This release increases the visibility of some core construction methods so users who already deal with byte arrays do not need to base64 encode them first. In addition, for users of the AWS Secrets Manager rotator Lambda, the version of Jackson has been upgraded. A detailed list of changes is available here.

Usage

The core library can be pulled from . It can be added directly to the classpath as there are no dependencies. Alternatively, it can be pulled in using a package manager as described here.

The AWS Secrets Manager Rotator can be downloaded from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

This release adds convenience methods for generating keys and tokens without specifying an entropy source. A detailed list of changes is available here.

Usage

The core library can be pulled from . It can be added directly to the classpath as there are no dependencies. Alternatively, it can be pulled in using a package manager as described here.

The AWS Secrets Manager Rotator can be downloaded from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

Breaking Changes

This release introduces the following breaking changes:

1. Only cryptographically secure entropy sources (i.e. SecureRandom) are supported. Developers still have the flexibility to seed the PRNG or provide a custom implementation, but the less secure Random cannot be used.
2. The method to decrypt arbitrary cipher text has been removed from the public API. Although it is still used internally, client applications will need to use a validateAndDecrypt method in order to access the secret data.

For a detailed list of the changes, see here.

Usage

The core library can be pulled from . It can be added directly to the classpath as there are no dependencies. Alternatively, it can be pulled in using a package manager as described here.

The AWS Secrets Manager Rotator can be downloaded from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

This release updates several dependencies used by the AWS Secrets Manager Rotator and the Jersey module. This reduces the likelihood of security vulnerabilities in client code. A detailed list of changes is available here.

Usage

The core library can be pulled from . It can be added directly to the classpath as there are no dependencies. Alternatively, it can be pulled in using a package manager as described here.

The AWS Secrets Manager Rotator can be downloaded from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

This release adds two security features. First, it makes a best-effort attempt to wipe secret data from memory before that memory is made available to other applications. Second, it uses constant-time comparisons of secret data to mitigate against timing attacks. A detailed list of the changes from v1.3.4 is available here.

Usage

The core library can be pulled from . It can be added directly to the classpath as there are no dependencies. Alternatively, it can be pulled in using a package manager as described here.

The AWS Secrets Manager Rotator can be downloaded from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

This release introduces changes to make the libraries compatible with JDK 10 and JDK 11. It is still compatible with JDK 8. In addition, for the AWS Secrets Manager Rotator, newer versions of the AWS SDK libraries and the Log4J libraries are introduced.

Usage

The core library can be pulled from . It can be added directly to the classpath as there are no dependencies. Alternatively, it can be pulled in using a package manager as described here.

The AWS Secrets Manager Rotator can be downloaded from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

This release updates dependencies used by the AWS Secrets Manager Fernet Key Rotator Lambda. For more information, see here.

Usage

The core library can be downloaded here and added to your classpath or pulled from .

The AWS Secrets Manager Rotator can either be downloaded here or from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

Platform Improvements

This release updates a number of dependencies and imposes stricter static analysis rules (from PMD and SonarQube). For more information, see here.

Usage

The core library can be downloaded here and added to your classpath or pulled from .

The AWS Secrets Manager Rotator can either be downloaded here or from . It can be uploaded directly into the AWS Console.

The Jersey module should be pulled from .

Add support for Jersey JAX-RS integration

Core Library Changes

A more specific TokenValidationException, PayloadValidationException, was introduced to identify when a token is valid but fails custom validation.

New Module

The fernet-jersey-auth module was added to support authentication of REST endpoints with Fernet tokens. For more information, see the documentation.

Support AWS Secrets Manager

This release has minimal changes to the core library. However, it introduces a new submodule that provides AWS Lambda functions to rotate Fernet keys that are stored using AWS Secrets Manager.