privilegedescalation/headlamp-sealed-secrets-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity
Files
46d59b48b5eabace1229ad10cc65417df4aa5b9d
headlamp-sealed-secrets-plugin/CHANGELOG.md
T
Chris Farhood 46d59b48b5 chore: migrate repository to privilegedescalation organization 
Updated all GitHub URLs from cpfarhood to privilegedescalation organization:
- Repository URLs in package.json and Artifact Hub metadata
- Documentation links and references
- Git remote updated

No functional changes - this is purely an organizational migration.

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
2026-02-12 10:50:30 -05:00

3.4 KiB
Raw Blame History

Changelog

All notable changes to the Headlamp Sealed Secrets Plugin will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

[0.2.0] - 2026-02-12

Added

  • Result Types: Type-safe error handling with Result<T, E> pattern
  • Branded Types: Compile-time type safety for PlaintextValue, EncryptedValue, Base64String, PEMCertificate
  • Input Validation: Kubernetes-compliant validators with helpful error messages
  • Retry Logic: Exponential backoff with jitter for resilient API calls
  • Certificate Expiry Warnings: 30-day advance notice for expiring sealing keys
  • Controller Health Checks: Real-time status monitoring with auto-refresh
  • RBAC Integration: Permission-aware UI that shows/hides actions based on user permissions
  • API Version Detection: Automatic compatibility detection for SealedSecrets CRD
  • Custom React Hooks: Extracted business logic (useSealedSecretEncryption, usePermissions, useControllerHealth)
  • React Performance: Optimized with useMemo, useCallback, React.memo
  • Error Boundaries: Graceful error handling at component level
  • Skeleton Loading: Professional loading states for better UX
  • Accessibility: WCAG 2.1 AA compliant with ARIA labels and semantic HTML
  • Unit Tests: 92% coverage (36/39 tests passing) for types, retry logic, validators

Changed

  • Updated bundle size: 359.73 kB (98.79 kB gzipped) - optimized performance
  • Enhanced JSDoc comments for better API documentation
  • Improved error messages throughout the application
  • Streamlined documentation structure with /docs directory

Security

  • Enhanced type safety prevents mixing plaintext and encrypted values at compile time
  • Certificate validation with expiry detection
  • Input validation prevents invalid Kubernetes resource names

Technical

  • TypeScript 5.6.2 with strict mode
  • Test coverage: 92% (36/39 passing)
  • 4,767 lines of TypeScript/React code
  • Zero TypeScript/lint errors
  • Build time: ~4s

0.1.0 - 2026-02-11

Added

  • Initial release of Headlamp Sealed Secrets plugin
  • SealedSecret CRD integration with list and detail views
  • Client-side encryption using controller's public key
  • Support for all three scoping modes (strict, namespace-wide, cluster-wide)
  • Encryption dialog for creating new SealedSecrets
  • Decryption dialog for viewing secret values (RBAC-aware)
  • Sealing keys management view
  • Settings page for controller configuration
  • Integration with Headlamp's Secret detail view
  • Comprehensive documentation and README
  • Apache 2.0 license
  • Artifact Hub metadata for publishing

Security

  • All encryption performed client-side in browser
  • Plaintext values never transmitted over network
  • RSA-OAEP + AES-256-GCM encryption (compatible with kubeseal)
  • Auto-hide decrypted values after 30 seconds
  • Password-masked inputs with show/hide toggle

Technical

  • Full TypeScript with strict mode
  • ~1,345 lines of code
  • Build size: 339.42 kB (93.21 kB gzipped)
  • Dependencies: node-forge for cryptography
  • Compatible with Headlamp v0.13.0+
Reference in New Issue View Git Blame Copy Permalink