
commented recv
|
|
| 171 | |
Close ports for the conjur follower | 4y | 2d | 4y | |
stale
|
recv
|
||
| 168 |  |
Need to run retry mechanism for delete namespace command | 4y | 2d | |
component/jenkins
kind/infrastructure
team/palm-tree
rnd-boost
stale
|
open-milestone
|
|||
| 162 |  |
Openshift password should be given/pulled from summon | 5y | 2d | 4y | |
stale
|
commented send
|
||
| 161 | |
Auto Enrollment Secrets Add should be part of the script |
|
5y | 2d | 4y | |
stale
|
commented send
|
|
| 160 | |
Image pull backoff in OC4.5 because image url is external when using start.sh | 5y | 2d | |
stale
|
recv-q
|
|||
| 119 | |
Migrate secrets provider repo to use the helm chart for deploying conjur in automation |
|
5y | 2d | 5y | |
rnd-boost
stale
|
commented open-milestone recv-q
|
|
| 117 | |
Unbound variable error on stop | 5y | 2d | 5y | |
stale
|
recv
|
||
| 116 | |
Repo needs a CHANGELOG | 5y | 2d | 5y | |
kind/documentation
component/k8s
stale
|
recv
|
||
| 99 | |
Don't use separate yamls for OC and K8s where possible | 5y | 1d | 5y | |
triage/scoping
kind/technical-debt
kind/enhancement
component/k8s
kind/cleanup
triage/needs-epic
kind/developer-experience
good-first-issue
stale
|
recv
|
||
| 74 | |
Deployment Flow with Seed Fetcher is tested in CI | 6y | 1d | |
component/demos
kind/technical-debt
on-hold
stale
|
||||
| 62 | |
Deploy Scripts don't work on current Minishift Version |
|
6y | 1d | |
kind/bug
component/demos
severity/medium
stale
|
|||
| 61 | |
Deploy can be performed w/ non-cluster admin user | 6y | 1d | |
stale
|
||||
| 60 | |
Standby and follower seeding encrypts key files | 6y | 1d | |
stale
|
||||
| 55 | |
Tests include coverage of master deployment to both GKE and OpenShift | 6y | 1d | 6y | |
component/openshift
kind/enhancement
component/k8s
kind/cleanup
triage/needs-epic
severity/low
kind/developer-experience
stale
|
recv
|
||
| 48 | |
Followers are configured to be distributed across nodes | 6y | 1d | |
component/openshift
component/k8s
stale
|
||||
| 31 |  |
the check dep script is checking for OSHIFT_CONJUR_ADMIN_USERNAME but the scripts are using OPSHIFT_CLUSTER_ADMIN_USERNAME | 7y | 1d | 7y | |
stale
|
recv
|
||
| 25 | |
update deploy / demo scripts for v5 OSS | 7y | 14h | |
triage/needs-info
component/k8s
stale
|
||||
| 21 | |
configure nodePort for haproxy to provide external access to Conjur Master service | 7y | 14h | |
stale
|
||||
| 20 | |
add script to delete deployments | 7y | 14h | |
kind/developer-experience
good-first-issue
stale
|
||||
| 19 | |
developer user needs access to internal registry | 7y | 14h | |
stale
|
||||
| 18 | |
data key should be stored as a secret | 7y | 14h | 7y | |
ready
good-first-issue
stale
|
recv
|
||
| 135 | |
Add validator host ID to allow authn-k8s config to be validated | 4y | 2d | 4y | |
kind/enhancement
component/demos
stale
|
recv
|
||
| 130 | |
Automated tests only run against annotation-based identities | 4y | 2d | 4y | |
kind/enhancement
component/demos
stale
|
recv
|
||
| 115 | |
Add DeploymentConfigs as app identity in Jenkins OpenShift CI | 5y | 2d | 5y | |
kind/enhancement
component/demos
stale
|
recv
|
||
| 113 | |
Replace use of sed for yaml templating with Yaml.sh or helm charts | 5y | 2d | 5y | |
kind/enhancement
component/demos
stale
|
recv
|
||
| 89 | |
Repo's use of bash-lib means you can't run the scripts individually |
| 5y | 2d | 5y | |
component/k8s
kind/bug
component/demos
stale
|
assigned commented open-milestone send
|
|
| 66 | |
--dry-run option | 6y | 2d | |
component/k8s
