Skip to main content


Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in this Piiano Vault release.

New features

  • Finer permissions control with three new capabilities: CapObjectsLister, CapObjectsReader and CapObjectsWriter. Use the last two capabilities to allow read or write operations to objects while disallowing the traversal of objects. This is required in many web forms situations. This is not a breaking change. While the previous data access capabilities were removed from the default IAM for new Vaults, they are still fully supported and could be used when applicable.
  • The credit card LUHN check can now be turned off using this environment variable PVAULT_FEATURES_DISABLE_CC_LUHN_CHECK
  • A new environment variable PVAULT_SERVICE_ALLOWED_PCI_HTTP_DESTINATIONS that specifies the allowed destinations for HTTP requests that include PCI data. The environment variable PVAULT_SERVICE_ALLOWED_HTTP_DESTINATIONS allows destinations for other data-types. See HTTP Call Action and environment variable for more information.

Bug fixes

  • Fixed the wrong permissions check for tokenize operation without properties (when tokenizing the entire object).
  • Fixed the failed import when exporting from one cloud provider and importing to another.

Breaking changes

If you are using the tokenize operation without listing which properties to tokenize, review your IAM permissions of that user to ensure that you will not lose access to this operation after upgrade. You require an allow policy that has tokenize in its operation list.