Universal encrypted audit archive
Settings, connection logs, and system events can now travel as protected HearthGate archives instead of scattered plain files. Use encrypted exports when the handoff itself needs to stay confidential.
HearthGate 1.8 is live
Encrypted audit archives and restore-safe access state.
HearthGate 1.8 focuses on the evidence layer of secure Mac access: encrypted audit archives, clearer restore warnings, safer SSH configuration changes, and better operator visibility when a backup or key state is incomplete.
Partial backup warnings
If a backup cannot read critical key state such as revocations, limits, or disabled keys, HearthGate marks that export and warns before restore so operators do not mistake a partial archive for a complete one.
Revoked access stays harder to revive
Restore workflows apply stronger checks around revoked and disabled keys, so old access material is less likely to quietly become usable again after a migration or clean install.
Safer SSH policy changes
Managed SSH configuration changes are validated before they are applied, with rollback behavior when the proposed state is not usable. The goal is boring reliability when touching the gateway.
Audit and restore integrity
A backup should not hide what it failed to carry.
Remote-access backups are security objects, not just convenience files. HearthGate 1.8 makes incomplete exports visible, keeps sensitive audit handoffs encrypted when needed, and gives the operator a clearer path before importing state onto the same Mac or a new one.
Protected review
Encrypted .hgaudit export
System events can be exported as a protected archive for review, support handoff, or migration instead of relying only on plain CSV output.
No quiet surprises
Fresh restore context
Restore surfaces can tell you when the source archive was partial, so a missing revocation or key-limit read is no longer invisible at import time.
Forensic trail
Security events with context
Network blocks, releases, key-policy changes, imports, exports, and hook activity are easier to review with the metadata that explains what happened.
Operational examples
What changes in day-to-day use?
The release is deliberately quiet in the UI, but it changes the safety of the workflows teams actually depend on: exporting, restoring, auditing, and recovering access state.
Use case
You export a backup after revoking access
If critical key lifecycle state could not be included, HearthGate records that fact and warns before a future restore. A backup should not silently pretend it is complete.
Use case
You need an audit handoff
Use the encrypted audit archive for sensitive review paths, and keep CSV for quick local inspection when a spreadsheet-friendly view is enough.
Use case
You migrate to a clean Mac
Restore becomes easier to reason about because key state, warning state, and system-event history are surfaced with clearer operator cues.
Security notes
Evidence you can review without exposing internals.
HearthGate 1.8 adds more operator-visible evidence around protected exports, access lifecycle, and configuration safety. The language is useful for security review, while implementation details stay inside the product.
Learn about SILA, the codnamacs security lifecycle frameworkRelease notes at a glance
- Protected audit archives can carry system events for sensitive review, migration, or support workflows.
- Backup exports can surface warnings when critical key lifecycle state could not be read completely.
- Restore workflows can combine source-export warnings with restore-time warnings before the operator proceeds.
- Revoked and disabled key state receives stronger restore-time treatment so old access material is less likely to reappear unexpectedly.
- Managed SSH policy changes are checked before they take effect, with rollback behavior if the proposed state is not usable.
- Security-review touchpoints include audit-event visibility, protected audit information, access enforcement, input validation, and CWE-style restore-resurrection risk reduction.
HearthGate 1.8