RubyGems - conjur-cli - Versions diffs - 6.0.1 → 6.2.3 - Mend

conjur-cli 6.0.1 → 6.2.3

Files changed (52) hide show

checksums.yaml +4 -4
data/.github/CODEOWNERS +10 -0
data/.github/ISSUE_TEMPLATE/bug.md +42 -0
data/.github/ISSUE_TEMPLATE/feature_request.md +27 -0
data/.github/PULL_REQUEST_TEMPLATE.md +21 -0
data/.gitleaks.toml +216 -0
data/CHANGELOG.md +63 -209
data/CONTRIBUTING.md +81 -0
data/Jenkinsfile +84 -40
data/LICENSE +202 -0
data/NOTICES.txt +421 -0
data/README.md +285 -41
data/Rakefile +0 -1
data/SECURITY.md +42 -0
data/VERSION +1 -1
data/bin/conjur +3 -1
data/bin/parse-changelog.sh +12 -0
data/build-standalone +42 -3
data/ci/cli-test.sh +5 -1
data/ci/submit-coverage +36 -0
data/ci/test.sh +1 -1
data/conjur-cli.gemspec +15 -13
data/dev/docker-compose.yml +1 -0
data/dev/start.sh +24 -4
data/docker-compose.yml +2 -1
data/features/authorization/resource/check.feature +6 -0
data/features/authorization/resource/exists.feature +10 -3
data/features/hostfactory/tokens.feature +1 -1
data/features/pubkeys/show.feature +0 -4
data/features/step_definitions/authn_steps.rb +1 -1
data/features/step_definitions/cli_steps.rb +0 -19
data/features/step_definitions/overrides.rb +3 -5
data/features/support/env.rb +3 -1
data/features/support/hooks.rb +0 -11
data/lib/conjur/cli.rb +4 -3
data/lib/conjur/command/hosts.rb +1 -1
data/lib/conjur/command/ldap_sync.rb +37 -0
data/lib/conjur/command/rspec/mock_services.rb +7 -1
data/lib/conjur/command/users.rb +5 -1
data/lib/conjur/version.rb +1 -1
data/needs-publishing +28 -0
data/push-image +46 -28
data/spec/authn_spec.rb +4 -4
data/spec/command/authn_spec.rb +2 -2
data/spec/command/hosts_spec.rb +23 -3
data/spec/command/init_spec.rb +37 -27
data/spec/command/ldap_sync_spec.rb +38 -0
data/spec/command/users_spec.rb +13 -0
data/spec/spec_helper.rb +5 -2
data/test.sh +5 -0
metadata +80 -77
data/LICENSE.md +0 -195

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8e1fcb9f16178d7df4bb379b2040f8823399db19540754d87d61b81c8190e24
-  data.tar.gz: 3a36b197de69c0c3e0882eec341e407e0062df0e381e89e5579437344df0e3f6
+  metadata.gz: 2f9205266f63971061682c1413768e43adcaef56cb4c26e644182cdb005d4e77
+  data.tar.gz: a186291efd20d3b04d4ff670b490879a9c8839ac0a1d24672cc924286878137e
 SHA512:
-  metadata.gz: 23a42edf43a99b23b34389ec85333c6198b28790c31d24a8ef9edd83b627af3c3e0a83d5351797e89e4b3b1a0e2d4f5b678491b865533c33a7377c59f17f585f
-  data.tar.gz: 60c0c4ca64efae0bac433aaabe8f19a55245557d847e0d0172bd240acea07e2bb8ae7a5be8f7633fe37fad06bb2c26163ce6cb0f6c5d3992e1f5ca06e1013e1e
+  metadata.gz: a8cc5db1bd5c26343ea8cdce5c17f945a6ce27fb13e2acec3234461e6d5abe4a5e22ab990e4162dbf768a8ce738753b5e3131a3d5d4dc4f00eb693451a2cbea8
+  data.tar.gz: 6eadbec2ee56021b5f84d1a4f0e47352034f7a70295d75dff6cbde8dbe879d80283f856fc6792f6d3080311647b845ac53ae02e5b9c15be824eb7f3c8a29b3d7

data/.github/CODEOWNERS ADDED

@@ -0,0 +1,10 @@
+* @cyberark/community-and-integrations-team @conjurinc/community-and-integrations-team @conjurdemos/community-and-integrations-team
+# Changes to .trivyignore require Security Architect approval
+.trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
+# Changes to .codeclimate.yml require Quality Architect approval
+.codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects
+# Changes to SECURITY.md require Security Architect approval
+SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects

