Skip to content

v0.3.0

Latest
Latest

Choose a tag to compare

View all tags
@johnzfitch johnzfitch released this 07 Mar 14:40
v0.3.0
This tag was signed with the committer’s verified signature.
johnzfitch Zack Fitch
SSH Key Fingerprint: d4lDQsoBrddKzQSBc9hlzJ25JYNidvQVeXUwU5fOcDI
Verified
Learn about vigilant mode.
51a68f3
This commit was signed with the committer’s verified signature.
johnzfitch Zack Fitch
SSH Key Fingerprint: d4lDQsoBrddKzQSBc9hlzJ25JYNidvQVeXUwU5fOcDI
Verified
Learn about vigilant mode.

Mandatory Encrypted Vault

Credential storage is now always encrypted. The --no-vault opt-out has been removed — pacer auth init and pacer auth login both require a vault passphrase.

Vault architecture
Layer Detail
Cipher AES-256-GCM (unique 96-bit nonce per secret)
KDF Scrypt (N=16384, r=8, p=1)
Salt 32-byte random, regenerated on passphrase change
Storage ~/.pacer/vault.json with 0600 permissions
Writes Atomic via temp file + os.replace()

Breaking changes

  • --no-vault flag removed from pacer auth init
  • pacer auth login now prompts for vault passphrase (creates vault if none exists)
  • Plaintext credential storage (config.env) is no longer offered

Bug fixes

  • Parser fix — regex fallback (parse_docket_regex) captured </h3> closing tag as part of case number. Changed \S+ to [\w:\-\.]+ character class to match only valid case number characters.

Documentation

  • Full Encrypted Vault section added to README with architecture, file structure, operations table, and Scrypt tuning env vars
  • SECURITY.md updated with vault encryption details
  • All stale config.env credential references removed

pip install pacer-cli==0.3.0

Assets 2
Loading