kind/enhancement
component/openshift
component/demos
stale
|
||||
| 52 | |
CI takes too long | 6y | 2d | |
component/demos
component/pipeline
infra/pipelines
stale
|
||||
| 38 | |
Automated tests validate demos against Conjur OSS | 6y | 2d | 6y | |
component/k8s
kind/technical-debt
component/demos
component/pipeline
stale
|
recv
|
||
| 32 | |
Scripts check conditions rather than sleeping | 7y | 1d | 7y | |
component/k8s
kind/technical-debt
component/demos
stale
|
recv
|
||
| 29 | |
sidecar injector is incorporated into kubernetes-conjur-demo | 7y | 1d | |
component/k8s
kind/enhancement
component/demos
stale
|
||||
| 11 | |
conjur-authenticator rolebinding requires elevated privileges to create | 7y | 1d | 7y | |
component/k8s
kind/enhancement
stale
|
commented
|
||
| 10 | |
test app is deployed using helm chart | 7y | 1d | 7y | |
component/k8s
kind/enhancement
component/demos
stale
|
commented send
|
||
| 35 | |
Demo has a CI pipeline for the tile | 6y | 2d | 6y | |
component/pcf
selected
infra/pipelines
stale
|
recv
|
||
| 22 | |
Demo should run w/o internet access after it is built | 7y | 2d | |
stale
|
||||
| 11 | |
change to ./stop instead of ./bin/stop | 7y | 2d | |
stale
|
||||
| 73 | |
Certificates can easily be generated/regenerated for DAP cluster | 5y | 5y | ||||||
| 61 | |
Add jenkins conjur plugin test |
|
5y | 5y | 5y | |
kind/enhancement
component/demos
|
contributor-last recv recv-q
|
|
| 35 | |
Review Follower Setup Instructions for AWS Cluster Demo | 6y | 6y |
component/demos
kind/technical-debt
|
|||||
| 34 | |
AWS Cluster Demo Script adhere to Shell Script Guidelines | 6y | 6y |
component/demos
kind/developer-experience
|
|||||
| 31 | |
The demo flows have automated tests | 6y | 6y | 6y |
component/appliance
kind/enhancement
|
recv
|
|||
| 22 | |
A demo exists for host factory tokens | 7y | 7y | ||||||
| 7 | |
Auto-failover demo only shows cluster setup | 7y | 7y | ||||||
| 215 |  |
Using Git as an collection source fails, `VERSION` file missing |
|
|
7wk | 7wk | 7wk | |
kind/bug
|
assigned commented member-last send
|
| 210 |  |
Validate compatibility with ansible-core 2.19 |
| 6mo | 6mo | 6mo | |
assigned assignee-updated commented member-last send
|
||
| 202 |  |
Retry in conjur_variable lookup not working for errors out of urllib_error.HTTPError or socket.timeout |
| 2y | 9mo | 9mo | |
kind/bug
|
assigned commented member-last send
|
|
| 191 |  |
Unable to run cyberark.conjur.conjur_host_identity role. | 2y | 2y | 2y | |
kind/bug
|
recv recv-q
|
||
| 146 |  |
Support JWT Authentication for Ansible | 3y | 2y |
kind/epic
team/Integration-Factory
ONYX-20594
|
|||||
| 145 | |
Support JWT Authentication for Ansible | 3y | 2y |
kind/epic
team/Integration-Factory
ONYX-20594
|
|||||
| 74 | |
Bring ansible-conjur-collection to Certified level | 3y | 2y |
kind/epic
ONYX-15057
team/Integration-Factory
|
|||||
| 73 | |
Troubleshoot Ansible Conjur installation on 2.9 | 3y | 2y |
team/community-and-integrations
severity/low
kind/bug
ONYX-14387
Bugtype/
|
|||||
| 72 | |
Troubleshoot Ansible Conjur installation on 2.9 | 3y | 2y |
team/community-and-integrations
severity/low
kind/bug
ONYX-14387
Bugtype/
|
|||||
| 56 | |
Collection is published to Automation Hub | 4y | 4y | 4y | |
component/ansible
kind/enhancement
|
contributor-last recv
|
||
| 49 | |
Add other ways to specify Conjur / DAP identity in `cyberark.conjur.conjur_variable` | 5y | 5y | 5y |
component/ansible
kind/enhancement
|
recv
|
|||
| 47 | |
The UX of configuring the lookup plugin and role has been evaluated | 5y | 5y | 5y |
