Skip to main content


Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.0.1.

New features

  • Built-in types now support Normalization according to the Normalization of Built-in Data Types.
  • Custom types can now have Javascript normalization functions.
  • Vault now supports a new BLOB data type for small files.
  • A new .token transformation was added to all built-in types that transform a property to its token.
  • Optimization to tokenization API
  • The Detokenize operation can now return the token metadata using the include_metadata option.
  • Officially supported Postgres version is now 14.5
  • The pvault CLI now passes a trace ID header to the Vault. This trace ID can be viewed when running the CLI with the --verbose flag.
  • Improved logs error message when using bad ARN for AWS KMS
  • Improved logs messages for the database connection issues
    • Preserve the original issue returned from the database (bad credentials, etc.)
    • Debug log for each connection attempt
  • Database connection retry mechanism now stops early for bad credentials errors.
  • The pvault-migrate CLI now works with Vault versions.
  • New CLI options to facilitate the management of the object and token lifecycle: pvault object archive, pvault object restore, pvault token archive, and pvault token restore
  • Documentation improvements

Bug fixes

  • Fix a bug where large collections can't be deleted.
  • Fix an issue where Get License API didn't work when the license expired.
  • Fix an issue that prevented the use of a self-signed TLS certificate.
  • Fix an issue where default values for scope and reversible properties of the Tokenize operation weren't applied.
  • Not-encrypted property of type INTEGER supports the range of int32 instead of int64

Breaking changes

  • Renamed the id parameter from type array to ids.
  • Renamed the object_id parameter from type array to object_ids.
  • Renamed the tag parameter from type array to tags.
  • Renamed the token_id parameter from type array to token_ids.
  • Renamed the ttl query param to expiration_secs.
  • Get Cluster Info API Worker model has modified_at property was renamed to generation_checked_at.
  • GC configuration options grace_period_days was renamed to retention_period_days.
  • The config ttl section was renamed to expiration when used in TOML. Accordingly, the following environment variables were renamed:
  • Delete Object and Delete Token operations now always perform a deletion like the hard_delete option in previous versions.
    • The hard_delete option is now removed.
    • "Soft deletion" is now called "archiving" and is now performed with the Update Object and Update Token operations by modifying the expiration time.
    • In queries, the deleted option was renamed to archived
  • The following OpenAPI changes affect only SDKs that are generated from the OpenAPI:
    • get-objects operation renamed to list-objects.
    • get-all-collections operation renamed to list-collections.
    • list-property-types operation renamed to list-data-types.
    • Schema Definitions names renamed models..
  • The template collection credit_card renamed to credit_cards.
  • Read control operations are now permitted also when the license is expired.
  • pvault-migrate CLI now works with Vault versions rather than the internal migration numbers.

Known issues and limitations

  • Queries can only match untransformed properties (properties with transformations, such as ssn.mask, are not matched).
  • No pagination is provided for the tokens API operations Search tokens and Detokenize tokens.
  • No pagination is provided for the List objects API operation when retrieving a list of objects using IDs. When requesting a number of objects which exceeds the page size, an error is returned.