feat: Release v0.22.0

CHANGELOG.md

@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.22.0] - 2026-02-28
+
+### Added
+- Added `MaxTransitKeyNameLength` (255 characters) constraint for transit key names to ensure database compatibility.
+- Added metrics decoration for `transit` and `tokenization` usecases for improved observability.
+- New internal testing helpers and DSN getter functions in the integration test suite.
+
+### Changed
+- Refactored `tokenization` domain models, repositories, and generators (Alphanumeric, Luhn, Numeric) for better maintainability and performance.
+- Reorganized `transit` domain models and added comprehensive unit tests for `TransitKey`.
+- Updated Go version to 1.26.0 in CI workflows and documentation.
+
+### Fixed
+- Corrected `rotate-master-key` CLI flags and documentation in scaling guides.
+- Improved error handling in `transit` cryptographic operations.
+
 ## [0.21.0] - 2026-02-28
 
 ### Added

cmd/app/main.go

@@ -12,7 +12,7 @@ import (
 
 // Build-time version information (injected via ldflags during build).
 var (
-	version   = "v0.21.0" // Semantic version with "v" prefix (e.g., "v0.12.0")
+	version   = "v0.22.0" // Semantic version with "v" prefix (e.g., "v0.12.0")
 	buildDate = "unknown" // ISO 8601 build timestamp
 	commitSHA = "unknown" // Git commit SHA
 )

docs/README.md

@@ -105,7 +105,7 @@ Welcome to the full documentation for Secrets. Pick a path and dive in 🚀
 
 OpenAPI scope note:
 
-- `openapi.yaml` is a baseline subset for common API flows in the current release (v0.20.0, see `docs/metadata.json`)
+- `openapi.yaml` is a baseline subset for common API flows in the current release (v0.22.0, see `docs/metadata.json`)
 - Full endpoint behavior is documented in the endpoint pages under `docs/api/`
 - Tokenization endpoints are included in `openapi.yaml` for the current release
 

docs/api/data/transit.md

@@ -201,7 +201,7 @@ Example decrypt response (`200 OK`):
 
 | Endpoint | 401 | 403 | 404 | 409 | 422 | 429 |
 | --- | --- | --- | --- | --- | --- | --- |
-| `POST /v1/transit/keys` | missing/invalid token | missing `write` capability | - | key name already initialized (`version=1`) | invalid create payload | per-client rate limit exceeded |
+| `POST /v1/transit/keys` | missing/invalid token | missing `write` capability | - | key name already initialized (`version=1`) | invalid create payload (e.g., `name` exceeds `MaxTransitKeyNameLength` constraint) | per-client rate limit exceeded |
 | `POST /v1/transit/keys/:name/rotate` | missing/invalid token | missing `rotate` capability | key name not found | - | invalid rotate payload | per-client rate limit exceeded |
 | `POST /v1/transit/keys/:name/encrypt` | missing/invalid token | missing `encrypt` capability | key name not found | - | `plaintext` missing/invalid base64 | per-client rate limit exceeded |
 | `POST /v1/transit/keys/:name/decrypt` | missing/invalid token | missing `decrypt` capability | key/version not found | - | malformed `<version>:<base64-ciphertext>` | per-client rate limit exceeded |

docs/metadata.json

@@ -1,5 +1,5 @@
 {
-  "current_release": "v0.20.0",
+  "current_release": "v0.22.0",
   "api_version": "v1",
   "last_docs_refresh": "2026-02-28"
 }

docs/openapi.yaml

@@ -2,11 +2,7 @@ openapi: 3.0.3
 info:
   title: Secrets API
   version: v1
-  description: >-
-    Baseline OpenAPI specification for Secrets API v1. This is intentionally concise
-    and focuses on high-traffic endpoints and common payloads. OpenAPI path templates
-    use `{param}` syntax while runtime router/metrics labels may expose `:param` or
-    wildcard forms such as `*path`.
+  description: Lightweight secrets manager for simplicity and security.
 servers:
   - url: http://localhost:8080
     description: Local development

docs/releases/RELEASES.md

@@ -6,10 +6,13 @@ This document contains release notes for all versions of Secrets.
 