data/.github/ISSUE_TEMPLATE/bug.md ADDED

@@ -0,0 +1,42 @@
+---
+name: Bug
+about: Create a bug report to help us improve
+title: ''
+labels: component/cli, kind/bug
+assignees: ''
+---
+## Summary
+A clear and concise description of what the bug is.
+## Steps to Reproduce
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+## Expected Results
+A clear and concise description of what you expected to happen.
+## Actual Results (including error logs, if applicable)
+A clear and concise description of what actually did happen.
+## Reproducible
+   * [ ] Always
+   * [ ] Sometimes
+   * [ ] Non-Reproducible
+## Version/Tag number
+What version of the product are you running? Any version info that you can share is helpful.
+For example, you might give the version from Docker logs, the Docker tag, a specific download URL,
+the output of the `/info` route, etc.
+## Environment setup
+Can you describe the environment in which this product is running? Is it running on a VM / in a container / in a cloud?
+Which cloud provider? Which container orchestrator (including version)?
+The more info you can share about your runtime environment, the better we may be able to reproduce the issue.
+## Additional Information
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md ADDED

@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: kind/enhancement, component/cli
+assignees: ''
+---
+## Is your feature request related to a problem? Please describe.
+A clear and concise description of what the problem is. Ex. `I would like to see [...] because [...]`.
+Please include the intended use case and what the feature would improve on so that we can prioritize
+the feature accordingly.
+## Describe the solution you would like
+A clear and concise description of what the desired end result(s) would be.
+## Describe alternatives you have considered
+A clear and concise description of any alternative solutions or features that may be related to this that
+you have considered.
+## Additional context
+Add any other context information about the feature request here.

data/.github/PULL_REQUEST_TEMPLATE.md ADDED

@@ -0,0 +1,21 @@
+### What does this PR do?
+- _What's changed? Why were these changes made?_
+- _How should the reviewer approach this PR, especially if manual tests are required?_
+- _Are there relevant screenshots you can add to the PR description?_
+### What ticket does this PR close?
+Resolves #[relevant GitHub issues, eg 76]
+### Checklists
+#### Change log
+- [ ] The CHANGELOG has been updated, or
+- [ ] This PR does not include user-facing changes and doesn't require a CHANGELOG update
+#### Test coverage
+- [ ] This PR includes new unit and integration tests to go with the code changes, or
+- [ ] The changes in this PR do not require tests
+#### Documentation
+- [ ] Docs (e.g. `README`s) were updated in this PR, and/or there is a follow-on issue to update docs, or
+- [ ] This PR does not require updating any documentation

