v1.26.3

1.26.3 (2025-04-01)

Fixes

• added a fix to KMS key validation that was causing the following error when passing an existing Secrets Manager instance:

  │ Error: Invalid function argument
  │ 
  │   on ../../main.tf line 21, in locals:
  │   21:   validate_is_hpcs_key = var.is_hpcs_key && local.kms_service_name != "hs-crypto" ? tobool("When is_hpcs_key is set to true then the key provided through kms_key_crn must be a Hyper Protect Crypto Services key") : true
  │     ├────────────────
  │     │ while calling tobool(v)
  │ 
  │ Invalid value for "v" parameter: cannot convert "When is_hpcs_key is set to true then the key provided through kms_key_crn must be a Hyper Protect Crypto Services key" to bool; only the strings
  │ "true" or "false" are allowed.
  

v1.26.2

1.26.2 (2025-03-31)

Fixes

• added a fix for a missing moved block in the DA which can cause the following destroys to be seen when upgrading to version 1.23.0 or later:

  # module.secrets_manager.ibm_sm_en_registration.sm_en_registration[0] will be destroyed
  

v1.26.1

1.26.1 (2025-03-31)

Fixes

• added a fix for a missing moved block in the DA which can cause the following destroys to be seen when upgrading to version 1.23.0 or later:

  # module.secrets_manager.ibm_iam_authorization_policy.en_policy[0] will be destroyed
  

  # module.secrets_manager.ibm_sm_en_registration.sm_en_registration[0] will be destroyed
  

v2.0.0

2.0.0 (2025-03-28)

Features

• added 2 new DA variations: "Fully configurable" and "Security-enforced"
• The "standard" variation has been deprecated does not exist in this release (#300) (b548403)

BREAKING CHANGES

• There is no upgrade path from the deprecated "Standard" DA variation to either of the new "Fully configurable" or "Security-enforced variations

v1.26.0

1.26.0 (2025-03-25)

Features

(#295) (a0cab06)

• The KMS auth policy has been updated so its now scoped to the exact KMS key. If upgrading from an older version this will recreate the auth policy, however it will create the new one before destroying the old one so there is no disruption to every day services.
• The kms_instance_guid input has been removed from the module. It is now programmatically determined from the value of kms_key_crn
• A new boolean input is_hpcs_key has been added to the module and should be set to true if the key specified in kms_key_crn is from a Hyper Protect instance. Leave it at false if using Key Protect. If set to true, a second auth policy is created which allows the Secrets Manager instance Viewer access to the HPCS instance.

v1.25.5

1.25.5 (2025-03-24)

Bug Fixes

• deps: update terraform-module (#306) (5c52795)

v1.25.4

1.25.4 (2025-03-22)

Bug Fixes

• deps: update terraform ibm to latest for the deployable architecture solution (#310) (c458399)

v1.25.3

1.25.3 (2025-03-20)

Bug Fixes

• expose the skip_iam_authorization_policy in the fscloud submodule (#301) (94db9b1)

v1.25.2

1.25.2 (2025-03-15)

Bug Fixes

• deps: update required_provider to latest for the deployable architecture solution (#305) (f12d4e9)

v1.25.1

1.25.1 (2025-03-06)

Bug Fixes

• deps: update IBM provider to 1.76.0 (#303) (190d59d)