v1.10.2

Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.10.2.

New features

• A new PVAULT_SERVICE_PCI_RESTRICTIONS environment variable was added to enforce PCI regulatory rules in the Vault. These rules apply only to PCI data types. When set to true, the following rules are enforced:
  • CC_CVV data type expiration is enforced to be always less than one hour for all operations. Attempting to create/update a token/object with a longer expiration time will fail with a bad request (400) error code.
  • A global deny policy is dynamically injected to all IAM roles to prevents any read access of the CC_NUMBER data type. Attempting to access CC_NUMBER will fail with 403 error code. Note, this policy affects only Roles used by users. When a role is used internally by the Vault, such as with the http_call action, it would still be possible to use the CC_NUMBER data type in the http_call action.

Logic changes

• The behaviour of PVAULT_SERVICE_ALLOW_ORIGINS environment variable was extended to allow CORS headers for control operations from the browser.
• Update the pvault-migrate CLI to be more graceful when encountering unknown Vault version.

Bug fixes

• Fix a bug where license was reported as new in logs even when being unchanged.
• Fix a bug where the user role was not reported correctly in debug logs.
• Fix a bug where disabling users was not saved correctly in the database and caused anti-tampering signature failures.