All notable changes to this project will be documented in this file.
- Add KEM subcommand
- Cargo audit: time and actix-files
- (deps) Bump bytes in the cargo group across 1 directory (#131)
- Release 1.9.0
- Merge branch 'release/1.8.1' into develop
- Small refactor on kem_tag
- Do not miss Windows artifact
cosmian_pkcs11.dll
- Support KMS 5.15 (#130)
- Bump KMS to 5.14.1
- Fix cargo deny upgrade (#124)
- (deps) Bump actions/checkout from 5 to 6 (#119)
- (deps) Bump actions/upload-artifact from 5 to 6 (#123)
- Add test on new sign actions (#122)
- KMS CLI additions aligned with KMIP XML vectors:
rng retrieveandrng seedfor RNG operationsmac verifyto validate message authentication codesdiscover-versionsandqueryfor KMIP discovery and server queries
- Opaque Object subcommands:
opaque-object create,import,export(raw/base64/json),revoke,destroy
- Attributes:
- Deterministic
attributes getordering aligned with server - Expanded attribute flows consistent with KMIP GetAttributeList/ModifyAttribute
- Deterministic
- Added CLI tests: Opaque Object CRUD, RNG Retrieve/Seed, MAC Verify, Query, DiscoverVersions.
- Updated CLI docs/examples to reflect new subcommands and attribute behavior.
- Google key pair remove sanity check - moved to server (#118)
- Add parameter
--daysto configure the certificate expiration date on google key-pair create command (#118)
- (deps) Bump actions/upload-artifact from 4 to 5 (#117)
- (google_cse) Load RSA private as PKCS8 or PKCS1 format (#592)
Gmail CSE users: Versions 1.3/1.4 and 1.5.0 contain a blocking issue with Gmail Client-Side Encryption support (issue loading PKCS#8 RSA private key). Please upgrade to version 1.5.1 or later to ensure proper Gmail CSE functionality.
- Support wrapping SecretData object (#109)
- Add derive key subcommand (#111)
- Create a configuration wizard - add configure subcommand (#116)
- Build errors
- Add luks integration script (#108)
- Configure Dependabot for GitHub Actions updates
- Add SECURITY.md file (#113)
- Use cosmian_logger (#110)
- Split cargo_build.sh into multiple files (#114)
- (deps) Bump actions/checkout from 4 to 5 (#112)
- Re-publish
cosmian_clicrate without direct dependency ontest_kms_server(only dev-dependency)
- CLI: Added support for SHA1 in RSA key wrapping and add Azure functionality to facilitate BYOK (#105)
- PKCS11: Skip unknown key types in search functions (find_*) and update KMS and FS crates (#104)
- Deliver CLI with all features - including non-FIPS feature
- Add support for Oracle TDE with direct HSM/KMS connection (#89)
- (Google CSE) Consume KMS Google Key pair action (#100)
- Support HTTP forward proxy (#102)
- Create comprehensive .github/copilot-instructions.md with validated build procedures and OpenSSL 3.2.0 requirements (#94)
- RUSTSEC-2025-0047: Update slab dependency from 0.4.10 to 0.4.11 (#92)
- README.md: remove UI section and correct formatting issues (#96)
- Fix publish step
- Skip debug pipeline on tags
- Fix audit GitHub action (#99)
- Upgrade findex to v8 and clean some dependency import paths (#87)
- Add updated google key-pairs create command (#76)
- Replace test_data folder with git submodule (#86)
- Handle Secret Data
- Invert fips feature
- Handle extension file to define x509 setup extensions for Google CSE keypairs create command
- Display items ID on google keypairs creation command
- Test with stackoverflow
- Support sqlite3 as database type (#61)
- Allow KMS/Findex source code edition while modifying CLI (#65)
- Clap short duplicate (#67)
- Remove client-crates and consume clap actions instead (#64)
- Display user_id in the Header UI to help users identify their session context
- Update server test configuration to align with changes introduced in version 5.1.0
- Support for PKCE (Proof Key for Code Exchange) authentication from the CLI with the Cosmian KMS
- Concurrent multi factor authentication with clear cascading rules (OIDC / Client Certificates / API TOken)
- Fix Revoke structure on UI for key revocation
- Unclear cascading rules in multi-factor authentication
- PKCE documentation with configuration examples
- Improved authentication documentation both client and server side
- Run KMS server with privileged users (#40):
- These users can grant or revoke access rights for other users
- Support Kmip 1 (#48)
- Cargo deny missing license
- MemoryADT implementation for KmsEncryptionLayer (#46)
- From RHEL to Rocky Linux URL update
- Reuse GitHub workflow to publish artifacts
- Centralize subcrates version in root Cargo.toml (#55)
- Missing Cargo.toml descriptions
- Add Oracle Key Vault integration (#24)
- Fix missing attached assets on GH release
- Use cosmian published crates
- Delegates encryption to KMS (#13)
- Add UI in React + WASM (#21)
- Add CBC mode support for KMS encryption (#23)
- Test_kms_client: bug when exporting a sym key using the tag of a private key
- Test_certificate_encrypt_using_rsa: add prefix to temporary files
- RUSTSEC-2025-0022: Use-After-Free in Md::fetch and Cipher::fetch
- Findex concurrent tests on KMS encryption layer
- Import all KMS CLI crates (#18)
- Missing artifact libcosmian_pkcs11.so on RHEL
- Reuse generic GitHub workflows
- Support Findex server v0.2 (including findex v7) (#9)
- Edit authentication section (#7)
- Run all tests on ubuntu runners
- Reuse clap actions instead of cosmian binary
- Fix notes in README
- Add KMS, FS correspondence versions
- Simplify configuration examples
- Save cli configuration if login/logout have been called (#4)
- Fix typo
- Create cosmian CLI
- Encrypt datasets, add indexes, search keywords and decrypt results
- Delete dataset + reuse config_utils crate
- Integrate KMS
ckmsdocumentation - Add authorization (move from KMS)
- Using docker container to provide KMS and Findex server