Keeper Gateway v1.3.0

Released on September 1, 2023

New Features

  • Gateway Configuration with an AWS EC2 Instance

    • An IAM Role Policy can be created and assigned to an EC2 Instance in order to provide the Keeper Gateway service with the required permissions to retrieve the necessary configuration from the AWS Key Management Service (KMS). This method eliminates the need for storing a configuration file on the disk, and instead, stores the configuration file in your AWS KMS.

Improvements & Bug Fixes

  • Updates to handle Non-UTF8 Encoding

    • Added functionality to ignore bad characters during decoding, addressing potential encoding mismatches, especially with Windows.

  • Removed the AD Organizational Unit (OU) Check

    • Removed the OU check feature as it was not performing as expected.

  • Handle Nologin User Shell

    • Implemented measures to detect and handle instances with a /sbin/nologin shell or false, searching for a supported shell instead.

    • Enforced the overriding of the SHELL variable in the spawned shell to prevent inconsistencies.

  • Clean Up Rotation Action Processes, Use Environment Variable Options

    • Moved log configuration to process initializer for better control.

    • Excluded process information in job debug messages temporarily.

    • Added the ability to obtain command-line parameters from environment variables, providing more flexible configuration options.

    • Created constants to guide the retrieval of parameters from environment variables.

    • Prioritized command-line parameters over environment variables to ensure consistency in configurations.

  • Add MAC_CONFIG_PATH Variable and Permissions Settings

    • Introduced a MAC_CONFIG_PATH variable pointing to the configuration file for enhanced readability.

    • Added explicit permission settings for directories and configuration files to bolster security.

  • Improved Reconnection Strategy

    • Modified the system to continue reconnection attempts if the WebSocket response code is 500 or greater. Reused reconnection code for HTTP status codes less than 500.

  • Websocket Client Updates

    • Modified the 'create_dispatcher' method to choose the correct dispatcher based on SSL configuration, addressing issues when connecting to routers without SSL.

  • Logging Improvements

    • Improve Error Messages

      • Continued refinement of error messages to enhance the user experience and enable more effective troubleshoot

    • Logging Configuration: Restricted the allowance of multiple configurations for logging to prevent conflicts and potential errors.

Last updated