WHATSNEW: samba-tool domain backup --no-secrets changes

author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Wed, 20 Aug 2025 00:18:53 +0000 (12:18 +1200)

committer Jule Anger <janger@samba.org>

Fri, 22 Aug 2025 15:27:42 +0000 (17:27 +0200)
author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Wed, 20 Aug 2025 00:18:53 +0000 (12:18 +1200)
committer Jule Anger <janger@samba.org>
Fri, 22 Aug 2025 15:27:42 +0000 (17:27 +0200)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 27fae5331d20237a196926828c12bece06ee7fac..20a6160436967d40775a650e46aae5f4d77f7f66 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -32,9 +32,16 @@ Initial version of smb_prometheus_endpoint
  ------------------------------------------
  todo
  
-samba-tool improvements
------------------------
-todo
+samba-tool domain backup --no-secrets avoids confidential attributes
+--------------------------------------------------------------------
+
+The --no-secrets option creates a back-up without secret attributes
+(e.g. passwords), suitable for use in a lab domain. Until now it could
+still contain confidential attributes, including BitLocker recovery
+data and KDS root keys. Objects in the classes msKds-ProvRootKey,
+msFVE-RecoveryInformation, and msTPM-InformationObject will now be
+entirely removed from the backup, as these objects are required by
+schema to have confidential attributes and are no use without them.
  
  CTDB changes
  ------------
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Wed, 20 Aug 2025 00:18:53 +0000 (12:18 +1200)
committer	Jule Anger <janger@samba.org>
	Fri, 22 Aug 2025 15:27:42 +0000 (17:27 +0200)