Skip to main content

v0.9.1 - Beta

Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v0.9.1.

New features

  • Docker compose installation now include TLS configuration for Traefik.
  • Updated pagination behaviour in the CLI.
  • The database schema version is now returned with the version API and CLI command.
  • Changes to GC CLI flags and API query params.
  • IAM policies can now specify resource selector for PII type.
  • Bug fix for IAM policy with Allow + Deny combination.
  • Add logs for database connection failure reason.
  • Added support for a seeded local KMS.
  • Objects and tokens now have the same mechanism and API to deal with expiration.

Known issues and limitations

  • Queries can match properties only in their base form (properties without transformations, such as ssn.mask).
  • Some REST API calls do not receive error messages. However, these error messages are printed on the server-side. To view these error messages, use STDOUT or STDERR in Docker. See the Docker article View logs for a container or service for more information on accessing these logs.
  • The maximum length of the property name and description is 450 characters.
  • The maximum length of the value in encrypted and unencrypted string-based properties, including properties using PTypes for email address, SSN, and bank account number, is limited to 450 characters.
  • Encrypted arrays and arrays with mixed elements do not work as expected.
  • Large int64 values may lose their precision.
  • TTL of an object does not affect owned objects, and those may outlive their owner.
  • Deletion of a collection will hard-delete its objects.
  • No pagination for tokens APIs: Get tokens metadata, Detokenization.
  • No pagination for "Get objects by IDs" API. When requesting a number of objects which exceeds the page size (see above), an error is returned.

Breaking changes

  • Environment variables name change:
    • PVAULT_LITE_SELFSIGNED --> PVAULT_TLS_SELFSIGNED
    • PVAULT_LITE_CERT_FILE --> PVAULT_TLS_CERT_FILE
    • PVAULT_LITE_KEY_FILE --> PVAULT_TLS_KEY_FILE
    • PVAULT_LITE_LISTEN_ON_HTTP --> PVAULT_TLS_ENABLE (meaning is inversed)