Skip to main content


Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.1.0.

New features

  • New mechanism to override the default Vault configuration by providing a file with custom values. See the custom configuration file and secrets from files guides for more details.
  • Better log visibility to the database connection retry-loop mechanism.
  • The CLI and the REST API now support queries that specify a list of possible values for any property. See the search objects guide for a usage example.
  • You can now specify the object ID (id) in the map of object properties and their values passed to the add object and add objects (bulk) API operations and --fields of the add object CLI command. This enables you to match the ID of an item in Vault with the ID of the item in its source system, and acts as a replacement to the built-in _foreign_id property. This built-in property has been obsoleted.
  • The API now follow common REST standard to support .../objects/:id for accessing an object and distinctly marks .../objects/bulk for operations working on objects. The following API operations are new:
  • New API operation to create a hash of objects: hash-objects

Breaking changes

  • You now determine a tokens' behavior using the type property alone rather than the type, reuse_token_id, and reversible properties, in the tokenize REST API operation and CLI command. The new values for the type property are:

    • deterministic - tokens that are assigned a deterministic ID based on the collection, tokenized object, property values, and scope.
    • pci – tokens that represent property values as they were when the token was created. The token ID reuses the ID of an existing token where both tokens are created on the same collection with the same values and scope. Otherwise, the token ID is randomly assigned.
    • pci_oneway – PCI tokens that cannot be detokenized.
    • pointer – tokens that represent the property values as they are when the request to detokenize is made.
    • randomized – tokens that represent the property values as they were when the token was created. Unlike PCI tokens, for non-format preserving tokens, these tokens are always assigned a unique ID.

    The new types map to the old properties like this:

    New typeOld typereuse_token_idreversible
    * Equivalent to `true` where an existing token was created in the same collection for the same object values and scopes. Otherwise, the equivalent of `false`.
  • The Tokenize REST API operation now accepts a request body consisting of an array of independent tokenization request objects, so you can use it for bulk operations.

  • The Tokenize REST API operation now accepts an input object which defined as one and only one of: id - the ID of an object, fields - property values of an object – coming soon, encrypted - an encrypted object – coming soon.

  • Removed the built-in _foreign_id property.

  • Built-in property _id has been renamed to id.

  • The CLI field match-json has been replaced by query-json for the Search objects command.

  • Removed the get objects property (/api/pvlt/1.0/data/collections/{collection}/properties/{property} (GET)) REST API operation, use get collection property instead.

  • Changed the update object and delete object REST API operations.

  • The internal mechanism for storing API keys and tokens has changed to be more secure.

Known issues and limitations

  • Queries can only match untransformed properties (properties with transformations, such as ssn.mask, are not matched).
  • No pagination is provided for the tokens API operations Search tokens and Detokenize tokens.
  • No pagination is provided for the List objects API operation when retrieving a list of objects using IDs. When requesting a number of objects which exceeds the page size, an error is returned.