v0.4.0 - TLS Client Backend and Multiple Backend Support

New Features

• Added /v1/info API endpoint gives information about the doomsday server version and configured auth method.
• Added tlsclient backend. Configure this backend with a list of hosts to check, and it connects over tcp, initiates a handshake, and returns the served TLS certificate.
• Added support for multiple backends to be queried from a doomsday server.
• Added a -d flag to the CLI target command, which deletes the named target.
• Session timeout length and refresh-on-use for userpass auth is now configurable in the server manifest.

Enhancements

• The doomsday CLI now handles attempting to login to a doomsday server no auth more gracefully.
• The doomsday server now defaults to listening on port 8111 if server.port is not given in the manifest and no PORT environment variable is found.
• The CLI now does basic URL validation when adding a target.
• The CLI now defaults the port of a target to 8111 if not specified.

Breaking Changes

• The backend manifest key is now called backends. Also, it's a list now. Because multiple backends.
• The backend.config key was changed to properties. Also, many of the properties for a backend that were above this level were moved into properties (e.g. address and insecure_skip_verify) because they were no longer universal across all backends.
• The server.auth.config key was changed to server.auth.properties for consistency with backends.
• Several keys (which are now under properties hashes) have changed types (and therefore values). Originally, the code only allowed for values to be strings, which wasn't great. Now things can be numbers and bools, and so several properties have changed to benefit.

The new manifest schema can be found at docs/ddayconfig.yml

v0.3.0 - TLS, CF, and Cert Chains

New Features

• The server configuration manifest now accepts server.tls.cert and server.tls.key. If these are present,
  the server will serve https requests with those variables. If you don't provide a cert or key, the server can still listen for plebeian ol' http.
• If server.port is not given in the config, the value will fall back to the PORT environment variable. This means you can run doomsday on Cloud Foundry. Which means maybe this tool is useful now.

Enhancements

• The dashboard commands headers have improved their wording from, for example, 4 WEEKS to WITHIN 4 WEEKS. This feels better.
• When scanning your storage, doomsday will now properly parse certificate chains. It will make its best attempt to determine which is the leaf cert (server cert), and then that will be presented for that key.

Bug Fixes

• If a key contained a cert, but began with something that wasn't a cert (like a private key), then the cert would not be found. No longer!

v0.2.0 - Credhub and Ops Manager

New Features

• doomsday server now supports config server (credhub) and ops manager as credentials backends. Watch your certs in all the places.

Improvements

• The CLI now gives a more informative error message when the user is not authenticated to doomsday.
• The server now uses multiple goroutines when fetching secrets from the credential backends. I've found this often yields about a 20% speedup over... not using multiple goroutines.

v0.1.1 - Dashboard stuff

Bug Fixes

• The server can now purge cert entries from the cache which are no longer present in the storage backend
• The dashboard now prints all the certs it wants to

Enhancements

• The dashboard command now shows certs at expired, 3 days, 2 weeks, and 4 weeks.

v0.1.0 - Initial Release

This seems like a start.