Releases: GoogleCloudPlatform/stet
1.3.1
Bug Fixes
- Use the CryptoKeyVer resourceID as the relative resource name sent to EKM
- Fix issue where external URI for EXTERNAL_VPC key is improperly configured when keypath has a leading slash.
Full Changelog: 1.3.0...1.3.1
1.3.0
This release adds support for Cloud EKM keys over VPC connection (EXTERNAL_VPC
).
See additional info on EKM-over-VPC keys here.
Full Changelog: 1.2.0...1.3.0
1.2.0
This release of STET adds integration with Confidential Space for CloudKMS, which provides an attestation flow for CloudKMS KEKs when accessed from Confidential Space VMs.
Customers can add a confidential_space_configs
section to their STET config file that enables STET to detect/provide credentials to access CloudKMS KEKs protected by Confidential Space. This provides added convenience for Confidential Space customers.
Full Changelog: 1.1.0...1.2.0
1.1.0
This release of STET adds a new --insecure-skip-verify
that allows the tool to skip the verification of the inner TLS certificate when establishing the secure session, which can be useful for debugging and situations where an EKM's certificates are incorrect configured.
In addition, it updates STET to tag Cloud KMS requests with an appropriate user agent string.
Finally, it makes use of functionality added to go-tpm-tools
' 0.3.0 release to add attestation verification to the reference server implementation.
Full Changelog: 1.0.0...1.1.0
1.0.0
This is the initial release of the Split-Trust Encryption Tool (STET).
Our goal with STET is to provide a secure key distribution mechanism that allows for secure key ingress and egress in/out of Google Cloud Platform in a way that is verifiably and cryptographically protected from Google Cloud Platform insiders.
Please read more about STET in our Google Cloud Platform documentation on ubiquitous data encryption, our project README, quickstart guide, and other advanced documentation.