diff --git a/deploy/charts/disco-agent/README.md b/deploy/charts/disco-agent/README.md index f548bdba..19310ee6 100644 --- a/deploy/charts/disco-agent/README.md +++ b/deploy/charts/disco-agent/README.md @@ -348,11 +348,10 @@ This description will be associated with the data that the agent uploads to the #### **config.sendSecretValues** ~ `bool` > Default value: > ```yaml -> true +> false > ``` -Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk, fetched from the Discovery and Context service. -Default: true +Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk, fetched from the Discovery and Context service. This value will default to "true" in a future release when further updates have been made to the Discovery and Context backend. #### **authentication.secretName** ~ `string` > Default value: > ```yaml diff --git a/deploy/charts/disco-agent/templates/NOTES.txt b/deploy/charts/disco-agent/templates/NOTES.txt index 2aea6a74..2825c624 100644 --- a/deploy/charts/disco-agent/templates/NOTES.txt +++ b/deploy/charts/disco-agent/templates/NOTES.txt @@ -7,3 +7,8 @@ APP VERSION: {{ .Chart.AppVersion }} - Check the application logs for successful connection to the platform: > kubectl logs -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +{{ if .Values.config.sendSecretValues }} +WARNING: sendSecretValues is not finalised and is subject to breaking changes in the future. +It should be enabled only for testing and validation. +{{ end }} diff --git a/deploy/charts/disco-agent/values.schema.json b/deploy/charts/disco-agent/values.schema.json index 083d26ef..68fb432c 100644 --- a/deploy/charts/disco-agent/values.schema.json +++ b/deploy/charts/disco-agent/values.schema.json @@ -166,8 +166,8 @@ "type": "string" }, "helm-values.config.sendSecretValues": { - "default": true, - "description": "Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk, fetched from the Discovery and Context service.\nDefault: true", + "default": false, + "description": "Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk, fetched from the Discovery and Context service. This value will default to \"true\" in a future release when further updates have been made to the Discovery and Context backend.", "type": "boolean" }, "helm-values.extraArgs": { diff --git a/deploy/charts/disco-agent/values.yaml b/deploy/charts/disco-agent/values.yaml index a82dabf9..229fc7ce 100644 --- a/deploy/charts/disco-agent/values.yaml +++ b/deploy/charts/disco-agent/values.yaml @@ -200,8 +200,9 @@ config: # Metadata is always sent, but the actual values of Secrets are not sent by default. # When enabled, Secret data is encrypted using envelope encryption using # a key managed by CyberArk, fetched from the Discovery and Context service. - # Default: true - sendSecretValues: true + # This value will default to "true" in a future release when further updates have been + # made to the Discovery and Context backend. + sendSecretValues: false authentication: secretName: agent-credentials diff --git a/klone.yaml b/klone.yaml index 13135d6e..587aa983 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,55 +10,55 @@ targets: - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/go - folder_name: helm repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/helm - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/help - folder_name: kind repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/kind - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/klone - folder_name: licenses repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/licenses - folder_name: oci-build repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/oci-build - folder_name: oci-publish repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/oci-publish - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 55974d81000a5135b824a5534a30858203fbfdb6 + repo_hash: db3f643e1aa63fc2873731249f9aabf777fb86aa repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 464e7911..b7fc2431 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -221,7 +221,7 @@ tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ # renovate: datasource=golang-version packageName=go -VENDORED_GO_VERSION := 1.26.0 +VENDORED_GO_VERSION := 1.26.1 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -468,10 +468,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) # File downloads # ################## -go_linux_amd64_SHA256SUM=aac1b08a0fb0c4e0a7c1555beb7b59180b05dfc5a3d62e40e9de90cd42f88235 -go_linux_arm64_SHA256SUM=bd03b743eb6eb4193ea3c3fd3956546bf0e3ca5b7076c8226334afe6b75704cd -go_darwin_amd64_SHA256SUM=1ca28b7703cbea05a65b2a1d92d6b308610ef92f8824578a0874f2e60c9d5a22 -go_darwin_arm64_SHA256SUM=b1640525dfe68f066d56f200bef7bf4dce955a1a893bd061de6754c211431023 +go_linux_amd64_SHA256SUM=031f088e5d955bab8657ede27ad4e3bc5b7c1ba281f05f245bcc304f327c987a +go_linux_arm64_SHA256SUM=a290581cfe4fe28ddd737dde3095f3dbeb7f2e4065cab4eae44dfc53b760c2f7 +go_darwin_amd64_SHA256SUM=65773dab2f8cc4cd23d93ba6d0a805de150ca0b78378879292be0b903b8cdd08 +go_darwin_arm64_SHA256SUM=353df43a7811ce284c8938b5f3c7df40b7bfb6f56cb165b150bc40b5e2dd541f .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools