Signotaur - v1.2.0.31 Released

Releases Signotaur
1

Hi All,

A new version of Signotaur has been released and is available from Signotaur Downloads. The latest stable version of Signotaur is 1.2.0.31.

Changes in v1.2.0.31

New Features

New Commands

  • Added new config command with subcommands (init, set, get, show, unset, path) to persist defaults in %USERPROFILE%\.signotaur\config.json. Supported settings include server URL, certificate selectors (thumbprint/label/subject), console theme, output encoding, and allowUntrusted. Command-line arguments override environment variables, which override config file values.

  • Added new rotate-key command to rotate API keys with a configurable overlap period (0–30 days). During overlap, both keys remain valid; the old key is automatically revoked at expiry. This enables planned credential rollover with minimal client disruption. A new ApiKeyRotator role controls who can perform rotations.

  • The rotate-key command supports direct output to CI systems like Continua CI server via the --emit-secret option. Alternatively, the --write-key-file or --write-env-file options can be used to update key files with the new API key atomically.

  • Added new auth set-key command which securely stores API keys to files with owner-only permissions. This supports reading keys from stdin or via environment variables. Optional server verification ensures the key is valid before storing. The key file can then be used as input to other commands.

Sign Command

  • Added new --api-key-file option that allows the API key to be provided via a file instead of the command line. Supports both plain-text files and dotenv format.

  • Added new --api-key-name option that specifies a custom environment variable name or key when reading from a dotenv file (default: SIGNOTAUR_API_KEY).

  • Added new --fail-if-expiring-within option that checks API key expiry before signing and fails if the key expires within the specified duration (e.g., 7d, 24h, 1w). Useful for CI/CD pipelines to catch expiring keys early.

  • The SIGNOTAUR_SERVER environment variable can now be used as a fallback for the server URL when --sign-server is not specified.

  • Added new --label option to select certificates by label. When multiple certificates share the same label, the one with the latest expiry is automatically selected, simplifying certificate renewal workflows.

Web UI

  • The certificate page in the Admin section has a new Edit Certificate dialog. This allows editing the certificate alias and also assigning a label to the certificate. The label provides a stable logical identifier as an alternative to thumbprints, so expiring certificates can be replaced without updating client configuration.

  • The Users table in the Admin section has a new Manage API Keys dialog. This allows administrators to select users’ API keys to revoke. The server now tracks when API keys were created and last used, and these details are shown next to each key. Each user can now be assigned to the ApiKeyRotator role in the Edit User Dialog.

  • All revoked and expired API keys can now be cleaned up on the API Keys page in the user’s Profile section of the Web UI.

  • Added name and avatar of current logged-in user to the header.

  • Page sizes for tables with paging can now be set in the configuration file.

Improvements

  • Certificate selection by subject now chooses the certificate with the latest expiry when multiple certificates match, rather than returning an error.

  • Added short option aliases for all command-line options.

  • Certificate selection logging now shows which selector (thumbprint, label, or subject) was used when multiple were provided. Note selection precedence is: thumbprint → label → subject.

  • Added daily limit to configuration file for API key rotations.

  • Now intercepting more Windows error codes to log friendly error messages on client.

  • Client error output is now cleaner, with stack traces only shown in verbose mode.

  • Improvements to database connections and transactions in multiple threading scenarios.

Security Fixes

  • Fixed a vulnerability due to Windows services requiring service paths to be quoted.

  • Added signature verification for client update manifests to prevent tampering by man-in-the-middle attacks.

Bug Fixes

  • Fixed issue with certificate enabled state not being updated correctly without refreshing the page.

  • Fixed paging issue on admin users table.

  • Fixed issue where avatar was not displayed in admin users table.

  • Fixed issue where debug logging would be displayed in some cases when verbose mode was not enabled.

  • Fixed issue where Create User dialog was not cleared on close.

Infrastructure

  • Updated third-party dependencies to the latest stable versions.

  • Updated the .NET runtime to version 10.0.3.

Full change history

Introducing Signotaur

2

This topic was automatically closed after 5 minutes. New replies are no longer allowed.