data/.gitleaks.toml ADDED

@@ -0,0 +1,216 @@
+title = "Secretless Broker gitleaks config"
+# This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
+# If GITLEAKS_CONFIG environment variable
+# is set, gitleaks will load configurations from that path. If option --config-path is set, gitleaks will load
+# configurations from that path. Gitleaks does not whitelist anything by default.
+# - https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
+# - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
+[[rules]]
+description = "AWS Client ID"
+regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+tags = ["key", "AWS"]
+[[rules]]
+description = "AWS Secret Key"
+regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+tags = ["key", "AWS"]
+[[rules]]
+description = "AWS MWS key"
+regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+tags = ["key", "AWS", "MWS"]
+[[rules]]
+description = "PKCS8"
+regex = '''-----BEGIN PRIVATE KEY-----'''
+tags = ["key", "PKCS8"]
+[[rules]]
+description = "RSA"
+regex = '''-----BEGIN RSA PRIVATE KEY-----'''
+tags = ["key", "RSA"]
+[[rules]]
+description = "SSH"
+regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
+tags = ["key", "SSH"]
+[[rules]]
+description = "PGP"
+regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
+tags = ["key", "PGP"]
+[[rules]]
+description = "Facebook Secret Key"
+regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+tags = ["key", "Facebook"]
+[[rules]]
+description = "Facebook Client ID"
+regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+tags = ["key", "Facebook"]
+[[rules]]
+description = "Facebook access token"
+regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
+tags = ["key", "Facebook"]
+[[rules]]
+description = "Twitter Secret Key"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
+tags = ["key", "Twitter"]
+[[rules]]
+description = "Twitter Client ID"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
+tags = ["client", "Twitter"]
+[[rules]]
+description = "Github"
+regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
+tags = ["key", "Github"]
+[[rules]]
+description = "LinkedIn Client ID"
+regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
+tags = ["client", "Twitter"]
+[[rules]]
+description = "LinkedIn Secret Key"
+regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
+tags = ["secret", "Twitter"]
+[[rules]]
+description = "Slack"
+regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+tags = ["key", "Slack"]
+[[rules]]
+description = "EC"
+regex = '''-----BEGIN EC PRIVATE KEY-----'''
+tags = ["key", "EC"]
+[[rules]]
+description = "Generic API key"
+regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
+tags = ["key", "API", "generic"]
+[[rules]]
+description = "Generic Secret"
+regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
+tags = ["key", "Secret", "generic"]
+[[rules]]
+description = "Google API key"
+regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+tags = ["key", "Google"]
+[[rules]]
+description = "Google Cloud Platform API key"
+regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
+tags = ["key", "Google", "GCP"]
+[[rules]]
+description = "Google OAuth"
+regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
+tags = ["key", "Google", "OAuth"]
+[[rules]]
+description = "Google OAuth access token"
+regex = '''ya29\.[0-9A-Za-z\-_]+'''
+tags = ["key", "Google", "OAuth"]
+[[rules]]
+description = "Heroku API key"
+regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
+tags = ["key", "Heroku"]
+[[rules]]
+description = "MailChimp API key"
+regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
+tags = ["key", "Mailchimp"]
+[[rules]]
+description = "Mailgun API key"
+regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
+tags = ["key", "Mailgun"]
+[[rules]]
+description = "Password in URL"
+regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
+tags = ["key", "URL", "generic"]
+[[rules]]
+description = "PayPal Braintree access token"
+regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+tags = ["key", "Paypal"]
+[[rules]]
+description = "Picatic API key"
+regex = '''sk_live_[0-9a-z]{32}'''
+tags = ["key", "Picatic"]
+[[rules]]
+description = "Slack Webhook"
+regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
+tags = ["key", "slack"]
+[[rules]]
+description = "Stripe API key"
+regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
+tags = ["key", "Stripe"]
+[[rules]]
+description = "Square access token"
+regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+tags = ["key", "square"]
+[[rules]]
+description = "Square OAuth secret"
+regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+tags = ["key", "square"]
+[[rules]]
+description = "Twilio API key"
+regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
+tags = ["key", "twilio"]
+[whitelist]
+files = [
+#  "(.*?)(jpg|gif|doc|pdf|bin)$",
+  ".gitleaks.toml"
+]
+regexes = [
+  "3a4rb19rpjejr89h6r29kd2fb3808cpy" # sample host API key in test data
+]
+# Additional Examples
+# [[rules]]
+# description = "Generic Key"
+# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
+# entropies = [
+#     "4.1-4.3",
+#     "5.5-6.3",
+# ]
+# entropyROI = "line"
+# filetypes = [".go", ".py", ".c"]
+# tags = ["key"]
+# severity = "8"
+#
+#
+# [[rules]]
+# description = "Generic Key"
+# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
+# entropies = ["4.1-4.3"]
+# filetypes = [".gee"]
+# entropyROI = "line"
+# tags = ["key"]
+# severity = "medium"
+# [[rules]]
+# description = "Any pem file"
+# filetypes = [".key"]
+# tags = ["pem"]
+# severity = "high"

