chore: release 4.9.0

.pre-commit-config.yaml

@@ -132,7 +132,7 @@ repos:
         entry: bash -c 'cd documentation && mkdocs build --strict'
 
   - repo: https://github.com/Cosmian/git-hooks.git
-    rev: v1.0.16
+    rev: v1.0.20
     hooks:
       - id: cargo-format
       # - id: cargo-upgrade
@@ -148,3 +148,4 @@ repos:
       - id: clippy-autofix-others
       - id: clippy-all-targets-all-features
       - id: cargo-format # in last du to clippy fixes
+      - id: docker-compose-down

CHANGELOG.md

@@ -2,6 +2,21 @@
 
 All notable changes to this project will be documented in this file.
 
+## [4.9.0] - 2023-11-10
+
+### Bug Fixes
+
+- fix: migrate to num-bigint-dig for bigint (#85)
+
+### Ci
+
+- Test KMS inside a SGX machine
+
+### Features
+
+- Update Covercrypt version to support Policy V2 ([#63])
+- Generalize bulk operations using KMIP `Messages` structure
+
 ## [4.8.2] - 2023-10-31
 
 ### Bug Fixes
@@ -12,7 +27,7 @@ All notable changes to this project will be documented in this file.
 
 ### Bug Fixes
 
-Fix for [#64](https://github.com/Cosmian/kms/issues/64)
+- Fix for [#64](https://github.com/Cosmian/kms/issues/64)
 
 ## [4.8.0] - 2023-10-07
 

crate/cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_kms_cli"
-version = "4.8.2"
+version = "4.9.0"
 edition = "2021"
 license-file = "../../LICENSE.md"
 description = "CLI used to manage the Cosmian KMS."

crate/client/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_kms_client"
-version = "4.8.2"
+version = "4.9.0"
 authors = ["Bruno Grieder <[email protected]>"]
 edition = "2021"
 license-file = "../../LICENSE.md"

crate/kmip/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_kmip"
-version = "4.8.2"
+version = "4.9.0"
 edition = "2021"
 license-file = "../../LICENSE.md"
 

crate/logger/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_logger"
-version = "4.8.2"
+version = "4.9.0"
 authors = ["Emmanuel Coste <[email protected]>"]
 edition = "2021"
 license-file = "../../LICENSE.md"

crate/pyo3/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_kms_python"
-version = "4.8.2"
+version = "4.9.0"
 authors = ["Hugo Rosenkranz-Costa <[email protected]>"]
 edition = "2021"
 license-file = "../../LICENSE.md"

crate/server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_kms_server"
-version = "4.8.2"
+version = "4.9.0"
 authors = ["Bruno Grieder <[email protected]>"]
 edition = "2021"
 license-file = "../../LICENSE.md"

crate/utils/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_kms_utils"
-version = "4.8.2"
+version = "4.9.0"
 authors = ["Bruno Grieder <[email protected]>"]
 edition = "2021"
 license-file = "../../LICENSE.md"

delivery/Dockerfile.standalone

@@ -1,6 +1,6 @@
 FROM ubuntu:22.04 as builder
 
-LABEL version="4.8.2"
+LABEL version="4.9.0"
 LABEL name="Cosmian KMS docker container"
 
 ENV DEBIAN_FRONTEND=noninteractive

documentation/docs/authentication.md

@@ -26,7 +26,7 @@ The server must be started using TLS, and the certificate used to verify the cli
 !!! info "Example client TLS authentication."
 
     ```sh
-    docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.8.2 \
+    docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.9.0 \
         --https-p12-file kms.server.p12  --https-p12-password password \
         --authority-cert-file verifier.cert.pem
     ```
@@ -65,7 +65,7 @@ The KMS server JWT authentication is configured using three command line options
 Below is an example of a JWT configuration for the KMS server using Google as the authorization server.
 
 ```sh
-docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.8.2 \
+docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.9.0 \
     --jwt-issuer-uri=https://accounts.google.com \
     --jwks-uri=https://www.googleapis.com/oauth2/v3/certs \
     --jwt-audience=cosmian_kms

documentation/docs/bootstrap.md

@@ -11,7 +11,7 @@ When [running in a zero-trust environment](./zero_trust.md) inside a confidentia
 To start the KMS server in bootstrap mode, use the `--use-bootstrap-server` option:
 
 ```sh
-docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.8.2 \
+docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.9.0 \
   --use-bootstrap-server
 ```
 

documentation/docs/cli/cli.md

@@ -1,7 +1,7 @@
 The `ckms` binary is a command line interface (CLI) used to manage cryptographic objects inside the KMS.
 
 !!! info "Download ckms"
-    Please download the latest version of the CLI for your Operating System from the [Cosmian public packages repository](https://package.cosmian.com/kms/4.8.2/)
+    Please download the latest version of the CLI for your Operating System from the [Cosmian public packages repository](https://package.cosmian.com/kms/4.9.0/)
 
 The CLI expects a configuration file to be located at `~/.cosmian/kms.json` where `~` is your home folder.
 

documentation/docs/high_availability_mode.md

@@ -53,7 +53,7 @@ e.g.
 