recv
|
||||
| 46 | |
Roles are tested with Molecule | 5y | 5y | 5y |
component/ansible
kind/enhancement
|
recv
|
|||
| 45 | |
The log output of the conjur-role without "no_log" set to true has been reviewed | 5y | 4y | 5y |
component/ansible
kind/enhancement
kind/XA
|
recv
|
|||
| 44 | |
Roles and plugins share a build stage and test directory structure | 5y | 5y | 5y | |
kind/cleanup
component/ansible
kind/enhancement
|
contributor-last recv
|
||
| 43 | |
Documentation is clear that input variable path should not be urlencoded | 5y | 5y | 5y |
component/ansible
source/salesforce
kind/documentation
|
recv
|
|||
| 42 | |
Expand Ansible Collection to include Conjur Role | 5y | 4y | 5y |
component/ansible
kind/enhancement
Epic
|
recv
|
|||
| 37 | |
There is a demo showing how to use this collection |
| 5y | 5mo | 5mo | |
component/ansible
on-hold
kind/demo
|
assigned assignee-updated commented member-last send
|
|
| 30 | |
Migrate this Ansible role to the Conjur Ansible collection | 5y | 7mo | 5y | |
kind/enhancement
component/ansible
|
contributor-last recv recv-q
|
||
| 26 | |
conjur_variable lookup plugin can be improved |
|
5y | 7mo | 5y | |
kind/enhancement
component/ansible
|
contributor-last recv recv-q
|
|
| 22 | |
Add code coverage to ansible-conjur-host-identity | 5y | 5y |
kind/quality
|
|||||
| 5 | |
CA cert content is dumped to stdout | 7y | 7y | ||||||
| 4 | |
The parameter `conjur_ssl_certificate` requires cert as a string, not a file. | 7y | 5y |  |
|||||
| 3 | |
Parameter `conjur_validate_certs should be `True` by default | 7y | 7y | ||||||
| 2 | |
Deprecation warning when role is run | 7y | 7y | ||||||
| 258 | |
Error with self signed certificate | 2y | 2y | 2y | |
kind/bug
|
recv
|
||
| 235 | |
Investigate if `puppetlabs-registry` dependency is still needed |
| 5y | 5y | 5y | |
blocked
triage/needs-info
kind/cleanup
component/puppet
|
assigned assignee-updated contributor-last recv
|
|
| 201 | |
Investigate (and possibly implement) ability to check if we can validate that agent credentials are valid | 5y | 5y | 5y | |
component/puppet
kind/enhancement
kind/developer-experience
kind/XA
kind/community
|
contributor-last recv
|
||
| 65 | |
Use OpenAPI spec to generate the client code | 5y | 5mo | 5mo | |
kind/technical-debt
component/puppet
kind/enhancement
kind/developer-experience
|
commented member-last send
|
||
| 29 | |
WinCred resource and provider are separated to their own Puppet Module | 6y | 6y |
component/puppet
kind/enhancement
|
|||||
| 138 |  |
Support for Ephemeral Secrets | 5mo | 4wk | 4wk |  |
kind/enhancement
|
commented member-last send
|
||
| 134 | |
Documentation Bug in README in Build From Source section | 2y | 2y |
kind/bug
|
|||||
| 132 |  |
Add an ability to update Conjur secret |
3
|
2y | 2y | 2y |
kind/enhancement
|
recv
|
||
| 99 | |
Provider is not up to date and does not support CONJUR_AUTHN_TOKEN that is included in conjur-api-go | 3y | 3y |
kind/bug
internal-contributor
|
|||||
| 94 | |
Manifest example in provider's documentation is wrong. |
3
|
4y | 4mo | 4mo |  |
component/terraform
kind/bug
internal-contributor
|
commented member-last send
|
|
| 60 | |
Add unit tests | 5y | 5mo | 5y | |
component/terraform
kind/enhancement
good-first-issue
kind/quality
|
contributor-last recv
|
||
| 53 | |
Add Windows instructions to README | 5y | 5y | 5y |
component/terraform
kind/enhancement
|
recv
|
|||
| 64 |  |
Can the setup work using podman-compose? | 6wk | 6wk | 6wk | |
commented member-last send
|