v1.1.3

Changelog

• b51a0ec Bump cloud.google.com/go/kms from 1.9.0 to 1.15.0 (#417)
• 31a0709 Bump github.com/aws/aws-sdk-go from 1.44.219 to 1.44.305 (#400)
• a7de510 Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.1.0 to 4.2.0 (#418)
• f56ec1a Bump github.com/go-playground/validator/v10 from 10.11.2 to 10.14.1 (#392)
• 4230b9a Bump github.com/golang-jwt/jwt/v5 from 5.0.0-rc.1 to 5.0.0 (#393)
• c8911ac Bump github.com/prometheus/client_golang from 1.14.0 to 1.16.0 (#406)
• 05f308c Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#394)
• b260264 Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#409)
• 771d62a Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (#396)
• 08f5f58 Bump golang.org/x/crypto from 0.7.0 to 0.11.0 (#408)
• 6cc9d24 Bump google.golang.org/api from 0.112.0 to 0.134.0 (#416)
• 460ba53 Integrationtest codecoverage (#380)
• e76b84c add dependabot config with separator as hyphen (#390)
• 184de99 combined code coverage (#413)
• 1c991b3 dependabot - disable npm, schedule go monday aft (#415)
• 8469114 fix release changelog, currently only lists last commit (#424)
• 16b4da9 integration tests - bump octez version to 17.2 (#414)
• ad58b17 npm - replace slash with hyphen in branch name (#399)
• b03183a use goreleaser conditionals properly (#422)

v1.1.3-rc

Changelog

• 50e98dd fix goreleaser config: use inert -v flag to avoid empty flags value

v1.1.2

Changelog

• 9eef74d AWS GetPublicKey error handling fix (#389)

v1.1.1

This release is a patch release fixing 2 issues:

#379 - intermittent watermark validation error on block sign
#383 - fail to start with destroyed version in gcp kms

v1.1.0

Release Notes

• client authentication and signing request authorization using JWT was added in this release. Please find full details in product documentation
• watermark feature protecting against double baking updated to include round information introduced in the Tenderbake protocol. Operators running Signatory in a docker container should mount Signatory's /var/lib/signatory directory to the host filesystem to preserve the watermarks
• significant integration test coverage has been added to Signatory's build pipeline
• a number of documentation improvements have been made

Changelog

• fixed broken link to approve list service on remote policy page by @michaelkernaghan in #316
• JWT library updated and code changes to match the new version by @AbineshECAD in #319
• chore: update docusarus by @jevonearth in #329
• chore: run npm audit fix for website by @jevonearth in #330
• update Remote Policy Server Docs page to include diagram by @michaelkernaghan in #318
• sg-274 update integration test readme by @stephengaudet in #334
• Update aws_kms.md by @stephengaudet in #337
• sg-ledger-doc-improvement by @stephengaudet in #340
• added page for how signatory works with bakers by @michaelkernaghan in #335
• GoTez protocol and encoding library by @e-asphyx in #323
• Update integration-tests.yaml - remove limanet by @stephengaudet in #343
• added doc for authorized_keys configuration by @michaelkernaghan in #332
• Mk 312 add signatory architecture page by @michaelkernaghan in #314
• added doc updates from old PR for three pages by @michaelkernaghan in #321
• Build and publish Docker image previews from branches by @danielelisi in #349
• Upgrade goreleaser-cross to v1.20.3 by @danielelisi in #353
• changes to integration test workflow plus new integration tests (using flextesa) by @stephengaudet in #350
• update integration test readme by @stephengaudet in #355
• Sg integrationtest chainprotocol by @stephengaudet in #359
• add minpk genkey test by @stephengaudet in #363
• sg-integrationtest-includebaker by @stephengaudet in #360
• Sg integrationtest add aws-kms, and simple cli by @stephengaudet in #365
• Sg integrationtest addgcp by @stephengaudet in #368
• sg integrationtest add AZ by @stephengaudet in #369
• Duplicated requests and watermark migration by @e-asphyx in #348
• Add labels to vault_sign_request_duration Prometheus metrics by @danielelisi in #300
• Sg integrationtest addspeculos by @stephengaudet in #375
• JWT Feature by @AbineshECAD in #367
• Fix Docker Hub authentication for publishing Docker images by @danielelisi in #377