data/CHANGELOG.md CHANGED

@@ -1,209 +1,63 @@
-# 6.0.1
-* Pushes to `cyberark/conjur-cli:5` on DockerHub when tests pass
-* Use SNI when fetching certificate with `conjur init`.
-* Correctly specify dependency versions in gemspec.
-* Allow ActiveSupport v5 as a dependency.
-# 6.0.0
-* Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
-* License changed to Apache 2.0.
-* **Codebase forked: for changes to the 5.x (API [v4][v4-branch]) series, see
-  [CHANGELOG in `v4` branch][v4-changelog]**
-[v4-branch]: https://github.com/cyberark/conjur-cli/tree/v4
-[v4-changelog]: https://github.com/cyberark/conjur-cli/blob/v4/CHANGELOG.md
-# 5.3.0
-* Add `jobs` subcommands for `ldap-sync`.
-* Add `--detach` switch to `now` subcommand.
-* Relax dependency gem versions.
-# 5.2.5
-* Fix behavior of `conjur env` when [policy plugin](https://github.com/conjurinc/conjur-asset-policy) is installed.
-# 5.2.4
-* Fix behavior of `conjur env`, when detecting variables vs literals
-# 5.2.3
-* Disable prompts in bootstrap when there's no tty
-* Bump api-ruby, fixes 404 core bug
-# 5.2.1
-* Fix handling of `ldap-sync` dry-run argument.
-# 5.2.0
-* Add `ldap-sync` management commands (requires Conjur 4.7 or later).
-* Use `CONJUR_AUTHN_TOKEN` as the Conjur access token, if it's available in the environment.
-* `conjurize` will ignore `conjur` cookbook releases that don't have an associated tarball.
-* Pass `--recipe-url` argument to Chef, which is now required.
-# 5.1.2
-* Fix problem finding config files for plugin installation.
-# 5.1.1
-* Global CLI plugin config is now stored in `/opt/conjur/etc/plugins.yml`.
-# 5.0.0
-* **Breaking change** Ruby Policy DSL is now deprecated in favor of
-[new YML policy markup](https://developer.conjur.net/reference/policy-markup.html).
-The existing `policy` subcommand has been moved to the `rubydsl` subcommand.
-The new `policy` command operates on YML policies.
-* Created a new non-Omnibus Debian packaging of the Ruby gems.
-# 4.30.1
-* Fix the `conjur-api` gem dependency version
-# 4.30.0
-* Implementation of `conjur bootstrap` is moved to the API gem, and made extensible.
-* Added new steps to `conjur bootstrap`, including the creation of service identities, and giving `elevate` and `reveal` to the `security_admin` group.
-* `hostfactory create` verifies that the current role is able to admin the host factory group; otherwise, host factory creation will fail.
-# 4.29.0
-* Add `conjur host rotate_api_key` command.
-* Add `conjur version` (as well as `conjur server version`) command to show server version info.
-* Add `conjur server health` and `conjur server info` to display server health and info.
-* Add `conjur version` (as well as `conjur server version`) command to show server version info.
-* Add `conjur server health` and `conjur server info` to display server health and info.
-* Check server version compatibility if exception occurs and command has configured minimum version
-* Add `conjur layer retire` to allow retiring a layer.
-* Add `cidr` commands to `user`, `host`, and `hostfactory token`
-* Move `audit send` and `host factory` commands from plugins into the core CLI
-* Add `variable expire` and `variable expirations` subcommands. Variable expirations is available in version 4.6 of the Conjur server.
-* Add `--json` option to `conjurize` to print the Conjur configuration and host identity as a JSON file
-* Require `--layer` argument to `hostfactory create`, ensure that the owner is an admin of the layer.
-# 4.28.2
-* `--collection` is now optional (with no default) for both `conjur script execute` and `conjur policy load`.
-# 4.28.1
-* Add `--collection` option for `conjur script execute`. Scripts are now portable across environments, like policies.
-# 4.28.0
-* Add `conjur policy retire` to allow retiring a policy.
-* Fix `--as-group` and `--as-role` options for `conjur policy load`. Either can now be used to specify ownership of the policy.
-* Fix `--follow` option for `conjur audit`.
-* Remove support for per-project `.conjurrc` files.
-# 4.27.0
-* New commands `elevate` and `reveal` for execution of privileged commands on Conjur 4.5+.
-# 4.26.0
-* New implementation of bash completions.
-# 4.25.2
-* Fixes a conflict with RVM: Sets `GEM_HOME` and `GEM_PATH to nil.
-# 4.25.1
-* Remove spurious line written to stdout during user creation.
-* Fix up-front permission checking in `conjur bootstrap` so that it will run on a fresh server.
-# 4.25.0
-* A record can be retired to a specific role, in addition to the default behavior of retiring to the `attic` user.
-* Variable can be created with the id only, without becoming interactive.
-* Run `conjur variable create -i -a` to create interactively with annotations.
-* Interactive annotation can be performed on bare resources with `conjur resource annotate -i`.
-* Don't require 'admin' user to bootstrap, prompt to create a new security admin during bootstrap.
-* Check if user privileges are sufficient before running `retire`.
-* Don't revoke a user's access to a record in the middle of retire, because doing so leads to 403 errors later on.
