# Changelog > The vpctl command-line tool release history, including new features, fixes, and breaking changes. This changelog records vpctl release notes from an operator's perspective: new commands, new flags, behavior changes, and breaking changes. This changelog doesn't include internal refactors. ## \[0.9.0] - 2026-04-24 ### Added * `secret generate --persist [path]` flag: saves generated values to a file (default: `secrets.import.yaml`) and auto-loads it on subsequent runs so values are reused without regeneration. * `keyType: ca-cert` support in the secret schema: auto-generates a self-signed CA certificate (RSA 4096-bit, 10-year validity period) when no value is provided, so you don't need to manually supply a CA certificate for non-interactive generation. * Alphanumeric-only validation for generated password fields, to prevent special characters, for example, `@`, `!`, from breaking connection strings. This applies to both auto-generated and user-provided values. Set `alphanumeric: false` in the secret schema to opt out for fields that are not used in connection strings. * `deployment.helmChartMode` manifest setting (`"local"` or `"remote"`, defaults to `"local"`): choose between local charts from the release package or remote OCI charts. Existing manifests without this field continue using local charts. * `vpctl artifact sync charts` subcommand to sync OCI Helm charts between registries (mirrors remote charts for air-gapped deployments). * Remote chart support across the `release generate` and `release deploy --format helm` paths, including multi-source ArgoCD `Application` generation (OCI chart source + Git values reference). * Image and chart references in rendered output are rewritten to your target registry during generation (air-gapped deployments). ### Fixed * `secret generate` now re-prompts on invalid input in interactive mode instead of aborting the entire session. * `secret generate` export now correctly base64-encodes fields with `encoding: "base64"` (e.g. licenses), so reimporting preserves the original values instead of corrupting them. * `secret generate` interactive input for `encoding: "base64"` fields (licenses) now uses a multi-line reader, so pasted multiline base64 content works correctly. ### Changed * `secret generate --use-defaults` now writes a `TBD` placeholder for required fields with no default and no auto-generate option, instead of stopping execution. A warning is logged for each such field so you know to replace them before deploying. * Sync recap now lists the specific images and artifacts that failed instead of only showing a count. ## \[0.8.0] - 2026-03-17 ### Added * `oras_artifacts` support in `versions.yaml` for tracking OCI artifact versions alongside Docker images. * `vpctl artifact sync images` subcommand for syncing Docker images between registries. * `vpctl artifact sync oras` subcommand for syncing ORAS artifacts between registries. * `vpctl artifact sync preflight` subcommand: verifies registry authentication by syncing one Docker image and one ORAS artifact, and provides troubleshooting hints if the command fails ### Changed * **Breaking:** `vpctl image sync` renamed to `vpctl artifact sync images` / `vpctl artifact sync oras`. Update any CI scripts that invoke the old command. * **Breaking:** Manifest field `imageSync` renamed to `artifactSync`. Update your `manifest.yaml`. * **Breaking:** `--skip-login` flag removed from `artifact sync images`. Authenticate to source and target registries with `docker login` before running the sync. ## \[0.7.0] - 2026-03-13 ### Added * `vpctl manifest init` command to interactively create a new `manifest.yaml` (replaces `vpctl release init`). * `vpctl manifest validate` command to validate an existing manifest against the embedded CUE schema. * `vpctl manifest schema` command to display the CUE schema and export it for standalone `cue vet` validation. * Manifest validation errors are now more precise: schema constraints, defaults, and cross-field rules are defined in CUE and embedded in the binary. `LoadManifest` now validates manifests automatically during loading. * `authentication.x509` manifest configuration for X509 client certificate authentication. * `logStorage` field on the RustFS infrastructure component to size the log volume PVC independently of data storage. * `configuration.transformations.parallelism` manifest field to control the maximum number of concurrent transformation workflows in Argo Workflows (default: 20). * `exactLength` field in the secret schema to enforce exact value length validation. ### Deprecated * `vpctl release init` is deprecated; use `vpctl manifest init` instead. ### Removed * **Breaking:** `configuration.licensing` manifest section (`FlexLM` and `sdkLicenses`) removed. Parallelism is now controlled by `configuration.transformations.parallelism`. ## \[0.6.0] - 2026-03-03 ### Added * Version compatibility check: `release generate` and `secret generate` now verify that vpctl satisfies the minimum version required by the release package (`compatibility.yaml`). The command blocks execution and displays a clear upgrade message when vpctl is too old. Use `--skip-version-check` to bypass. Dev builds and RC versions are handled gracefully. * `image sync --concurrency` flag: processes multiple images in parallel using a worker pool (default: 1 = sequential). ### Fixed * `vpctl version` no longer prints an irrelevant manifest-not-found warning. ## \[0.5.0] - 2026-02-23 ### Added * `infrastructure` manifest section with sizing profiles (`small`, `medium`, `large`) and per-component resource overrides for MongoDB, PostgreSQL, RabbitMQ, object storage, and Elasticsearch. * `image sync --skip-existing` flag: checks if each image already exists on the target registry (via `docker manifest inspect`) and skips it, to avoid redundant pull an push cycles. * `image sync --cleanup` flag: removes local images (`docker rmi`) after each successful push, to free disk space on CI runners and local machines. ## \[0.4.0] ### Added * `monitoring.logCollection` manifest section to enable or disable Loki + Alloy log collection. * `deployment.argocd` manifest section for ArgoCD deployment defaults (`repoURL`, `pathPrefix`, `destinationServer`, `targetRevision`). CLI flags take precedence over manifest values when you provide both. ### Changed * **Breaking:** Manifest field `docker.images.sourceRepository` renamed to `imageSync.sourceRepository`. ## \[0.3.1] ### Added * Service mesh configuration in the manifest. ### Changed * Traefik configuration moved under the `ingress` manifest section. ## \[0.3.0] ### Added * ArgoCD app-of-apps chart generation support (`release generate --format argocd`). * `release init` command to initialize a new manifest file. * `release uninstall` command to uninstall a release. * RSA private key generation in the secret schema. * `--name` flag on `image sync`, `release generate`, and `release deploy` to filter to a single chart or image. * `--dry-run` flag on `release deploy` and `image sync`. * Default storage class configuration for Kubernetes storage in the manifest. * Network configuration in the manifest. ### Changed * `release pull` now extracts to `./extracted-release` by default. Use `--skip-extract` to skip extraction; use `--extract-dir` to specify a custom extraction directory. Replaces the previous `--extract` flag. * **Breaking:** `release deploy` and `image sync` now execute by default. Use `--dry-run` to preview commands. Previously they printed commands without executing. * `image sync` is now a no-op when the target registry is unset or equals the source registry (`uccmpprivatecloud.azurecr.io`). * Traefik configuration simplified to set up a `LoadBalancer` service with annotations. ## \[0.2.0] No customer-facing changes. (Internal updates to the secret-template format.) ## \[0.1.0] ### Added * Initial release of the vpctl CLI tool. * Application management commands: download, generate, and deploy. * Manifest file support with automatic discovery, searched upward from CWD. * Secret management commands: generate. * Configuration management commands: view, set, and delete. * `version` command.