Full Changelog: v1.0.0-beta3...v1.1.0

Docker Images

docker pull ecadlabs/signatory:v1.1.0-amd64

docker pull ecadlabs/signatory:v1.1.0-arm64

docker pull ecadlabs/signatory:v1.1.0-armv7

v1.0.0-beta3

Changelog

• 0df82ce Document change to add file vault to import not supported vault list (#308)
• 62769e0 Enable Mermaid diagram support on signatory website (#283)
• edbe3de Fix pipeline triggering multiple times for PRs
• 36138c3 Ledger/Speculos TCP APDU transport (#288)
• 286c248 Remove redundant yarn.lock file from website folder
• 7cd50a1 Revert "added signatory architecture page"
• 5984cbd Update go dependencies to the latest version (#304)
• 952e99a added diagram to readme and docs (#293)
• 674df0a added signatory architecture page
• cb5f30c chore: run npm audit fix for website (#284)
• a91b80d chore: update docusarus to 2.2.0 and tidy npm deps (#280)
• 047ce23 documentation improvements (#278)
• e0805dc fix: update discord invite link and twitter link (#285)
• 11a9150 fix: update footer to display Apache license. (#286)
• 16b5f4f remove duplicate backend from readme (#277)
• cbd96e2 small documentation changes (#287)

v1.0.0-beta2

Changelog

• bc0cc28 Docs upzo (#259)
• b8a7a46 Import secrets are received without any terminal history (#267)
• d900ee2 Rename tezos-client binaries to octez-client (#260)
• c2d6ecb Revert "YubiSHM: append elliptic curve to the signature" (#272)
• 27bc256 YubiSHM: append elliptic curve to the signature (#271)
• 37ee34d YubiSHM: append elliptic curve to the signature (#273)
• cd47445 secp256k1 updated to v4 (#256)
• 74a0c56 update env name in integration test to limanet (#276)

Docker Images

docker pull ecadlabs/signatory:v1.0.0-beta2-amd64

docker pull ecadlabs/signatory:v1.0.0-beta2-arm64

docker pull ecadlabs/signatory:v1.0.0-beta2-armv7

v1.0.0-beta1

Changelog

• dd13b69 Consensus key operations support (#255)
• 8c3af77 External policy hook (#252)

Remote Policy Service

Docker Images

docker pull ecadlabs/signatory:v1.0.0-beta1-amd64

docker pull ecadlabs/signatory:v1.0.0-beta1-arm64

docker pull ecadlabs/signatory:v1.0.0-beta1-armv7

v0.4.0-beta

Summary

This release of Signatory contains several new features and a lot of polish, making the service easier to configure and operate.

New Operations

Signatory only signs operations that it recognizes. We have added support for most new operation types, such as VDF Revelations, Increase Paid storage and TORU rollup commitments. Signatory is not only for Bakers. It is helpful for signing operations in many other contexts, such as hot wallets operated by an exchange, Oracles and commitments related to Layer 2 ORUs.

New config syntax for Policies

We simplified the YAML policy syntax structure to make it easier to understand. The old syntax still works, but Signatory will warn the Signatory operator to update their configuration to the new layout.

You can find example configurations with the new policy definition in the official docs Configuration Example - File-based Vault

Use animal-mnemonics for ledgers

To stay consistent with the Octez implementation, we now use the same "animal mnemonics" scheme to identify the root keys on a Ledger device.

Logging updates

Logs are more succinct, especially when signing batch operations.

Docker images

We now ship armv7 docker images.

Connect to all backends at startup

Signatory will now connect to all backends at startup and print details on each configured address. Previously, Signatory would be lazy and wait for a signing request before connecting to a backend. The new behaviour helps Signatory operators detect configuration issues quickly.

Bug Fixes

An Azure infinite loop condition was found and is fixed.

What's coming next?

We are busy adding support for new Lima operations. We are also adding a "Remote Policy Hook", which will allow Signatory operators to have Signatory send authentication requests to an external web service. This feature enables Signatory operators flexibility to compose their security defences precisely, given their threat profiles.

Docker Images

docker pull ecadlabs/signatory:v0.4.0-beta-amd64

docker pull ecadlabs/signatory:v0.4.0-beta-arm64

docker pull ecadlabs/signatory:v0.4.0-beta-armv7

v0.4.0-beta-rc0

Changelog

• 4341cfd Add docker image build for armv7 (#249) (#251)
• 7ed8d09 Import not supported in aws documentation + cli help correction (#230)
• 75b703e Increase paid storage and VDF revelation operations added (#250)
• f59c73f New common document for signatory-cli features (#233)
• 5a37552 New policy syntax (#241)
• 7b65485 Replace base58 ledger ids with animal mnemonics (#243)
• 83be99f Test case for infinite loop when vault errors (#219)
• 9102a42 Update docusaurus to v2.1 (#253)
• 9d6626c log ops statistics insteaf of a list (#248)

Docker Images

docker pull ecadlabs/signatory:v0.4.0-beta-rc0-amd64

docker pull ecadlabs/signatory:v0.4.0-beta-rc0-arm64