Skip to main content

spirlctl Releases

Latest Assets

AssetLatest Release VersionLocation
Linux amd64v0.24.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirlctl/v0.24.0/spirlctl-v0.24.0-linux-amd64.tar.gz
Linux arm64v0.24.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirlctl/v0.24.0/spirlctl-v0.24.0-linux-arm64.tar.gz
macOS amd64v0.24.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirlctl/v0.24.0/spirlctl-v0.24.0-darwin-amd64.tar.gz
macOS arm64v0.24.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirlctl/v0.24.0/spirlctl-v0.24.0-darwin-arm64.tar.gz
Windows amd64v0.24.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirlctl/v0.24.0/spirlctl-v0.24.0-windows-amd64.tar.gz
Windows arm64v0.24.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirlctl/v0.24.0/spirlctl-v0.24.0-windows-arm64.tar.gz
Homebrew Tapv0.24.0
brew tap spirl/tap
brew install spirlctl

Release Notes

spirlctl 0.24.0

Breaking changes

  • spirlctl: removes ci-cd cluster commands. CI/CD Profiles should be linked to a cluster by using ci-cd profile link create instead.

Enhancements

  • spirlctl: adds iam remote-assist commands to enable Remote Assist and set automatic expiration times

spirlctl 0.23.0

Enhancements

  • spirlctl: CI/CD profiles cannot be deleted if they have existing links to a cluster. The --force flag can be added to delete those links and delete the profile.
  • Adds commands for CI/CD Profile links

spirlctl 0.22.0

Bug Fixes

  • Updated "spirlctl config change-path-template" example to use the current attribute syntax.
  • Fix bug when using spirlctl trust-domain info with the --show-deployments flag.

Enhancements

  • Add support for custom JWT claims in JWT-SVIDs via a JWT customization template.
  • Clusters can now be created with Reflector credentials enabled by using spirlctl cluster register ... --enable-reflector
  • Reflector can now be enabled/disabled on clusters by using spirlctl cluster config enable-reflector ... and spirlctl cluster config disable-reflector ... respectively
  • Clusters can now rotate their keys and Reflector keys by using spirlctl cluster config rotate-key ... --enable-reflector
  • spirlctl cluster workload list now allows for the cluster name to be omitted in order to get all workloads from all clusters within the trust domain.

spirlctl v0.21.0

Breaking Changes

  • spirlctl login with invitation code (spirlctl login --invitation) is no longer supported. Invited users now need to exclusively access the generated invitation URL for joining an organization (e.g. https://app.spirl.com/invitation/INVITATION_CODE)
  • Developer Identity commands now take --redirect-addr instead of --redirect-listener-port flag. It is also possible to store them alongside your developer identity config at $HOME/.spirl/dev-id/config.json at .dev_id.[].redirect_addr. The default is a random port at http://127.0.0.1/auth/callback

Enhancements

  • Support configuring provider attestation in cluster config and node-group config
  • Support managing provider attestation configs

spirlctl v0.20.0

Breaking Changes

  • Developer identity commands that were previously available at spirlctl exp unified-access or spirlctl exp trust-domain unified-access are now available at spirlctl exp dev-id and spirlctl exp trust-domain dev-id respectively.
  • Changed the default path the developer identity serve command uses to create the unix domain socket to /tmp/spirl/devid/workload.sock.

Bug Fixes

  • Allows you to ctrl+c when using experimental dev-id.
  • Fix clearing of X.509 customization template for a cluster when running spirlctl cluster config change-x509-template command with empty string template.
  • Fixes an issue where some binaries were not getting the correct version string at build time.

Enhancements

  • spirlctl login will now require the user to perform a code confirmation after authenticating with IDP. This extra step aims to improve the security posture by ensuring the login initiated in the CLI matches the flow completed in the browser.

spirlctl v0.19.0

Bug Fixes

  • Disables local DNS name resolution when connecting through a proxy.

Documentation

  • Fail with an explicit error if arguments are passed to "spirlctl trust-domain deployment list" by mistake, and suggest filtering using flags.

Enhancements

  • Add support for X.509 customization templates for clusters.
  • Adds --agent-endpoint-proxy flag to experimental unified access commands to route those through an HTTP CONNECT proxy.
  • Adds --endpoint-proxy to route requests to SPIRL through an HTTP CONNECT proxy.
  • You are now able to update unified access oidc configs via spirlctl.
  • You are now able to update unified access policies via spirlctl.

spirlctl v0.18.0

  • New command added for accessing audit logs.
  • Federated bundles synced on unified access.
  • Unified access serve command exists now once the SVID has expired.
  • Unified access supports Envoy SDS API.
  • Fixed some unified access management command examples.