Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.1.0.
New features​
- New mechanism to override the default Vault configuration by providing a file with custom values. See the custom configuration file and secrets from files guides for more details.
- Better log visibility to the database connection retry-loop mechanism.
- The CLI and the REST API now support queries that specify a list of possible values for any property. See the search objects guide for a usage example.
- You can now specify the object ID (
id) in the map of object properties and their values passed to the add object and add objects (bulk) API operations and--fieldsof the add object CLI command. This enables you to match the ID of an item in Vault with the ID of the item in its source system, and acts as a replacement to the built-in_foreign_idproperty. This built-in property has been obsoleted. - The API now follow common REST standard to support
.../objects/:idfor accessing an object and distinctly marks.../objects/bulkfor operations working on objects. The following API operations are new: - New API operation to create a hash of objects: hash-objects
Breaking changes​
You now determine a tokens' behavior using the
typeproperty alone rather than thetype,reuse_token_id, andreversibleproperties, in the tokenize REST API operation and CLI command. The new values for thetypeproperty are:deterministic- tokens that are assigned a deterministic ID based on the collection, tokenized object, property values, and scope.pci– tokens that represent property values as they were when the token was created. The token ID reuses the ID of an existing token where both tokens are created on the same collection with the same values and scope. Otherwise, the token ID is randomly assigned.pci_oneway– PCI tokens that cannot be detokenized.pointer– tokens that represent the property values as they are when the request to detokenize is made.randomized– tokens that represent the property values as they were when the token was created. Unlike PCI tokens, for non-format preserving tokens, these tokens are always assigned a unique ID.
The new types map to the old properties like this:
* Equivalent to `true` where an existing token was created in the same collection for the same object values and scopes. Otherwise, the equivalent of `false`.New typeOld typereuse_token_idreversibledeterministicVALUE* truepciVALUE* truepci_onewayVALUE* falsepointerPOINTERN/A N/A randomizedVALUEfalsetrueThe Tokenize REST API operation now accepts a request body consisting of an array of independent tokenization request objects, so you can use it for bulk operations.
The Tokenize REST API operation now accepts an input object which defined as one and only one of:
id- the ID of an object,fields- property values of an object – coming soon,encrypted- an encrypted object – coming soon.Removed the built-in
_foreign_idproperty.Built-in property
_idhas been renamed toid.The CLI field
match-jsonhas been replaced byquery-jsonfor the Search objects command.Removed the get objects property (
/api/pvlt/1.0/data/collections/{collection}/properties/{property}(GET)) REST API operation, use get collection property instead.Changed the update object and delete object REST API operations.
The internal mechanism for storing API keys and tokens has changed to be more secure.
Known issues and limitations​
- Queries can only match untransformed properties (properties with transformations, such as
ssn.mask, are not matched). - No pagination is provided for the tokens API operations Search tokens and Detokenize tokens.
- No pagination is provided for the List objects API operation when retrieving a list of objects using IDs. When requesting a number of objects which exceeds the page size, an error is returned.