Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 28 additions & 18 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,35 @@
# Changelog

All notable changes to this project will be documented in this file.
Notable changes to the KrakenKey Probe. Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). Versions follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---

## [0.1.0] - 2026-03-17
## [Unreleased]

---

## [v0.2.0] — 2026-05-03

### Added
- `POST /scan` — authenticated on-demand scan endpoint. Enabled via `KK_PROBE_SCAN_API_ENABLED=true`; protected by a Bearer token (`KK_PROBE_SCAN_API_SECRET`, minimum 32 characters enforced at startup).
- `ScanAPIConfig` struct in the configuration (`scan_api.enabled` / `scan_api.secret` YAML keys).
- Startup validation: fails with a clear error message if the scan API secret is shorter than 32 characters.
- Used by KrakenKey API's `POST /public/scan` to proxy free TLS scan requests to the hosted probe.
- `KK_PROBE_SCAN_API_ENABLED` and `KK_PROBE_SCAN_API_SECRET` env vars documented in README.
- **On-Demand Scan API** section added to README covering config, request format, response shape, and security guidance.
- **Troubleshooting** entry added for secret-length startup error.

---

- TLS endpoint scanner with certificate metadata extraction (subject, SANs, issuer, chain, expiry, fingerprint, key type, signature algorithm)
- Connection metadata collection (TLS version, cipher suite, handshake latency, OCSP stapling)
- Three operating modes: `standalone`, `connected`, and `hosted`
- KrakenKey API integration for probe registration and result reporting
- Health check server with `/healthz` and `/readyz` endpoints
- Configurable scan interval (1m to 24h) with immediate first scan on startup
- YAML config file with environment variable overrides (`KK_PROBE_*` prefix)
- Persistent probe ID across restarts via state file
- Graceful shutdown on SIGINT/SIGTERM
- Multi-platform Docker images (linux/amd64, linux/arm64) via GoReleaser
- CI pipeline with lint, test, and build matrix
- Kubernetes deployment example with ConfigMap, Secrets, and health probes

[0.1.0]: https://github.com/krakenkey/probe/releases/tag/v0.1.0
## [v0.1.0] — 2026-03-27

### Added
- Initial release: TLS endpoint scanning with certificate chain validation, expiry checking, and connection health metrics (TLS version, cipher suite, OCSP stapling, latency).
- Three operating modes: `standalone` (local YAML config, no API), `connected` (user API key, reports to platform), `hosted` (service key, receives config from API by region).
- Dynamic endpoint reloading in `connected` and `hosted` modes — polls API every 60 seconds; triggers immediate scan if endpoint list changes.
- `/healthz` and `/readyz` HTTP health endpoints.
- `--healthcheck` CLI flag for Docker-native health checks (`probe --healthcheck`).
- Persistent JSON state file for probe ID and scan history.
- Multi-architecture Docker image (`ghcr.io/krakenkey/probe`) for amd64 and arm64.
- `CHANGELOG.md`, `CONTRIBUTING.md`, and `SECURITY.md` documentation files.
- Pre-built goreleaser release pipeline with SHA-256 checksums.
Loading