mostly done. (#188)

Signed-off-by: Volkan Özçelik <[email protected]>

Author: v0lkan

docs-src/content/operations/release.md

@@ -43,9 +43,9 @@ Before every release:
 8. Make sure version numbers in the code are updated to reflect the release:
 
 ```go
-const SpikeNexusVersion = "0.4.1"
-const SpikePilotVersion = "0.4.1"
-const SpikeKeeperVersion = "0.4.1"
+const SpikeNexusVersion = "0.4.2"
+const SpikePilotVersion = "0.4.2"
+const SpikeKeeperVersion = "0.4.2"
 ````
 
 Release process:

docs-src/content/tracking/changelog.md

@@ -12,14 +12,31 @@ sort_by = "weight"
 
 ## Recent
 
+## [0.4.2] - 2025-07-19
+
+### Added
+
 * Ability to configure to not how SPIKE banner on startup.
 * Ability to configure to show a warning if memory locking is not
   available on the system.
 * SPIKE can now be deployed from SPIFFE helm charts. Tested and verified!
-* Moved logging to SPIKE SDK.
+* Documentation updates.
+* SPIKE can be now be installed from [SPIFFE Helm 
+  Charts](https://github.com/spiffe/helm-charts-hardened) and can 
+  [federate secrets across clusters](https://vimeo.com/v0lkan/spike-federation)
+
+### Changed
+
+* Moved logging to SPIKE SDK. VSecM v2 will share the same logging setup.
 * `spike policy` command now accepts file input; you can design your policies
   as `yaml` files and then `spike policy apply -f` them.
 
+### Security
+
+* Fixed [`GHSA-fv92-fjc5-jj9h`: `mapstructure` May Leak Sensitive Information 
+  in Logs When Processing Malformed 
+  Data](https://github.com/spiffe/spike/security/dependabot/6)
+
 ## [0.4.1] - 2025-06-01 (*prerelease*)
 
 ### Added

docs-src/content/tracking/snapshots.md

@@ -17,6 +17,7 @@ The **GitHub** repository contains the latest documentation of **SPIKE** already
 Here are the links to point-in-time documentation snapshots at each release:
 
 * [current](https://github.com/spiffe/spike/tree/main/docs)
+* [v0.4.2](https://github.com/spiffe/spike/tree/v0.4.2/docs)
 * [v0.4.1](https://github.com/spiffe/spike/tree/v0.4.1/docs)
 * [v0.4.0](https://github.com/spiffe/spike/tree/v0.4.0/docs)
 * [v0.3.1](https://github.com/spiffe/spike/tree/v0.3.1/docs)

docs/architecture/adrs/adr-0017/index.html

@@ -755,7 +755,7 @@ <h2 id="decision">Decision</h2>
 <p><strong>Synchronous Persistence</strong>: All database persistence operations will now be
 synchronous.</p>
 <ul>
-<li><strong>Justification</strong>: Since SQLite is sufficiently fast, and we are not seeing
+<li><strong>Justification</strong>: Since SQLite is fast enough, and we are not seeing
 performance bottlenecks at the database level, the simplicity of synchronous
 operations outweighs the potential complexity of maintaining asynchronous
 ones.</li>

docs/architecture/adrs/adr-0021/index.html

@@ -773,7 +773,7 @@ <h2 id="rationale">Rationale</h2>
 <li><strong>Security</strong>: <strong>SPIKE Keeper</strong>s hold only a single shard, which is not
 adequate to regenerate the root key. They are never aware of other
 <strong>SPIKE Keeper</strong>s or the full key. This limits their attack surface.</li>
-<li><strong>Simplicity</strong>: By eliminating configuration and inter-service dependencies,
+<li><strong>Simplicity</strong>: By removing configuration and inter-service dependencies,
 <strong>SPIKE Keeper</strong>s become easy to deploy, replace, and scale.</li>
 <li><strong>Availability</strong>: The polling and rehydration mechanism ensures that
 <em>SPIKE Nexus</em>* can automatically recover lost shards without manual

docs/community/hello/index.html

@@ -748,7 +748,7 @@ <h2 id="empower-our-journey-fist">Empower Our Journey ✊</h2>
 <p><a href="https://github.com/spiffe/spike">⭐️ Star <strong>SPIKE</strong> to show your support</a>.</p>
 <p>Your support enables us to connect with even more individuals through this
 incredible technology.</p>
-<h2 id="thank-you-heart">Thank You ❤️</h2>
+<h2 id="thank-you-red-heart">Thank You ❤️</h2>
 <p>Thanks so much for your interest: It means a lot 🙏</p>
 <hr />
 <ul>