 ```sh
 docker run --rm -p 9998:9998 \
-  --name kms ghcr.io/cosmian/kms:4.8.2 \
+  --name kms ghcr.io/cosmian/kms:4.9.0 \
   --database-type=postgresql \
   --database-url=postgres://kms_user:kms_password@pgsql-server:5432/kms
 
@@ -68,7 +68,7 @@ Example:
 
 ```sh
 docker run --rm -p 9998:9998 \
-  --name kms ghcr.io/cosmian/kms:4.8.2 \
+  --name kms ghcr.io/cosmian/kms:4.9.0 \
   --database-type=redis-findex \
   --database-url=redis://localhost:6379 \
   --redis-master-password password \
@@ -105,7 +105,7 @@ Say the certificate is called `cert.p12` and is in a directory called `/certific
 
 ```sh
 docker run --rm -p 9998:9998 \
-  --name kms ghcr.io/cosmian/kms:4.8.2 \
+  --name kms ghcr.io/cosmian/kms:4.9.0 \
   -v /certificate/cert.p12:/root/cosmian-kms/cert.p12 \
   --database-type=mysql \
   --database-url=mysql://mysql_server:3306/kms \

documentation/docs/index.md

@@ -6,7 +6,7 @@ The Cosmian KMS is designed to [operate in **zero-trust** environments](./zero_t
     To quick-start a Cosmian KMS server on `http://localhost:9998` that stores its data inside the container, simply run
 
     ```sh
-    docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.8.2
+    docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.9.0
     ```
 
     Check the Cosmian KMS server version
@@ -78,7 +78,7 @@ The KMS has an easy-to-use command line interface client built for many operatin
 
 The KMS server is available as a Docker image on the [Cosmian public Docker repository](https://github.com/Cosmian/kms/pkgs/container/kms).
 
-Raw binaries for multiple operating systems are also available on the [Cosmian public packages repository](https://package.cosmian.com/kms/4.8.2/)
+Raw binaries for multiple operating systems are also available on the [Cosmian public packages repository](https://package.cosmian.com/kms/4.9.0/)
 
 #### Integrated with Cloudproof libraries
 
@@ -91,7 +91,7 @@ The libraries are available in many languages, including Javascript, Java, Dart,
 Just like the [`ckms` Command Line Interface](./cli/cli.md), the KMS server has a built-in help system that can be accessed using the `--help` command line option.
 
 ```sh
-docker run --rm ghcr.io/cosmian/kms:4.8.2 --help
+docker run --rm ghcr.io/cosmian/kms:4.9.0 --help
 ```
 
 The options are enabled on the docker command line or using the environment variables listed in the options help.

documentation/docs/single_server_mode.md

@@ -9,7 +9,7 @@ This configuration also supports user encrypted databases, a secure way to store
 To run in single server mode, using the defaults, run the container as follows:
 
 ```sh
-docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.8.2
+docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.9.0
 ```
 
 The KMS will be available on `http://localhost:9998`, and the server will store its data inside the container in the `/root/cosmian-kms/sqlite-data` directory.
@@ -21,7 +21,7 @@ To persist data between restarts, map the `/root/cosmian-kms/sqlite-data` path t
 ```sh
 docker run --rm -p 9998:9998 \
   -v cosmian-kms:/root/cosmian-kms/sqlite-data \
-  --name kms ghcr.io/cosmian/kms:4.8.2
+  --name kms ghcr.io/cosmian/kms:4.9.0
 ```
 
 ### Using user encrypted databases
@@ -31,7 +31,7 @@ To start the KMS server with user encrypted SQLite databases, pass the `--databa
 ```sh
 docker run --rm -p 9998:9998 \
   -v cosmian-kms:/root/cosmian-kms/sqlite-data \
-  --name kms ghcr.io/cosmian/kms:4.8.2 \
+  --name kms ghcr.io/cosmian/kms:4.9.0 \
   --database-type=sqlite-enc
 ```
 

documentation/docs/tls.md

@@ -29,7 +29,7 @@ Say the certificate is called `server.mydomain.com.p12`, is protected by the pas
 ```sh
 docker run --rm -p 443:9998 \
   -v /certificate/server.mydomain.com.p12:/root/cosmian-kms/server.mydomain.com.p12 \
-  --name kms ghcr.io/cosmian/kms:4.8.2 \
+  --name kms ghcr.io/cosmian/kms:4.9.0 \
   --database-type=mysql \
   --database-url=mysql://mysql_server:3306/kms \
   --https-p12-file=server.mydomain.com.p12 \
@@ -67,7 +67,7 @@ Example:
 docker run --rm -p 443:9998 \
   -v cosmian-kms:/root/cosmian-kms/sqlite-data \
   -v cosmian-kms-certs:/root/cosmian-kms/certbot-ssl \
-  --name kms ghcr.io/cosmian/kms:4.8.2 \
+  --name kms ghcr.io/cosmian/kms:4.9.0 \
   --database-type=sqlite-enc \
   --use-certbot \
   --certbot-server-name server.mydomain.com \

documentation/docs/zero_trust.md

@@ -37,7 +37,7 @@ The KMS servers must be installed in confidential VMs and started in bootstrap m
 - To start the database server in bootstrap mode, use the `-use-bootstrap-server` option (see [bootstrap](./bootstrap.md) from more details) on the docker started in the confidential VM :
 
 ```bash
-docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.8.2 --use-bootstrap-server
+docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.9.0 --use-bootstrap-server
 ```
 
 - To use the TLS generation using LetsEncrypt inside the confidential VM add the arguments described in [tls](./tls.md#using-the-certificates-bot)