v0.4.3

This is a "prerelease" version to enable upstream SPIFFE Helm Charts
integration initiatives. The most significant change is the introduction of a
SPIKE Bootstrap app that is responsible for initializing
SPIKE Nexus. This new approach separates the bootstrapping workflow that
had been inside SPIKE Nexus' initialization workflow before. And that
enables us an opportunity to run SPIKE Nexus in HA mode without designing
elaborate, and potentially error-prone, consensus algorithms.

Added

• FIPS 140.3 Compliance: FIPS is now enabled at build time, and it's
  enforced everywhere. We are using GOFIPS140=v1.0.0, the modern way of
  enabling FIPS, retiring our older boringcrypto implementation.
• spike policy list command can now filter by SPIFFE ID pattern and path
  pattern.
• spike policy command cano now accept a YAML file as input, instead of
  requiring command-line parameters.
• SPIKE Go SDK now has a generator that creates pattern-based, secure,
  randomized secrets.
• Implemented a (currently experimental) "SPIKE Lite" mode where SPIKE Nexus
  would not need a backing store, or policies, and can leverage the storage
  and policy mechanism of S3-compatible object stores (such as Minio). Once
  we fully implement and polish SPIKE Lite, we will also update documentation
  and use cases to allow users to understand the benefits and liabilities of
  SPIKE Lite and why they might want to use one over the other.

Changed

• Better alignment with idiomatic Go practices. SPIKE and SPIKE Go SDK code
  has been refactored to better align with common Go idioms and conventions.
  We also created a make audit target to run style checks and linters that
  enforce a consistent code style and some of these guidelines. make audit
  is also a part of the CI pipeline to ensure that the code is always compliant
  at every commit. In addition make audit also does vulnerability checks.
• BREAKING: SPIKE Nexus now requires a separate initializer (SPIKE Bootstrap)
  to begin its lifecycle. The user guides and relevant documentation have been
  updated to reflect this change.
• Updated Go to the latest version (1.24.6).

Fixed

• Fixed a bug related to Windows builds. SPIKE Nexus, SPIKE Pilot, and SPIKE
  Keeper can now be built as Windows binaries too.
• Various refactorings, improvements, code cleanup, and bug fixes.

---

Below are the generated release notes of every commit since the last release cut:

What's Changed

• rename "msg" with "message" by @v0lkan in #189
• Restify Nexus crypto operations. by @v0lkan in #191
• Add integration test by @kfox1111 in #190
• Add streaming mode and some other checks to encrypt/decrypt. by @v0lkan in #192
• Re-align integration test with newer api by @kfox1111 in #194
• Bump testing dependency by @kfox1111 in #197
• Fix race condition with tests by @kfox1111 in #199
• feat(policy): Add filtering to policy list command by @marikann in #201
• Update policy-related documentation. by @v0lkan in #202
• Add stricter linting. by @v0lkan in #203
• Fix further lints. by @v0lkan in #204
• fixes spike pilot CLI to work in windows. by @v0lkan in #205
• Add @parlakisik as a Codeowner for SPIKE and SPIKE SDK by @v0lkan in #207
• Separate Bootstrap Logic into its own app by @v0lkan in #206

Full Changelog: v0.4.2...v0.4.3