 ## 📑 Quick Navigation
 
-**Latest Release**: [v0.19.0](#0190---2026-02-27)
+**Latest Release**: [v0.22.0](#0220---2026-02-28)
 
 **All Releases**:
 
+- [v0.22.0 (2026-02-28)](#0220---2026-02-28) - Metrics, Transit and Tokenization improvements
+- [v0.21.0 (2026-02-28)](#0210---2026-02-28) - CLI command structure refactor
+- [v0.20.0 (2026-02-28)](#0200---2026-02-28) - Go 1.26.0 and doc fixes
 - [v0.19.0 (2026-02-27)](#0190---2026-02-27) - ⚠️ **Breaking Change**: KMS mode required
 
 - [v0.18.0 (2026-02-27)](#0180---2026-02-27) - Repository layer refactoring
@@ -56,6 +59,53 @@ This document contains release notes for all versions of Secrets.
 
 ---
 
+## [0.22.0] - 2026-02-28
+
+### Added
+
+- Added `MaxTransitKeyNameLength` (255 characters) constraint for transit key names to ensure database compatibility.
+- Added metrics decoration for `transit` and `tokenization` usecases for improved observability.
+- New internal testing helpers and DSN getter functions in the integration test suite.
+
+### Changed
+
+- Refactored `tokenization` domain models, repositories, and generators (Alphanumeric, Luhn, Numeric) for better maintainability and performance.
+- Reorganized `transit` domain models and added comprehensive unit tests for `TransitKey`.
+- Updated Go version to 1.26.0 in CI workflows and documentation.
+
+### Fixed
+
+- Corrected `rotate-master-key` CLI flags and documentation in scaling guides.
+- Improved error handling in `transit` cryptographic operations.
+
+---
+
+## [0.21.0] - 2026-02-28
+
+### Added
+
+- Binary releases are now officially supported as a primary installation method.
+
+### Changed
+
+- Refactored CLI command structure: individual command files moved to `cmd/app/commands/` for better maintainability.
+
+---
+
+## [0.20.0] - 2026-02-28
+
+### Added
+
+- Upgraded to Go 1.26.0
+
+### Fixed
+
+- Corrected `verify-audit-logs` CLI documentation for time range validation and output format consistency
+- Fixed documentation for master key rotation to clarify environment variable update workflow
+- Corrected outdated environment variable names and default values in scaling guides
+
+---
+
 ## [0.19.0] - 2026-02-27
 
 ### ⚠️ BREAKING CHANGES

go.mod

@@ -4,10 +4,10 @@ go 1.26.0
 
 require (
 	github.com/allisson/go-env v0.6.0
-	github.com/allisson/go-pwdhash v0.3.1
+	github.com/allisson/go-pwdhash v0.4.0
 	github.com/gin-contrib/cors v1.7.6
 	github.com/gin-contrib/requestid v1.0.5
-	github.com/gin-gonic/gin v1.11.0
+	github.com/gin-gonic/gin v1.12.0
 	github.com/go-sql-driver/mysql v1.9.3
 	github.com/golang-migrate/migrate/v4 v4.19.1
 	github.com/google/uuid v1.6.0
@@ -20,6 +20,7 @@ require (
 	go.opentelemetry.io/otel v1.40.0
 	go.opentelemetry.io/otel/exporters/prometheus v0.62.0
 	go.opentelemetry.io/otel/metric v1.40.0
+	go.opentelemetry.io/otel/sdk v1.40.0
 	go.opentelemetry.io/otel/sdk/metric v1.40.0
 	gocloud.dev v0.44.0
 	gocloud.dev/secrets/hashivault v0.44.0
@@ -58,24 +59,25 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // indirect
 	github.com/aws/smithy-go v1.23.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bytedance/sonic v1.14.0 // indirect
-	github.com/bytedance/sonic/loader v0.3.0 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/ccoveille/go-safecast/v2 v2.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.1 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.27.0 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/wire v0.7.0 // indirect
@@ -108,26 +110,23 @@ require (
 	github.com/prometheus/common v0.67.5 // indirect
 	github.com/prometheus/otlptranslator v1.0.0 // indirect
 	github.com/prometheus/procfs v0.19.2 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
-	github.com/quic-go/quic-go v0.54.0 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.3.0 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
+	go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
 	go.opentelemetry.io/otel/trace v1.40.0 // indirect
-	go.uber.org/mock v0.5.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
-	golang.org/x/arch v0.20.0 // indirect
-	golang.org/x/mod v0.32.0 // indirect
-	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/arch v0.22.0 // indirect
+	golang.org/x/net v0.51.0 // indirect
 	golang.org/x/oauth2 v0.34.0 // indirect
 	golang.org/x/sys v0.41.0 // indirect
 	golang.org/x/text v0.34.0 // indirect
-	golang.org/x/tools v0.41.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
 	google.golang.org/api v0.247.0 // indirect
 	google.golang.org/genproto v0.0.0-20250715232539-7130f93afb79 // indirect