0.4.0

• New support for a Host SSH Certificate Lambda.
  • Please consider how you will control who can obtain host certs for which hostnames before using.
• Updated publishing code to build with the latest Amazon Linux 2.
• Validated for Python 3.7 Lambda runtime.
• Updated dependencies.
• Various typo fixes.

0.3.0

• Python 3.6 Lambda support
• Caching of the KMS decrypted CA Private Key Password.
• Compressed CA Private Key support, allowing RSA 4096 keys to be set in the Lambda Environment.
• Issue certificates for ED25519 public keys (RSA CA).
• New option to validate the remote username against the IAM groups of the calling user.
• Updated dependencies.

0.2.0

0.2.0 - June 7, 2017

• Several changes have been made to the BLESS request format and return values.
• Merged Lyft's kmsauth changes into BLESS, adding an optional kmsauth_token parameter.
• Changed BLESS requests from using remote_username to remote_usernames and bastion_ip to bastion_ips, both comma- separated lists.
  remote_usernames can be used for SSH principals specified in an AuthorizedPrincipalsFile (see SSHD_CONFIG(5)).
• Aligning BLESS returns so that Lambda configuration errors raise exceptions, and request errors return a dictionary with either errorType and errorMessage or a certificate.
• Updated the sample BLESS client to deal with the new lambda return values.
• Additional username validation methods are now supported via configuration.
• Config file options can now be set as Lambda environment variables.
• For kmsauth requests, it is now possible for users to request certificates for allowed remote user names.

0.1.1

0.1.1 - July 26, 2016

• Updates to README.
• Updating dependencies to the latest versions.
• Example BLESS Client now relies on AWS SDK for credential checks.
• BLESS Lambda now checks RSA public key strength before signing.

0.1

0.1 release