docs/community/presentations/index.html

@@ -751,8 +751,13 @@ <h1 id="presentations-and-demos">Presentations and Demos</h1>
 enhanced starter script, policy-based access control, and metadata support.</li>
 <li><a href="https://vimeo.com/v0lkan/spike-doomsday">Secrets Resiliency with SPIKE: Self-Healing and Doomsday Recovery</a>:<br>
 Secrets management is critical, but what happens when everything fails? In
-this video, we explore SPIKE’s disaster recovery mechanisms, covering both
+this video, we explore <strong>SPIKE</strong>’s disaster recovery mechanisms, covering both
 self-healing capabilities and the manual break-the-glass recovery process.</li>
+<li><a href="https://vimeo.com/v0lkan/spike-federation">Federating Secrets with SPIFFE and SPIKE</a><br>
+In this demo, we show how you can deploy <strong>SPIRE</strong> and <strong>SPIKE</strong> from SPIFFE
+Helm charts. We then establish a multi-cluster secret federation where
+the workload clusters can securely access secrets stored in the management
+cluster.</li>
 </ul>
 <hr />
 <ul>

docs/getting-started/bare-metal/index.html

@@ -932,7 +932,7 @@ <h2 id="configure-local-dns">Configure Local DNS</h2>
 </span><span style="color:#bf616a;">127.0.0.1</span><span> spire.spike.ist
 </span></code></pre>
 <h2 id="starting-spike">Starting SPIKE</h2>
-<p>There is a starter script that combines and automates some of the steps in the
+<p>There is a starter script that combines and automates some steps in the
 following sections. It configures and runs SPIRE Server, SPIRE Agent,
 SPIKE Nexus, and SPIKE Keeper.</p>
 <p>You can run this to start all the required components:</p>
@@ -1068,7 +1068,7 @@ <h2 id="uninstalling-spike">Uninstalling SPIKE</h2>
 are compact, consuming minimal disk space and no resources when inactive. As
 simple executable files, they have no impact on your system’s performance when
 not in use. Therefore, keeping them installed is completely harmless.</p>
-<p>However, if you want to wipe everything out, you can just remove the binaries
+<p>However, if you want to wipe everything out, you can remove the binaries
 and <strong>SPIKE</strong>’s data folder, and that would be it:</p>
 <pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">rm -rf ~</span><span>/.spike
 </span><span style="color:#bf616a;">rm</span><span> spike

docs/getting-started/local-deployment/index.html

@@ -814,7 +814,7 @@ <h2 id="forwarding-the-local-registry">Forwarding the Local Registry</h2>
 </span><span style="color:#65737e;"># Forwarding from 127.0.0.1:5000 -&gt; 5000
 </span><span style="color:#65737e;"># Forwarding from [::1]:5000 -&gt; 5000
 </span></code></pre>
-<p>Leave this terminal open. We will execute the rest of the commands on
+<p>Leave this terminal open. We will execute the rest of the commands in<br />
 a separate terminal window.</p>
 <h2 id="build-container-images-locally">Build Container Images Locally</h2>
 <p>We have a <code>make</code> target to build the container images locally.</p>
@@ -877,7 +877,7 @@ <h2 id="you-are-all-set">You Are All Set</h2>
 about <strong>SPIKE</strong>’s internals, or <a href="https://spike.ist/architecture/" title="SPIKE Architecture">learn more about <strong>SPIKE</strong>’s
 architecture</a> or <a href="https://spike.ist/architecture/security-model/" title="SPIKE Security Model">security model</a>.</p>
 <p>You might also want to try <a href="https://spike.ist/getting-started/bare-metal/" title="SPIKE on Linux">building <strong>SPIKE</strong> on a bare metal
-Linux</a>, if you want to see how <strong>SPIKE</strong> can be used on a bare
+Linux</a> if you want to see how <strong>SPIKE</strong> can be used on a bare
 metal Linux machine without using container orchestration such as <em>Kubernetes</em></p>
 <hr />
 <ul>

docs/operations/production/index.html

@@ -946,7 +946,7 @@ <h3 id="single-tenancy">Single Tenancy</h3>
 <p><strong>SPIKE Nexus</strong> is recommended to be the only main process running on a machine.
 This reduces the risk that another process running on the same
 machine is compromised and can interact with <strong>SPIKE Nexus</strong>.</p>
-<p>In a Kubernetes deployment, you can achieve this with setting up appropriate
+<p>In a Kubernetes deployment, you can achieve this by setting up appropriate
 Node affinity rules.</p>
 <h3 id="user-privileges">User Privileges</h3>
 <ul>
@@ -1250,7 +1250,7 @@ <h3 id="container-specific-hardening">Container-Specific Hardening</h3>
 threats and security best practices. Security configuration should be treated
 as a continuous process rather than a one-time setup.</p>
 <h2 id="conclusion">Conclusion</h2>
-<p>Although <strong>SPIKE</strong> is designed with security best-practices in mind, a
+<p>Although <strong>SPIKE</strong> is designed with security best practices in mind, a
 multi-layer approach focusing on system, process, and network security is
 important when configuring <strong>SPIKE</strong> for production.</p>
 <p>The combination of <strong>mTLS API protection</strong>, <strong>SPIFFE attestation</strong>, and proper