-* Interactive mode of user, group and pubkey creation.
-# 4.24.0
-* Interactive mode for variable creation.
-# 4.23.0
-* Don't check if netrc is world-readable on Windows, since the answer is not reliable.
-* Use new [conjur](https://supermarket.chef.io/cookbooks/conjur) cookbook for conjurize.
-* Fix faulty initialization of plugins list, if it's nil, in the .conjurrc.
-* Log DSL commands to stderr, even if CONJURAPI_LOG is not explicitly configured.
-* In policy DSL, allow creation of records without an explicit `id`. In this case, the current scope is used as the `id`.
-# 4.22.0
-* New 'plugin' subcommand to manage CLI plugins.
-* Configure SSL certificate from Conjur.configuration.
-* Print the error message if there's a problem loading a plugin.
-# 4.21.1
-* Configure trust to the new certificate in `conjur init`, before attempting to contact the Conjur server.
-# 4.21.0
-* Use user cache dir for mimetype cache.
-* Retrieve the whole certificate chain on conjur init.
-# 4.20.1
-* Improve the error reporting.
-# 4.20.0
-* GID manipulation commands.
-# 4.19.0
-* Add command `conjur role graph` for batch retrieval of role relationships.
-# 4.18.5
-* Bump conjur-api version to mime-types problem
-# 4.18.4
-* Revert "Find (and store) credentials by only a hostname as the machine in netrc"
-# 4.18.3
-* Use the latest conjur-ssh cookbook version for conjurize
-# 4.18.2
-* Require a recent version of netrc
-* Complain if netrc is world readable
-* Find (and store) credentials by only a hostname as the machine in netrc
-* Make the command start up faster by lazy loading some gems
-* `authn whoami` will notice if the user is logged in via env vars
-* `conjurize` default conjur-ssh cookbook updated to 1.2.2
-# 4.18.0
-* New `conjurize` command
-* Deprecate the `host enroll` command
-* `variable create` command now takes an optional value for the variable after the variable id
-* Configure "permissive" netrc to allow the `conjur` Unix group to read the `.netrc` or `conjur.identity` file.
-# 4.17.0
-* Support --policy parameter in `conjur env`
-* Bugfix: failures on 'variable retire'
-* Raise a better error in case of missing config
-# 4.16.0
-* Add 'bootstrap' CLI command
-* Raise a better error if conjur env encounters a variable with no value
-# 4.15.0
-* Migration to rspec 3
-* Commands to retire(decommission) variable, host, user, group
-* Bugfix (in some situations `conjur init` logged config file location incorrectly)
+# Changelog
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+## [Unreleased]
+## [6.2.3] - 2020-12-22
+### Fixed
+- The Conjur CLI now raises a proper error when trying to rotate a non-existing
+  user's API key.
+  [cyberark/conjur#979](https://github.com/cyberark/conjur/issues/979)
+## [6.2.2] - 2020-04-02
+### Changed
+- Docker image updated to flatten to a single layer and reduce the image
+  size ([cyberark/conjur-cli#253](https://github.com/cyberark/conjur-cli/issues/253))
+### Fixed
+- CLI image is only updated in DockerHub when the project has a new tag
+  ([cyberark/conjur-cli#270](https://github.com/cyberark/conjur-cli/issues/270))
+### Security
+- Update rake for CVE-2020-8130 ([cyberark/conjur-cli#263](https://github.com/cyberark/conjur-cli/issues/263))
+## [6.2.1] - 2019-05-22
+### Added
+- Pin to xdg gem v2.2.3 due to a [crashing CLI](https://github.com/cyberark/conjur-cli/issues/243).
+## 6.2.0 - 2018-06-22
+### Added
+- Add `ldap-sync` subcommand.
+## 6.1.1 - 0000-00-00
+### Added
+- No longer displaying error stack traces by default when an exception occurs duing CLI initialization (e.g when trying to open a missing conjur certificate file). Stack traces can be enabled for all errors in the CLI by setting the environment variable `GLI_DEBUG=true`.
+## [6.1.0] - 2018-04-09
+### Added
+- Pin dependency 'conjur-api' to '~> 5.1'. This update adds authn-local support to the API. [conjur-api PR #131](https://github.com/cyberark/conjur-api-ruby/pull/131)
+## [6.0.1] - 2018-04-09
+### Added
+- Pushes to `cyberark/conjur-cli:5` on DockerHub when tests pass
+- Use SNI when fetching certificate with `conjur init`.
+- Correctly specify dependency versions in gemspec.
+- Allow ActiveSupport v5 as a dependency.
+## [6.0.0] - 2017-10-13
+### Added
+- Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
+- License changed to Apache 2.0.
+- **Codebase forked: for changes to the 5.x (API [v4](https://github.com/cyberark/conjur-cli/tree/v4)) series, see
+  [CHANGELOG in `v4` branch][v4-changelog](https://github.com/cyberark/conjur-cli/blob/v4/CHANGELOG.md)**
+[Unreleased]: https://github.com/cyberark/conjur-cli/compare/v6.2.3...HEAD
+[6.2.3]: https://github.com/cyberark/conjur-cli/compare/v6.2.2...v6.2.3
+[6.2.2]: https://github.com/cyberark/conjur-cli/compare/v6.2.1...v6.2.2
+[6.2.1]: https://github.com/cyberark/conjur-cli/compare/v6.2.0...v6.2.1
+[6.1.0]: https://github.com/cyberark/conjur-cli/compare/v6.0.1...v6.1.0
+[6.0.1]: https://github.com/cyberark/conjur-cli/compare/v6.0.0...v6.0.1
+[6.0.0]: https://github.com/cyberark/conjur-cli/compare/v5.6.6...v6.0.0